saml2: set user roles from the SAML attribute "role-slug" (#7281)
This commit is contained in:
parent
971787de53
commit
31db8c2613
|
@ -35,6 +35,7 @@ import misc
|
|||
from publisher import get_cfg, get_logger
|
||||
from qommon import template
|
||||
from template import error_page
|
||||
from wcs.roles import Role
|
||||
|
||||
import errors
|
||||
|
||||
|
@ -462,6 +463,23 @@ class Saml2Directory(Directory):
|
|||
user.form_data[field_id] = d[key]
|
||||
logger.info('setting field %s of user %s to value %r', field_id, user.id, d[key])
|
||||
save = True
|
||||
|
||||
# update user roles from role-slug
|
||||
if 'role-slug' in m:
|
||||
role_ids = []
|
||||
names = []
|
||||
for slug in m['role-slug']:
|
||||
role = Role.get_on_index(slug, 'slug', ignore_errors=True)
|
||||
if not role:
|
||||
logger.warn('role slug %s is unknown', slug)
|
||||
continue
|
||||
role_ids.append(str(role.id))
|
||||
names.append(role.name)
|
||||
if set(user.roles) != set(role_ids):
|
||||
user.roles = role_ids
|
||||
logger.info('enrolling user %s in %s', user.id, ', '.join(names))
|
||||
save = True
|
||||
|
||||
if save:
|
||||
user.store()
|
||||
|
||||
|
|
Loading…
Reference in New Issue