saml2: set user roles from the SAML attribute "role-slug" (#7281)

2015-05-19 15:30:54 +02:00 · 2015-05-19 15:30:54 +02:00 · 31db8c2613
parent 971787de53
commit 31db8c2613
1 changed files with 18 additions and 0 deletions
--- a/wcs/qommon/saml2.py
+++ b/wcs/qommon/saml2.py
@ -35,6 +35,7 @@ import misc
 from publisher import get_cfg, get_logger
 from qommon import template
 from template import error_page
+from wcs.roles import Role

 import errors

@ -462,6 +463,23 @@ class Saml2Directory(Directory):
                user.form_data[field_id] = d[key]
                logger.info('setting field %s of user %s to value %r', field_id, user.id, d[key])
                save = True
+
+        # update user roles from role-slug
+        if 'role-slug' in m:
+            role_ids = []
+            names = []
+            for slug in m['role-slug']:
+                role = Role.get_on_index(slug, 'slug', ignore_errors=True)
+                if not role:
+                    logger.warn('role slug %s is unknown', slug)
+                    continue
+                role_ids.append(str(role.id))
+                names.append(role.name)
+            if set(user.roles) != set(role_ids):
+                user.roles = role_ids
+                logger.info('enrolling user %s in %s', user.id, ', '.join(names))
+                save = True
+
        if save:
            user.store()