attributes_ng: restore setting superuser flag (#71855)
This commit is contained in:
parent
5f0c03e32f
commit
8e6a95b6ce
|
@ -101,6 +101,7 @@ default_settings = dict(
|
|||
'authentic2.attributes_ng.sources.function',
|
||||
'authentic2.attributes_ng.sources.django_user',
|
||||
'authentic2.attributes_ng.sources.ldap',
|
||||
'authentic2.attributes_ng.sources.service_roles',
|
||||
),
|
||||
definition='List of attribute backend classes or modules',
|
||||
),
|
||||
|
|
|
@ -0,0 +1,51 @@
|
|||
# authentic2 - versatile identity manager
|
||||
# Copyright (C) 2010-2019 Entr'ouvert
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or modify it
|
||||
# under the terms of the GNU Affero General Public License as published
|
||||
# by the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU Affero General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU Affero General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
from django.utils.translation import gettext_lazy as _
|
||||
|
||||
from authentic2.a2_rbac.models import Role
|
||||
|
||||
from ...decorators import to_list
|
||||
|
||||
|
||||
@to_list
|
||||
def get_instances(ctx):
|
||||
return [None]
|
||||
|
||||
|
||||
@to_list
|
||||
def get_attribute_names(instance, ctx):
|
||||
yield ('is_superuser', 'is_superuser (%s)' % _('role attribute'))
|
||||
|
||||
|
||||
def get_dependencies(instance, ctx):
|
||||
return (
|
||||
'user',
|
||||
'service',
|
||||
)
|
||||
|
||||
|
||||
def get_attributes(instance, ctx):
|
||||
user = ctx.get('user')
|
||||
service = ctx.get('service')
|
||||
if not user or not service:
|
||||
return ctx
|
||||
ctx = ctx.copy()
|
||||
roles = Role.objects.for_user(user).filter(service=service)
|
||||
for service_role in roles:
|
||||
if service_role.is_superuser:
|
||||
ctx['is_superuser'] = True
|
||||
return ctx
|
|
@ -954,10 +954,19 @@ def test_add_attributes_user_ou1_role_ou2(add_attributes_all, user_ou1, role_ou2
|
|||
add_attributes_all.provider.save()
|
||||
|
||||
service_role = Role.objects.create(
|
||||
name='Role of service', slug='role-of-service', ou=ou1, service=add_attributes_all.provider
|
||||
name='Role of service',
|
||||
slug='role-of-service',
|
||||
ou=ou1,
|
||||
service=add_attributes_all.provider,
|
||||
is_superuser=True,
|
||||
)
|
||||
|
||||
user_ou1.roles.add(service_role)
|
||||
|
||||
add_attributes_all.get_definitions.return_value.append(
|
||||
SAMLAttribute(name_format='basic', name='is_superuser', attribute_name='is_superuser'),
|
||||
)
|
||||
|
||||
attributes = add_attributes_all(user_ou1)
|
||||
assert attributes == {
|
||||
'a2_role_names': {'Role of service', 'role_ou2'},
|
||||
|
@ -992,6 +1001,7 @@ def test_add_attributes_user_ou1_role_ou2(add_attributes_all, user_ou1, role_ou2
|
|||
'django_user_password': {'abba0b6ff456806bab66baed93e6d9c4'},
|
||||
'django_user_username': {'john.doe'},
|
||||
'django_user_uuid': {user_ou1.uuid},
|
||||
'is_superuser': {'true'},
|
||||
}
|
||||
|
||||
|
||||
|
|
Loading…
Reference in New Issue