[gen] Added method UserWrapper.addRole (add a role programmatically). Added to the LDAP config, a user map allowing to automatically assign roles and groups to ldap-imported users.

2014-12-18 13:54:12 +01:00 · 2014-12-18 13:54:12 +01:00 · 982ae08997
parent 865e6bf08e
commit 982ae08997
2 changed files with 35 additions and 0 deletions
--- a/gen/wrappers/UserWrapper.py
+++ b/gen/wrappers/UserWrapper.py
@ -349,6 +349,15 @@ class UserWrapper(AbstractWrapper):
                if role not in res: res.append(role)
        return res

+    def addRole(self, role):
+        '''Adds p_role to the user's global roles.'''
+        roles = self.roles
+        if role in roles: return
+        roles = list(roles)
+        roles.append(role)
+        self.roles = roles
+        self.getZopeUser().roles = roles
+
    def has_role(self, role, obj=None):
        '''Has the logged user some p_role? If p_obj is None, check if the user
           has p_role globally; else, check if he has this p_role in the context
--- a/shared/ldap_connector.py
+++ b/shared/ldap_connector.py
@ -38,6 +38,16 @@ class LdapConfig:
        self.scope = 'SUBTREE' # Scope of the search within self.baseDn
        # Is this server connection enabled ?
        self.enabled = True
+        # The "user map" allows to put LDAP users into groups or assign them
+        # roles. This dict will be used every time a local User will be created.
+        # It can be while synchronizing all users (see m_synchronizeUsers
+        # below) or when the user logs in for the first time (see m_getUser
+        # below). This dict will NOT be used subsequently, when updating the
+        # User instance. Every key must be a user login. Every value is an
+        # appy.Object instance having the optional attributes:
+        # "groups": a list of group IDs (logins);
+        # "roles":  a list of global role names.
+        self.userMap = {}

    def getServerUri(self):
        '''Returns the complete URI for accessing the LDAP, ie
@ -110,6 +120,22 @@ class LdapConfig:
                               source='ldap', **attrs)
            if password: user.setPassword(password, log=False)
            status = 'created'
+            # Put him into groups and/or grant him some roles according to
+            # self.userMap.
+            if login in self.userMap:
+                privileges = self.userMap[login]
+                # Put the user in some groups
+                groups = getattr(privileges, 'groups', None)
+                if groups:
+                    for groupLogin in groups:
+                        group = tool.search1('Group', noSecurity=True,
+                                             login=groupLogin)
+                        group.link('users', user)
+                # Grant him some roles
+                roles = getattr(privileges, 'roles', None)
+                if roles:
+                    for role in roles: user.addRole(role)
+                tool.log('%s: automatic privileges set.' % login)
        return user, status

    def getUser(self, tool, login, password):