Skip to content
Snippets Groups Projects
Commit ad614958 authored by Art's avatar Art :lizard:
Browse files

Move setup_groups to its own management command, rename GROUPS to PREDEFINED_GROUPS

parent 8ec9f3fd
No related branches found
No related tags found
No related merge requests found
......@@ -34,21 +34,23 @@ SP_SLS_X_FRAME_OPTIONS = None # in case you encounter problems with SLS view no
GROUPS_SAML_ATTRIBUTE = "IDMGroups" # this SAML attribute is expected to contain list of groups for a user
GROUP_RESOLVER = "ssoauth.auth_utils.groups_from_saml2_dn_list" # in case you want to override how groups are resolved for users
GROUPS = getattr(django_settings, "LOCAL_GROUPS", {
PREDEFINED_GROUPS = {
# Predefined groups and the corresponding permissions are here.
# Both groups and permissions are created/updated automatically after applying migrations.
# First, permissions are created:
# - django.contrib.auth is responsible for handling vanilla permissions (mostly model permissions).
# - All other explicitly assigned to groups permissions are automatically created.
# Second, groups are created and/or updated
# Second, groups are created and/or updated.
#
# !IMPORTANT! Group naming:
# - Check the current conventions and/or ask somebody who knows better.
# - At the moment of rewriting this functionality:
# - Give your local groups the same name as the AuthGroup they will be mapped to, e.g. your local group
# for students will be named IDM_Studierende
# - While there is no naming convention for unmapped groups, be kind and keep it sane
})
# Give your local groups the same name as the AuthGroup they will be mapped to
# (e.g. your local group for students will be named IDM_Studierende)
#
# Example:
# {"IDM_Studierende": ["perm_codename", "another_perm_codename"]}
}
"""
Settings you might want to change on development (don't change them for production):
"""
......
......@@ -2,11 +2,9 @@ from django.apps import AppConfig
from django.contrib.auth.management import create_permissions
from django.core import management
from django.db.models.signals import post_migrate
from . import app_settings
from . import logger
from . import sso_utils
from .setup_groups import setup_groups
class SSOAuthConfig(AppConfig):
......@@ -28,7 +26,8 @@ class SSOAuthConfig(AppConfig):
@staticmethod
def post_migrate_callback(*args, **kwargs):
# compatibility groups and permissions
management.call_command("create_compat_groups")
# predefined groups and permissions
create_permissions(*args, **kwargs) # calling create_permissions() before using the permissions
logger.debug("Setting up custom permissions and groups.")
setup_groups()
management.call_command("create_custom_groups")
from django.core.management.base import BaseCommand, CommandError
from django.apps import apps
from django.contrib.auth import get_user_model
from . import app_settings
from . import logger
from ... import app_settings
from ... import logger
def setup_groups():
......@@ -15,7 +16,7 @@ def setup_groups():
ContentType = apps.get_model("contenttypes", "ContentType")
Permission = apps.get_model("auth", "Permission")
for group_name, permission_names in app_settings.GROUPS.items():
for group_name, permission_names in app_settings.PREDEFINED_GROUPS.items():
group, created = Group.objects.get_or_create(name=group_name)
if created:
logger.info("Created group \"{}\"".format(group_name))
......@@ -30,3 +31,16 @@ def setup_groups():
if perm not in group.permissions.all():
group.permissions.add(perm)
logger.info("Added permission \"{}\" to group \"{}\"".format(perm_name, group_name))
class Command(BaseCommand):
help = "Creates groups and permissions, predefined by user in project settings."
requires_migrations_checks = True
requires_system_checks = True
def handle(self, *args, **options):
try:
setup_groups()
except Exception as e:
raise CommandError("Could not ensure that compatibility groups and permissions exist. {0}".format(str(e)))
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment