From 91626923567b921239409dae3b0ccda48480f0cc Mon Sep 17 00:00:00 2001 From: Paul Marillonnet Date: Tue, 26 Sep 2017 11:14:19 +0200 Subject: [PATCH] POC Campus Condorcet : l'etablissement d'un membre que se declare doit etre dans le LDAP --- django/sp_sso/saml/decorators.py | 10 ++++------ django/sp_sso/saml/utils.py | 3 +++ 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/django/sp_sso/saml/decorators.py b/django/sp_sso/saml/decorators.py index 91eda4f..f923899 100644 --- a/django/sp_sso/saml/decorators.py +++ b/django/sp_sso/saml/decorators.py @@ -4,7 +4,7 @@ from django.core.urlresolvers import reverse from django.utils.translation import ugettext_lazy as _ from .utils import ldap_contains_user, saml_collect_data, \ - ldap_get_affectations, render_message + ldap_get_affectations, render_message, ldap_get_code_etablissements from .views import MSG_USERNONE @@ -63,14 +63,12 @@ def user_can_declare(function): if ldap_contains_user(user_data): return render_message(request, MSG_USER_REGISTERED) - affectations = [code for code, _ in ldap_get_affectations()] + etablissements = [code for code, _ in ldap_get_code_etablissements()] try: - affectations.remove(None) # remove extra null entry + etablissements.remove(None) # remove extra null entry except: pass - user_affectations = set([user_data.get('s_etablissement'), - user_data.get('s_entite_affectation')]) - if user_affectations & set(affectations): + if user_data.get('s_etablissement') in etablissements: return function(request, *args, **kwargs) return render_message(request, MSG_STRUCT_NOT_IN_CAMPUS) return wrapped diff --git a/django/sp_sso/saml/utils.py b/django/sp_sso/saml/utils.py index 8854ff3..5dee1a7 100644 --- a/django/sp_sso/saml/utils.py +++ b/django/sp_sso/saml/utils.py @@ -83,6 +83,9 @@ def ldap_get_etablissements(): return ldap_get_attribute_from_subtree_nodes( structures_base, '(objectClass=supannOrg)', 'ou') +def ldap_get_code_etablissements(): + return ldap_get_attribute_from_subtree_nodes( + structures_base, '(objectClass=supannOrg)', 'supannEtablissement') def ldap_get_unites(): """Used to fill the choices in hote_unite form ChoiceField."""