add other access roles
This commit is contained in:
parent
d23e5ca30d
commit
6f388a5ee5
|
@ -150,6 +150,7 @@ class Command(BaseCommand):
|
|||
OIDCClient, "ALGO_" + service["idtoken_algo"].upper()
|
||||
)
|
||||
scope = service.get("scope", "")
|
||||
other_access = service.get("other_access", [])
|
||||
oidc_client, created = OIDCClient.objects.get_or_create(
|
||||
slug=service["slug"],
|
||||
ou=ou,
|
||||
|
@ -233,6 +234,26 @@ class Command(BaseCommand):
|
|||
self.info(self.style.SUCCESS("MODIFIED"))
|
||||
else:
|
||||
Role.objects.filter(slug=slug, ou=ou).delete()
|
||||
|
||||
# access role to news, events or directory
|
||||
if len(other_access) > 0:
|
||||
for other in other_access:
|
||||
other_slug = f"{slug}-{other}"
|
||||
other_access_role, created = Role.objects.get_or_create(
|
||||
slug=other_slug, ou=ou, defaults={"name": other_slug}
|
||||
)
|
||||
if not created and other_access_role.slug != slug:
|
||||
access_role.name = other_slug
|
||||
access_role.save()
|
||||
other_oidc_client, created = OIDCClient.objects.get(
|
||||
slug=f"imio-other"
|
||||
)
|
||||
if access_role not in other_oidc_client.authorized_roles.all():
|
||||
other_oidc_client.add_authorized_role(access_role)
|
||||
self.info(
|
||||
self.style.SUCCESS(f"{other_oidc_client.slug} MODIFIED")
|
||||
)
|
||||
|
||||
claims = service.get("claims", DEFAULT_CLAIMS)
|
||||
assert isinstance(claims, list), "claims must be a list of dic"
|
||||
claim_set = set()
|
||||
|
|
Loading…
Reference in New Issue