agent: provision authentication levels along with roles

todo: auth_level doesn't exist for existing roles, either catch the exception, run a migration in order to guarantee that all the roles have auth_level, or use AutoOneToOneField
2019-03-29 11:41:06 +01:00 · 2019-03-29 11:41:06 +01:00 · 726ba2c104
parent 811c05bfd1
commit 726ba2c104
1 changed files with 7 additions and 0 deletions
--- a/hobo/agent/common/management/commands/hobo_notify.py
+++ b/hobo/agent/common/management/commands/hobo_notify.py
@ -129,6 +129,7 @@ class Command(BaseCommand):

    @classmethod
    def provision_role(cls, issuer, action, data, full=False):
+        from mellon.models import AuthenticationLevel
        logger = logging.getLogger(__name__)
        uuids = set()
        for o in data:
@ -153,6 +154,9 @@ class Command(BaseCommand):
                        # Can happen if uuid and name already exist
                        logger.error(u'cannot provision role "%s" (%s)', o['name'], o['uuid'])
                        continue
+                    # TODO move this somewhere else
+                    AuthenticationLevel.objects.get_or_create(
+                            group=role, value=o['auth_level'])
                if not created:
                    save = False
                    if role.name != role_name:
@ -167,6 +171,9 @@ class Command(BaseCommand):
                    if role.details != o.get('details', u''):
                        role.details = o.get('details', u'')
                        save = True
+                    if role.auth_level.value != o['auth_level']:
+                        role.auth_level.value = o['auth_level']
+                        role.auth_level.save()
                    if save:
                        try:
                            with atomic():