[gen] Added method UserWrapper.addRole (add a role programmatically). Added to the LDAP config, a user map allowing to automatically assign roles and groups to ldap-imported users.

This commit is contained in:
Gaetan Delannay 2014-12-18 13:54:12 +01:00
parent 865e6bf08e
commit 982ae08997
2 changed files with 35 additions and 0 deletions

View file

@ -349,6 +349,15 @@ class UserWrapper(AbstractWrapper):
if role not in res: res.append(role) if role not in res: res.append(role)
return res return res
def addRole(self, role):
'''Adds p_role to the user's global roles.'''
roles = self.roles
if role in roles: return
roles = list(roles)
roles.append(role)
self.roles = roles
self.getZopeUser().roles = roles
def has_role(self, role, obj=None): def has_role(self, role, obj=None):
'''Has the logged user some p_role? If p_obj is None, check if the user '''Has the logged user some p_role? If p_obj is None, check if the user
has p_role globally; else, check if he has this p_role in the context has p_role globally; else, check if he has this p_role in the context

View file

@ -38,6 +38,16 @@ class LdapConfig:
self.scope = 'SUBTREE' # Scope of the search within self.baseDn self.scope = 'SUBTREE' # Scope of the search within self.baseDn
# Is this server connection enabled ? # Is this server connection enabled ?
self.enabled = True self.enabled = True
# The "user map" allows to put LDAP users into groups or assign them
# roles. This dict will be used every time a local User will be created.
# It can be while synchronizing all users (see m_synchronizeUsers
# below) or when the user logs in for the first time (see m_getUser
# below). This dict will NOT be used subsequently, when updating the
# User instance. Every key must be a user login. Every value is an
# appy.Object instance having the optional attributes:
# "groups": a list of group IDs (logins);
# "roles": a list of global role names.
self.userMap = {}
def getServerUri(self): def getServerUri(self):
'''Returns the complete URI for accessing the LDAP, ie '''Returns the complete URI for accessing the LDAP, ie
@ -110,6 +120,22 @@ class LdapConfig:
source='ldap', **attrs) source='ldap', **attrs)
if password: user.setPassword(password, log=False) if password: user.setPassword(password, log=False)
status = 'created' status = 'created'
# Put him into groups and/or grant him some roles according to
# self.userMap.
if login in self.userMap:
privileges = self.userMap[login]
# Put the user in some groups
groups = getattr(privileges, 'groups', None)
if groups:
for groupLogin in groups:
group = tool.search1('Group', noSecurity=True,
login=groupLogin)
group.link('users', user)
# Grant him some roles
roles = getattr(privileges, 'roles', None)
if roles:
for role in roles: user.addRole(role)
tool.log('%s: automatic privileges set.' % login)
return user, status return user, status
def getUser(self, tool, login, password): def getUser(self, tool, login, password):