saml2: remove saml2_use_role feature

Roles are business logic, their management must stay in w.c.s.
2013-10-22 12:18:14 +02:00 · 2013-10-22 12:18:14 +02:00 · 77733384a5
parent 87c64d6a5c
commit 77733384a5
1 changed files with 0 additions and 42 deletions
--- a/extra/modules/saml2.py
+++ b/extra/modules/saml2.py
@ -98,48 +98,6 @@ class Saml2Directory(qommon.saml2.Saml2Directory):
        if d.get('local-admin') == 'true':
            user.is_admin = True

-        # extract roles from assertion attribute named 'role':
-        # - to activate add "saml2_use_role = true"  to your site-options.cfg fie
-        # - only role starting with the prefix AuQuo:: will be considered (the
-        #   compare is case-insensitive) the role string will be split on the
-        #   symbol :: and only the last part will be used as the role name
-        # - if the next to last parts is named backoffice (the compare is
-        #   case-insensitive) the role is given access to the backoffice
-        # - the role prefix can be changed by setting the saml2_role_prefix key
-        #   in the site-options.cfg
-        # - the special role named admin (the compare is case-insensitive)
-        #   gives administrator access to the user
-        if get_publisher().has_site_option('saml2_use_role'):
-            user_roles = []
-            roles = Role.values()
-            role_prefix = get_publisher().get_site_option('saml2_role_prefix') or 'AuQuo::'
-            is_admin = False
-            for full_path in m.get('role', []):
-                role_name_parts = full_path.split('::')
-                role_name = role_name_parts[-1]
-                if len(role_name_parts) < 2:
-                    continue
-                if not full_path.lower().startswith(role_prefix.lower()):
-                    continue
-                if role_name.lower() == 'admin':
-                    is_admin = True
-                    continue
-                allows_backoffice_access = len(role_name_parts) > 2 \
-                        and role_name_parts[-2].lower() == 'backoffice'
-                for role in roles:
-                    if role.name == role_name:
-                        break
-                else:
-                    role = Role()
-                    role.name = role_name
-                    role.store()
-                if role.allows_backoffice_access != allows_backoffice_access:
-                    role.allows_backoffice_access = allows_backoffice_access
-                    role.store()
-                user_roles.append(role.id)
-            user.is_admin = is_admin
-            user.roles = user_roles
-
        if not login.nameIdentifier.content in user.name_identifiers:
            user.name_identifiers.append(login.nameIdentifier.content)
        user.store()