duplicate java provisioning filter logic

author: Leif Johansson <leifj@sunet.se> 2011-04-05 09:47:55 +0200
committer: Leif Johansson <leifj@sunet.se> 2011-04-05 09:47:55 +0200
commit: 79383e47a772e7d9197179c2be8e6b66e160806c (patch)
tree: d1ca9d9bba8027135de8a979ec970e22c79ade09 /src/meetingtools/apps/auth
parent: ada53ad32e01db69bca2722dc7b836e10b204828 (diff)
1 files changed, 45 insertions, 0 deletions
diff --git a/src/meetingtools/apps/auth/views.py b/src/meetingtools/apps/auth/views.py
index 6828ac2..a95a2bd 100644
--- a/src/meetingtools/apps/auth/views.py
+++ b/src/meetingtools/apps/auth/views.py
@@ -10,6 +10,8 @@ from django.views.decorators.cache import never_cache
 import logging
 from meetingtools.apps.userprofile.models import UserProfile
 from meetingtools.multiresponse import redirect_to
+from meetingtools.apps.room.views import _acc_for_user
+from meetingtools.ac import ac_api_client
 
 def meta(request,attr):
     v = request.META.get(attr)
@@ -25,6 +27,16 @@ def meta1(request,attr):
     else:
         return None
 
+def _localpart(a):
+    if '@' in a:
+        (lp,dp) = a.split('@')
+        a = lp
+    return a
+
+def _is_member_or_employee(affiliations):
+    lpa = map(_localpart,affiliations)
+    return 'student' in lpa or 'staff' in lpa or ('member' in lpa and not 'student' in lpa)
+
 def accounts_login_federated(request):
     if request.user.is_authenticated():
         profile,created = UserProfile.objects.get_or_create(user=request.user)
@@ -68,8 +80,41 @@ def accounts_login_federated(request):
         profile.save()
         
         epe = meta(request,'entitlement')
+        # XXX Do we really need thix?
         if epe:
             request.session['entitlement'] = epe
+
+        affiliations = meta(request,'affiliation')
+
+        acc = _acc_for_user(request.user)
+        connect_api = ac_api_client(request, acc)
+        uid = request.user.username
+        principal = connect_api.find_or_create_principal("login", uid, "user", 
+                                                         {'type': "user",
+                                                          'has-children': "0",
+                                                          'first-name':fn,
+                                                          'last-name':ln,
+                                                          'email':mail,
+                                                          'login':uid,
+                                                          'ext-login':uid})
+        
+        member_or_employee = _is_member_or_employee(affiliations)
+        for gn in ('live-admins','seminar-admins'):
+            group = connect_api.find_builtin(gn)
+            if group:
+                connect_api.add_remove_member(principal.get('principal-id'),group.get('principal-id'),member_or_employee)
+        
+        (lp,domain) = uid.split('@')
+        for a in ('student','employee','member'):
+            affiliation = "%s@%s" % (a,domain)
+            group = connect_api.find_or_create_principal('name',affiliation,'group',{'type': 'group','has-children':'1','name': affiliation})
+            member = affiliation in affiliations
+            connect_api.add_remove_member(principal.get('principal-id'),group.get('principal-id'),member)
+            
+        #for e in epe:
+        #    group = connect_api.find_or_create_principal('name',e,'group',{'type': 'group','has-children':'1','name': e})
+        #    if group:
+        #        connect_api.add_remove_member(principal.get('principal-id'),group.get('principal-id'),True)
             
         next = request.session.get("after_login_redirect", None)
         if next is not None:
author	Leif Johansson <leifj@sunet.se>	2011-04-05 09:47:55 +0200
committer	Leif Johansson <leifj@sunet.se>	2011-04-05 09:47:55 +0200
commit	79383e47a772e7d9197179c2be8e6b66e160806c (patch)
tree	d1ca9d9bba8027135de8a979ec970e22c79ade09 /src/meetingtools/apps/auth
parent	ada53ad32e01db69bca2722dc7b836e10b204828 (diff)