summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
author <bdauvergne@entrouvert.com>2009-09-21 13:03:55 (GMT)
committer <bdauvergne@entrouvert.com>2009-09-21 13:03:55 (GMT)
commit88d9977c2964f3d8e8604ca71f2ac811e65b98b4 (patch)
tree4b38201d4ccb47761df43952a3e0792a891b298a
parent3b811607485e88ab980d86a3f0761bcf28a903ba (diff)
downloadpratic-88d9977c2964f3d8e8604ca71f2ac811e65b98b4.zip
pratic-88d9977c2964f3d8e8604ca71f2ac811e65b98b4.tar.gz
pratic-88d9977c2964f3d8e8604ca71f2ac811e65b98b4.tar.bz2
* handle global service instance in q_access method of SAML2 handler.
* remove saving of modified service instances (from global services) to prevent shadowing of cdg59metadataURL and cdg59URL from the service definition.
-rw-r--r--idp/extra/modules/directory.py2
-rw-r--r--idp/extra/modules/saml2.py18
2 files changed, 15 insertions, 5 deletions
diff --git a/idp/extra/modules/directory.py b/idp/extra/modules/directory.py
index b044b7e..d3fd103 100644
--- a/idp/extra/modules/directory.py
+++ b/idp/extra/modules/directory.py
@@ -479,7 +479,6 @@ def get_service_instances(collectivity):
if s and s.cdg59isGlobal:
si.cdg59metadataURL = s.cdg59metadataURL
si.cdg59URL = s.cdg59URL
- si.save('cdg59URL','cdg59metadataURL')
return service_instances
@@ -497,7 +496,6 @@ def get_service_instance(collectivity, siid):
if s and s.cdg59isGlobal:
si.cdg59metadataURL = s.cdg59metadataURL
si.cdg59URL = s.cdg59URL
- si.save('cdg59URL','cdg59metadataURL')
return si
diff --git a/idp/extra/modules/saml2.py b/idp/extra/modules/saml2.py
index 2b69363..dc01798 100644
--- a/idp/extra/modules/saml2.py
+++ b/idp/extra/modules/saml2.py
@@ -26,14 +26,27 @@ def check_access_authorizations(provider_key):
accesses = user.get_as_agent().cdg59serviceAccesses or []
for service in service_instances:
+ try:
+ service_type = directory.get_service(service.cdg59serviceType)
+ except KeyError:
+ # ignore service type removed globally
+ continue
+
if not service.cdg59siid in accesses:
continue
- if not service.cdg59metadataURL:
+
+ # handle global services
+ if service.cdg59isGlobal:
+ cdg59metadataURL = service_type.cdg59metadataURL
+ else:
+ cdg59metadataURL = service.cdg59metadataURL
+
+ if not cdg59metadataURL:
continue
try:
klp = [x for x, y in providers.items() if \
- service.cdg59metadataURL == y.get('metadata_url')] [0]
+ cdg59metadataURL == y.get('metadata_url')] [0]
except IndexError:
continue
@@ -41,7 +54,6 @@ def check_access_authorizations(provider_key):
return True
return False
-
class AccessControlSpUI(liberty.saml2.SpUI):