From 6568fba48838a1ab6000531b17229a7ff097bb70 Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne <bdauvergne@entrouvert.com>
Date: Mon, 21 Oct 2013 16:51:18 +0200
Subject: [PATCH 5/6] qommon.ident.idp; allow mapping from SAML 2 attributes
 to user fields

refs #3852
---
 po/fr.po                 |   10 ++++++++++
 wcs/qommon/ident/idp.ptl |   19 ++++++++++++++++++-
 2 files changed, 28 insertions(+), 1 deletion(-)

diff --git a/po/fr.po b/po/fr.po
index 304916d..de3fe48 100644
--- a/po/fr.po
+++ b/po/fr.po
@@ -2956,6 +2956,16 @@ msgstr ""
 "Si aucune règle n'est configuré, le status administrateur n'est jamais attribué. "
 "Le statut est donné si n'importe laquelle des règles est validée."
 
+#: ../wcs/qommon/ident/idp.ptl:311
+msgid "Attribute mapping"
+msgstr "Correspondance des attributs"
+
+#: ../wcs/qommon/ident/idp.ptl:314
+msgid "First row match attribute names, second row is the user field to fill"
+msgstr "La première colonne correspond au nom des attributs, la deuxième au "
+"champ de l'utilisateur à remplir."
+
+
 #: ../wcs/qommon/ident/idp.ptl:292 ../wcs/qommon/ident/idp.ptl:293
 #: ../wcs/qommon/ident/idp.ptl:466 ../wcs/qommon/ident/idp.ptl:467
 msgid "New Identity Provider"
diff --git a/wcs/qommon/ident/idp.ptl b/wcs/qommon/ident/idp.ptl
index d0e84d3..3b58ae1 100644
--- a/wcs/qommon/ident/idp.ptl
+++ b/wcs/qommon/ident/idp.ptl
@@ -278,6 +278,16 @@ class AdminIDPDir(Directory):
         return AdminIDPUI(component)
 
     @classmethod
+    def user_fields_options(self):
+        '''List user formdef fields for the SelectWidget of the attribute
+           mapping setting'''
+        UserClass = get_publisher().user_class
+        options = []
+        for field in UserClass.get_formdef().fields:
+            options.append((str(field.id), field.label))
+        return options
+
+    @classmethod
     def get_form(cls, instance={}):
         form = Form(enctype='multipart/form-data')
         form.add(FileWidget, 'metadata', title = _('Metadata'), required=not instance)
@@ -295,6 +305,13 @@ class AdminIDPDir(Directory):
                 hint=_('First row match attribute names, second is for matching '
                     'attribute value. If no rule is given, admin flag is never '
                     'set. Flag is set if any rule match.'))
+        options = cls.user_fields_options()
+        form.add(WidgetDict, 'attribute-mapping',
+                value=instance.get('attribute-mapping', {}),
+                title=_('Attribute mapping'),
+                element_value_type=SingleSelectWidget,
+                element_value_kwargs={'options': options},
+                hint=_('First row match attribute names, second row is the user field to fill'))
         form.add_submit('submit', _('Submit'))
         return form
 
@@ -360,7 +377,7 @@ class AdminIDPDir(Directory):
             'cacertchain': cacertchain_fn,
             'clientcertificate': clientcertificate_fn,
         }
-        for key in ('hide', 'admin-attributes'):
+        for key in ('hide', 'admin-attributes', 'attribute-mapping'):
             cfg_idp[key_provider_id][key] = form.get_widget(key).parse()
         idp = cfg_idp[key_provider_id]
         p = lasso.Provider(lasso.PROVIDER_ROLE_IDP,
-- 
1.7.10.4