diff options
author | Leif Johansson <leifj@sunet.se> | 2011-04-05 09:47:55 +0200 |
---|---|---|
committer | Leif Johansson <leifj@sunet.se> | 2011-04-05 09:47:55 +0200 |
commit | 79383e47a772e7d9197179c2be8e6b66e160806c (patch) | |
tree | d1ca9d9bba8027135de8a979ec970e22c79ade09 /src | |
parent | ada53ad32e01db69bca2722dc7b836e10b204828 (diff) |
duplicate java provisioning filter logic
Diffstat (limited to 'src')
-rw-r--r-- | src/meetingtools/ac/api.py | 41 | ||||
-rw-r--r-- | src/meetingtools/apps/auth/views.py | 45 |
2 files changed, 84 insertions, 2 deletions
diff --git a/src/meetingtools/ac/api.py b/src/meetingtools/ac/api.py index 679b1ac..bb6847d 100644 --- a/src/meetingtools/ac/api.py +++ b/src/meetingtools/ac/api.py @@ -26,7 +26,10 @@ class ACPResult(): self.status = self.et.find('status') def is_error(self): - return self.status.get('code') != 'ok' + return self.status_code() != 'ok' + + def status_code(self): + return self.status.get('code') def exception(self): raise ACPException,self.status @@ -86,4 +89,38 @@ class ACPClient(): result = self.request('login',{'login':username,'password':password}) if result.is_error(): raise result.exception() -
\ No newline at end of file + + def find_or_create_principal(self,key,value,type,dict): + result = self.request('principal-list',{'filter-%s' % key: value,'filter-type': type}, True) + principal = result.get_principal() + if result.is_error(): + if result.status_code() != 'no_data': + result.exception() + elif not principal: + dict['principal-id'] = principal.get('principal-id') + + update_result = self.request('principal-update',dict) + rp = update_result.get_principal() + if not rp: + rp = principal + return principal + + def find_builtin(self,type): + result = self.request('principal-list', {'filter-type': type}, True) + return result.get_principal() + + def find_group(self,name): + result = self.request('principal-list',{'filter-name':name,'filter-type':'group'},True) + return result.get_principal() + + def add_remove_member(self,principal_id,group_id,is_member): + m = "0" + if is_member: + m = "1" + self.request('group-membership-update',{'group-id': group_id, 'principal-id': principal_id,'is-member':m},True) + + def add_member(self,principal_id,group_id): + return self.add_remove_member(principal_id, group_id, True) + + def remove_member(self,principal_id,group_id): + return self.add_remove_member(principal_id, group_id, False)
\ No newline at end of file diff --git a/src/meetingtools/apps/auth/views.py b/src/meetingtools/apps/auth/views.py index 6828ac2..a95a2bd 100644 --- a/src/meetingtools/apps/auth/views.py +++ b/src/meetingtools/apps/auth/views.py @@ -10,6 +10,8 @@ from django.views.decorators.cache import never_cache import logging from meetingtools.apps.userprofile.models import UserProfile from meetingtools.multiresponse import redirect_to +from meetingtools.apps.room.views import _acc_for_user +from meetingtools.ac import ac_api_client def meta(request,attr): v = request.META.get(attr) @@ -25,6 +27,16 @@ def meta1(request,attr): else: return None +def _localpart(a): + if '@' in a: + (lp,dp) = a.split('@') + a = lp + return a + +def _is_member_or_employee(affiliations): + lpa = map(_localpart,affiliations) + return 'student' in lpa or 'staff' in lpa or ('member' in lpa and not 'student' in lpa) + def accounts_login_federated(request): if request.user.is_authenticated(): profile,created = UserProfile.objects.get_or_create(user=request.user) @@ -68,8 +80,41 @@ def accounts_login_federated(request): profile.save() epe = meta(request,'entitlement') + # XXX Do we really need thix? if epe: request.session['entitlement'] = epe + + affiliations = meta(request,'affiliation') + + acc = _acc_for_user(request.user) + connect_api = ac_api_client(request, acc) + uid = request.user.username + principal = connect_api.find_or_create_principal("login", uid, "user", + {'type': "user", + 'has-children': "0", + 'first-name':fn, + 'last-name':ln, + 'email':mail, + 'login':uid, + 'ext-login':uid}) + + member_or_employee = _is_member_or_employee(affiliations) + for gn in ('live-admins','seminar-admins'): + group = connect_api.find_builtin(gn) + if group: + connect_api.add_remove_member(principal.get('principal-id'),group.get('principal-id'),member_or_employee) + + (lp,domain) = uid.split('@') + for a in ('student','employee','member'): + affiliation = "%s@%s" % (a,domain) + group = connect_api.find_or_create_principal('name',affiliation,'group',{'type': 'group','has-children':'1','name': affiliation}) + member = affiliation in affiliations + connect_api.add_remove_member(principal.get('principal-id'),group.get('principal-id'),member) + + #for e in epe: + # group = connect_api.find_or_create_principal('name',e,'group',{'type': 'group','has-children':'1','name': e}) + # if group: + # connect_api.add_remove_member(principal.get('principal-id'),group.get('principal-id'),True) next = request.session.get("after_login_redirect", None) if next is not None: |