[gen] Added method UserWrapper.addRole (add a role programmatically). Added to the LDAP config, a user map allowing to automatically assign roles and groups to ldap-imported users.
This commit is contained in:
Gaetan Delannay
parent
865e6bf08e
commit
982ae08997
|
|
@ -349,6 +349,15 @@ class UserWrapper(AbstractWrapper):
|
||||||
if role not in res: res.append(role)
|
if role not in res: res.append(role)
|
||||||
return res
|
return res
|
||||||
|
|
||||||
|
def addRole(self, role):
|
||||||
|
'''Adds p_role to the user's global roles.'''
|
||||||
|
roles = self.roles
|
||||||
|
if role in roles: return
|
||||||
|
roles = list(roles)
|
||||||
|
roles.append(role)
|
||||||
|
self.roles = roles
|
||||||
|
self.getZopeUser().roles = roles
|
||||||
|
|
||||||
def has_role(self, role, obj=None):
|
def has_role(self, role, obj=None):
|
||||||
'''Has the logged user some p_role? If p_obj is None, check if the user
|
'''Has the logged user some p_role? If p_obj is None, check if the user
|
||||||
has p_role globally; else, check if he has this p_role in the context
|
has p_role globally; else, check if he has this p_role in the context
|
||||||
|
|
|
||||||
|
|
@ -38,6 +38,16 @@ class LdapConfig:
|
||||||
self.scope = 'SUBTREE' # Scope of the search within self.baseDn
|
self.scope = 'SUBTREE' # Scope of the search within self.baseDn
|
||||||
# Is this server connection enabled ?
|
# Is this server connection enabled ?
|
||||||
self.enabled = True
|
self.enabled = True
|
||||||
|
# The "user map" allows to put LDAP users into groups or assign them
|
||||||
|
# roles. This dict will be used every time a local User will be created.
|
||||||
|
# It can be while synchronizing all users (see m_synchronizeUsers
|
||||||
|
# below) or when the user logs in for the first time (see m_getUser
|
||||||
|
# below). This dict will NOT be used subsequently, when updating the
|
||||||
|
# User instance. Every key must be a user login. Every value is an
|
||||||
|
# appy.Object instance having the optional attributes:
|
||||||
|
# "groups": a list of group IDs (logins);
|
||||||
|
# "roles": a list of global role names.
|
||||||
|
self.userMap = {}
|
||||||
|
|
||||||
def getServerUri(self):
|
def getServerUri(self):
|
||||||
'''Returns the complete URI for accessing the LDAP, ie
|
'''Returns the complete URI for accessing the LDAP, ie
|
||||||
|
|
@ -110,6 +120,22 @@ class LdapConfig:
|
||||||
source='ldap', **attrs)
|
source='ldap', **attrs)
|
||||||
if password: user.setPassword(password, log=False)
|
if password: user.setPassword(password, log=False)
|
||||||
status = 'created'
|
status = 'created'
|
||||||
|
# Put him into groups and/or grant him some roles according to
|
||||||
|
# self.userMap.
|
||||||
|
if login in self.userMap:
|
||||||
|
privileges = self.userMap[login]
|
||||||
|
# Put the user in some groups
|
||||||
|
groups = getattr(privileges, 'groups', None)
|
||||||
|
if groups:
|
||||||
|
for groupLogin in groups:
|
||||||
|
group = tool.search1('Group', noSecurity=True,
|
||||||
|
login=groupLogin)
|
||||||
|
group.link('users', user)
|
||||||
|
# Grant him some roles
|
||||||
|
roles = getattr(privileges, 'roles', None)
|
||||||
|
if roles:
|
||||||
|
for role in roles: user.addRole(role)
|
||||||
|
tool.log('%s: automatic privileges set.' % login)
|
||||||
return user, status
|
return user, status
|
||||||
|
|
||||||
def getUser(self, tool, login, password):
|
def getUser(self, tool, login, password):
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue