Skip to content
Snippets Groups Projects
Commit bbe9a172 authored by Fynn Becker's avatar Fynn Becker :crab:
Browse files

Add local groups setup

parent 687efd00
No related branches found
No related tags found
No related merge requests found
......@@ -35,6 +35,21 @@ SP_SLS_X_FRAME_OPTIONS = None # in case you encounter problems with SLS view no
GROUPS_SAML_ATTRIBUTE = "IDMGroups" # this SAML attribute is expected to contain list of groups for a user
GROUP_RESOLVER = "ssoauth.auth_utils.groups_from_saml2_dn_list" # in case you want to override how groups are resolved for users
GROUPS = getattr(django_settings, "LOCAL_GROUPS", {
# Predefined groups and the corresponding permissions are here.
# Both groups and permissions are created/updated automatically after applying migrations.
# First, permissions are created:
# - django.contrib.auth is responsible for handling vanilla permissions (mostly model permissions).
# - All other explicitly assigned to groups permissions are automatically created.
# Second, groups are created and/or updated
#
# !IMPORTANT! Group naming:
# - Check the current conventions and/or ask somebody who knows better.
# - At the moment of rewriting this functionality:
# - Give your local groups the same name as the AuthGroup they will be mapped to, e.g. your local group
# for students will be named IDM_Studierende
# - While there is no naming convention for unmapped groups, be kind and keep it sane
})
"""
Settings you might want to change on development (don't change them for production):
"""
......
from django.apps import AppConfig
from django.contrib.auth.management import create_permissions
from django.core import management
from django.db.models.signals import post_migrate
from django import conf
import sys
from . import app_settings
from . import logger
from . import sso_utils
from . import app_settings
from .setup_groups import setup_groups
class SSOAuthConfig(AppConfig):
......@@ -28,4 +29,6 @@ class SSOAuthConfig(AppConfig):
@staticmethod
def post_migrate_callback(*args, **kwargs):
management.call_command("create_compat_groups")
create_permissions(*args, **kwargs) # calling create_permissions() before using the permissions
logger.debug("Setting up custom permissions and groups.")
setup_groups()
from django.apps import apps
from django.contrib.auth import get_user_model
from . import app_settings
from . import logger
def setup_groups():
"""
Creates groups and permissions as specified in your project settings.
"""
# grab the required models
User = get_user_model()
Group = apps.get_model("auth", "Group")
ContentType = apps.get_model("contenttypes", "ContentType")
Permission = apps.get_model("auth", "Permission")
for group_name, permission_names in app_settings.GROUPS.items():
group, created = Group.objects.get_or_create(name=group_name)
if created:
logger.info("Created group \"{}\"".format(group_name))
for perm_name in permission_names:
perm, created = Permission.objects.get_or_create(
codename=perm_name,
name=perm_name,
content_type_id=ContentType.objects.get_for_model(User).id
)
if created:
logger.info("Created permission \"{}\"".format(perm_name))
if perm not in group.permissions.all():
group.permissions.add(perm)
logger.info("Added permission \"{}\" to group \"{}\"".format(perm_name, group_name))
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment