summaryrefslogtreecommitdiff
path: root/src/meetingtools
diff options
context:
space:
mode:
authorLeif Johansson <leifj@sunet.se>2011-04-05 09:47:55 +0200
committerLeif Johansson <leifj@sunet.se>2011-04-05 09:47:55 +0200
commit79383e47a772e7d9197179c2be8e6b66e160806c (patch)
treed1ca9d9bba8027135de8a979ec970e22c79ade09 /src/meetingtools
parentada53ad32e01db69bca2722dc7b836e10b204828 (diff)
duplicate java provisioning filter logic
Diffstat (limited to 'src/meetingtools')
-rw-r--r--src/meetingtools/ac/api.py41
-rw-r--r--src/meetingtools/apps/auth/views.py45
2 files changed, 84 insertions, 2 deletions
diff --git a/src/meetingtools/ac/api.py b/src/meetingtools/ac/api.py
index 679b1ac..bb6847d 100644
--- a/src/meetingtools/ac/api.py
+++ b/src/meetingtools/ac/api.py
@@ -26,7 +26,10 @@ class ACPResult():
self.status = self.et.find('status')
def is_error(self):
- return self.status.get('code') != 'ok'
+ return self.status_code() != 'ok'
+
+ def status_code(self):
+ return self.status.get('code')
def exception(self):
raise ACPException,self.status
@@ -86,4 +89,38 @@ class ACPClient():
result = self.request('login',{'login':username,'password':password})
if result.is_error():
raise result.exception()
- \ No newline at end of file
+
+ def find_or_create_principal(self,key,value,type,dict):
+ result = self.request('principal-list',{'filter-%s' % key: value,'filter-type': type}, True)
+ principal = result.get_principal()
+ if result.is_error():
+ if result.status_code() != 'no_data':
+ result.exception()
+ elif not principal:
+ dict['principal-id'] = principal.get('principal-id')
+
+ update_result = self.request('principal-update',dict)
+ rp = update_result.get_principal()
+ if not rp:
+ rp = principal
+ return principal
+
+ def find_builtin(self,type):
+ result = self.request('principal-list', {'filter-type': type}, True)
+ return result.get_principal()
+
+ def find_group(self,name):
+ result = self.request('principal-list',{'filter-name':name,'filter-type':'group'},True)
+ return result.get_principal()
+
+ def add_remove_member(self,principal_id,group_id,is_member):
+ m = "0"
+ if is_member:
+ m = "1"
+ self.request('group-membership-update',{'group-id': group_id, 'principal-id': principal_id,'is-member':m},True)
+
+ def add_member(self,principal_id,group_id):
+ return self.add_remove_member(principal_id, group_id, True)
+
+ def remove_member(self,principal_id,group_id):
+ return self.add_remove_member(principal_id, group_id, False) \ No newline at end of file
diff --git a/src/meetingtools/apps/auth/views.py b/src/meetingtools/apps/auth/views.py
index 6828ac2..a95a2bd 100644
--- a/src/meetingtools/apps/auth/views.py
+++ b/src/meetingtools/apps/auth/views.py
@@ -10,6 +10,8 @@ from django.views.decorators.cache import never_cache
import logging
from meetingtools.apps.userprofile.models import UserProfile
from meetingtools.multiresponse import redirect_to
+from meetingtools.apps.room.views import _acc_for_user
+from meetingtools.ac import ac_api_client
def meta(request,attr):
v = request.META.get(attr)
@@ -25,6 +27,16 @@ def meta1(request,attr):
else:
return None
+def _localpart(a):
+ if '@' in a:
+ (lp,dp) = a.split('@')
+ a = lp
+ return a
+
+def _is_member_or_employee(affiliations):
+ lpa = map(_localpart,affiliations)
+ return 'student' in lpa or 'staff' in lpa or ('member' in lpa and not 'student' in lpa)
+
def accounts_login_federated(request):
if request.user.is_authenticated():
profile,created = UserProfile.objects.get_or_create(user=request.user)
@@ -68,8 +80,41 @@ def accounts_login_federated(request):
profile.save()
epe = meta(request,'entitlement')
+ # XXX Do we really need thix?
if epe:
request.session['entitlement'] = epe
+
+ affiliations = meta(request,'affiliation')
+
+ acc = _acc_for_user(request.user)
+ connect_api = ac_api_client(request, acc)
+ uid = request.user.username
+ principal = connect_api.find_or_create_principal("login", uid, "user",
+ {'type': "user",
+ 'has-children': "0",
+ 'first-name':fn,
+ 'last-name':ln,
+ 'email':mail,
+ 'login':uid,
+ 'ext-login':uid})
+
+ member_or_employee = _is_member_or_employee(affiliations)
+ for gn in ('live-admins','seminar-admins'):
+ group = connect_api.find_builtin(gn)
+ if group:
+ connect_api.add_remove_member(principal.get('principal-id'),group.get('principal-id'),member_or_employee)
+
+ (lp,domain) = uid.split('@')
+ for a in ('student','employee','member'):
+ affiliation = "%s@%s" % (a,domain)
+ group = connect_api.find_or_create_principal('name',affiliation,'group',{'type': 'group','has-children':'1','name': affiliation})
+ member = affiliation in affiliations
+ connect_api.add_remove_member(principal.get('principal-id'),group.get('principal-id'),member)
+
+ #for e in epe:
+ # group = connect_api.find_or_create_principal('name',e,'group',{'type': 'group','has-children':'1','name': e})
+ # if group:
+ # connect_api.add_remove_member(principal.get('principal-id'),group.get('principal-id'),True)
next = request.session.get("after_login_redirect", None)
if next is not None: