1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
|
'''
Created on Jun 23, 2010
@author: leifj
'''
from django.shortcuts import get_object_or_404
from coip.apps.membership.models import Membership, add_member, remove_member
from coip.multiresponse import render403, respond_to
from django.contrib.auth.models import User
from coip.apps.name.models import Name, lookup
from django.http import HttpResponseRedirect
from django.core.exceptions import ObjectDoesNotExist
from coip.apps.entity.models import Entity
from django.contrib.auth.decorators import login_required
from coip.apps.membership.forms import MembershipForm
from coip.settings import METADATA
from lxml import etree
from pprint import pprint
def show(request,id):
membership = get_object_or_404(Membership,pk=id)
name = membership.name
if not name.has_permission(request.user,'r'):
return render403(request,"You do not have permission to view membership information for %s" % (name))
return respond_to(request,
{'text/html': 'apps/membership/membership.html'},
{'membership': membership})
def import_metadata():
doc = etree.parse(METADATA)
ns = {'md': 'urn:oasis:names:tc:SAML:2.0:metadata',
'xml': 'http://www.w3.org/XML/1998/namespace'}
for e in doc.xpath("md:EntityDescriptor",namespaces=ns):
entityId = e.get('entityID')
display = entityId
x = e.xpath("md:OrganizationDisplayName",namespaces=ns)
if x:
display = x[0]
(entity,created) = Entity.objects.get_or_create(entityId=entityId)
save = created
if created:
entity.type = Entity.OTHER
x = e.xpath("md:SPSSODescriptor",namespaces=ns)
if x:
type = Entity.SP
x = e.xpath("md:IDPSSODescriptor",namespaces=ns)
if x:
type = Entity.IDP
if type != entity.type:
entity.type = type
save = True
if display != entity.display_name:
entity.display_name = display
save = True
if save:
entity.save()
anyuser = lookup("system:anyuser")
anyentity = lookup("system:anyentity",True)
anyentity.setacl(anyuser, "rl")
anysp = lookup("system:anysp",True)
anysp.setacl(anyuser, "rl")
anyidp = lookup("system:anyidp",True)
anyidp.setacl(anyuser, "rl")
add_member(anyentity,entity)
if entity.type == Entity.SP:
add_member(anysp,entity)
if entity.type == Entity.IDP:
add_member(anyidp,entity)
@login_required
def join(request,id,membername=None):
name = get_object_or_404(Name,pk=id)
if not name.has_permission(request.user,'i'):
return render403(request,"You do not have permission to add members to %s" % (name))
if request.method == "POST":
m = Membership(name=name,enabled=True)
form = MembershipForm(request.POST,instance=m)
if form.is_valid():
if form.cleaned_data.has_key('user'):
add_member(name,form.cleaned_data['user'])
elif form.cleaned_data.has_key('entity'):
add_member(name,form.cleaned_data['entity'])
else:
raise Exception,"Bad form state - should not happen at all!"
return HttpResponseRedirect(name.url())
else:
return respond_to(request,
{'text/html': 'apps/membership/edit.html'},
{'form': form,'name': name, 'formtitle': 'Add a member to %s' % name.short})
else:
if membername:
try:
member = User.objects.get(username=membername)
except ObjectDoesNotExist:
member = Entity.objects.get(entityId=name)
add_member(name, member)
return HttpResponseRedirect(name.url())
else:
form = MembershipForm()
import_metadata()
return respond_to(request,
{'text/html': 'apps/membership/edit.html'},
{'form': form,'name': name, 'formtitle': 'Add a member to %s' % name.short})
@login_required
def leave(request,id,membername=None):
name = get_object_or_404(Name,pk=id)
if membername:
try:
member = User.objects.get(username=membername)
except ObjectDoesNotExist:
member = Entity.objects.get(entityId=name)
remove_member(name, member)
return HttpResponseRedirect(name.url())
|