summaryrefslogtreecommitdiffstats
path: root/django/sp_sso/saml/decorators.py
diff options
context:
space:
mode:
Diffstat (limited to 'django/sp_sso/saml/decorators.py')
-rw-r--r--django/sp_sso/saml/decorators.py16
1 files changed, 16 insertions, 0 deletions
diff --git a/django/sp_sso/saml/decorators.py b/django/sp_sso/saml/decorators.py
index 518ee87..91eda4f 100644
--- a/django/sp_sso/saml/decorators.py
+++ b/django/sp_sso/saml/decorators.py
@@ -18,6 +18,10 @@ MSG_USER_NOT_REGISTERED = _("Please register to the campus before sending "
"invites.")
def user_not_in_ldap(function):
+ """
+ Restricts access to users whose eduPersonPrincipalName attribute value
+ doesn't appear in a ou=people sub-entry in the Campus LDAP.
+ """
def wrapped(request, *args, **kwargs):
if 'type' in kwargs and kwargs['type'] == 'mellon':
user_data = saml_collect_data(request)
@@ -28,6 +32,10 @@ def user_not_in_ldap(function):
return wrapped
def user_in_ldap(function):
+ """
+ Restricts access to users whose eduPersonPrincipalName attribute value
+ appear in a `ou=people...` sub-entry in the Campus LDAP.
+ """
def wrapped(request, *args, **kwargs):
if not 'mellon_session' in request.session:
return redirect(reverse('auth_login') + "?next=/invite/")
@@ -39,6 +47,14 @@ def user_in_ldap(function):
return wrapped
def user_can_declare(function):
+ """
+ Ensure that all conditions are met for a user to self-subscribe to the
+ Campus. At the moment, these two conditions are:
+ - the user's EduPersonPrincipalName attribute value mustn't appear in the
+ Campus LDAP base
+ - the user's institution or research unit should appear as registered
+ structures in the Campus LDAP base
+ """
def wrapped(request, *args, **kwargs):
if not request.session.get('mellon_session'):
return redirect(reverse('auth_login') + '?next=/declare/')