Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
ssoauth
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Wiki
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Deploy
Releases
Container registry
Model registry
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
GitLab community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
django
ssoauth
Commits
bbe9a172
Commit
bbe9a172
authored
7 years ago
by
Fynn Becker
Browse files
Options
Downloads
Patches
Plain Diff
Add local groups setup
parent
687efd00
No related branches found
No related tags found
No related merge requests found
Changes
3
Show whitespace changes
Inline
Side-by-side
Showing
3 changed files
ssoauth/app_settings/defaults.py
+15
-0
15 additions, 0 deletions
ssoauth/app_settings/defaults.py
ssoauth/apps.py
+7
-4
7 additions, 4 deletions
ssoauth/apps.py
ssoauth/setup_groups.py
+32
-0
32 additions, 0 deletions
ssoauth/setup_groups.py
with
54 additions
and
4 deletions
ssoauth/app_settings/defaults.py
+
15
−
0
View file @
bbe9a172
...
...
@@ -35,6 +35,21 @@ SP_SLS_X_FRAME_OPTIONS = None # in case you encounter problems with SLS view no
GROUPS_SAML_ATTRIBUTE
=
"
IDMGroups
"
# this SAML attribute is expected to contain list of groups for a user
GROUP_RESOLVER
=
"
ssoauth.auth_utils.groups_from_saml2_dn_list
"
# in case you want to override how groups are resolved for users
GROUPS
=
getattr
(
django_settings
,
"
LOCAL_GROUPS
"
,
{
# Predefined groups and the corresponding permissions are here.
# Both groups and permissions are created/updated automatically after applying migrations.
# First, permissions are created:
# - django.contrib.auth is responsible for handling vanilla permissions (mostly model permissions).
# - All other explicitly assigned to groups permissions are automatically created.
# Second, groups are created and/or updated
#
# !IMPORTANT! Group naming:
# - Check the current conventions and/or ask somebody who knows better.
# - At the moment of rewriting this functionality:
# - Give your local groups the same name as the AuthGroup they will be mapped to, e.g. your local group
# for students will be named IDM_Studierende
# - While there is no naming convention for unmapped groups, be kind and keep it sane
})
"""
Settings you might want to change on development (don
'
t change them for production):
"""
...
...
This diff is collapsed.
Click to expand it.
ssoauth/apps.py
+
7
−
4
View file @
bbe9a172
from
django.apps
import
AppConfig
from
django.contrib.auth.management
import
create_permissions
from
django.core
import
management
from
django.db.models.signals
import
post_migrate
from
django
import
conf
import
sy
s
from
.
import
app_setting
s
from
.
import
logger
from
.
import
sso_utils
from
.
import
app_setting
s
from
.
setup_groups
import
setup_group
s
class
SSOAuthConfig
(
AppConfig
):
...
...
@@ -28,4 +29,6 @@ class SSOAuthConfig(AppConfig):
@staticmethod
def
post_migrate_callback
(
*
args
,
**
kwargs
):
management
.
call_command
(
"
create_compat_groups
"
)
create_permissions
(
*
args
,
**
kwargs
)
# calling create_permissions() before using the permissions
logger
.
debug
(
"
Setting up custom permissions and groups.
"
)
setup_groups
()
This diff is collapsed.
Click to expand it.
ssoauth/setup_groups.py
0 → 100644
+
32
−
0
View file @
bbe9a172
from
django.apps
import
apps
from
django.contrib.auth
import
get_user_model
from
.
import
app_settings
from
.
import
logger
def
setup_groups
():
"""
Creates groups and permissions as specified in your project settings.
"""
# grab the required models
User
=
get_user_model
()
Group
=
apps
.
get_model
(
"
auth
"
,
"
Group
"
)
ContentType
=
apps
.
get_model
(
"
contenttypes
"
,
"
ContentType
"
)
Permission
=
apps
.
get_model
(
"
auth
"
,
"
Permission
"
)
for
group_name
,
permission_names
in
app_settings
.
GROUPS
.
items
():
group
,
created
=
Group
.
objects
.
get_or_create
(
name
=
group_name
)
if
created
:
logger
.
info
(
"
Created group
\"
{}
\"
"
.
format
(
group_name
))
for
perm_name
in
permission_names
:
perm
,
created
=
Permission
.
objects
.
get_or_create
(
codename
=
perm_name
,
name
=
perm_name
,
content_type_id
=
ContentType
.
objects
.
get_for_model
(
User
).
id
)
if
created
:
logger
.
info
(
"
Created permission
\"
{}
\"
"
.
format
(
perm_name
))
if
perm
not
in
group
.
permissions
.
all
():
group
.
permissions
.
add
(
perm
)
logger
.
info
(
"
Added permission
\"
{}
\"
to group
\"
{}
\"
"
.
format
(
perm_name
,
group_name
))
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment