From 6f388a5ee51bcb192aec9ff005a4f8ffcf34e17e Mon Sep 17 00:00:00 2001 From: Benoit Suttor Date: Wed, 6 Oct 2021 16:11:45 +0200 Subject: [PATCH] add other access roles --- .../management/commands/wc-base-import.py | 21 +++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/src/authentic2_wallonie_connect/management/commands/wc-base-import.py b/src/authentic2_wallonie_connect/management/commands/wc-base-import.py index 3c3c8cd..8b3f988 100644 --- a/src/authentic2_wallonie_connect/management/commands/wc-base-import.py +++ b/src/authentic2_wallonie_connect/management/commands/wc-base-import.py @@ -150,6 +150,7 @@ class Command(BaseCommand): OIDCClient, "ALGO_" + service["idtoken_algo"].upper() ) scope = service.get("scope", "") + other_access = service.get("other_access", []) oidc_client, created = OIDCClient.objects.get_or_create( slug=service["slug"], ou=ou, @@ -233,6 +234,26 @@ class Command(BaseCommand): self.info(self.style.SUCCESS("MODIFIED")) else: Role.objects.filter(slug=slug, ou=ou).delete() + + # access role to news, events or directory + if len(other_access) > 0: + for other in other_access: + other_slug = f"{slug}-{other}" + other_access_role, created = Role.objects.get_or_create( + slug=other_slug, ou=ou, defaults={"name": other_slug} + ) + if not created and other_access_role.slug != slug: + access_role.name = other_slug + access_role.save() + other_oidc_client, created = OIDCClient.objects.get( + slug=f"imio-other" + ) + if access_role not in other_oidc_client.authorized_roles.all(): + other_oidc_client.add_authorized_role(access_role) + self.info( + self.style.SUCCESS(f"{other_oidc_client.slug} MODIFIED") + ) + claims = service.get("claims", DEFAULT_CLAIMS) assert isinstance(claims, list), "claims must be a list of dic" claim_set = set()