2 files changed, 84 insertions, 2 deletions
diff --git a/src/meetingtools/ac/api.py b/src/meetingtools/ac/api.py
index 679b1ac..bb6847d 100644
--- a/src/meetingtools/ac/api.py
+++ b/src/meetingtools/ac/api.py
@@ -26,7 +26,10 @@ class ACPResult():
         self.status = self.et.find('status')
         
     def is_error(self):
-        return self.status.get('code') != 'ok'
+        return self.status_code() != 'ok'
+
+    def status_code(self):
+        return self.status.get('code')
 
     def exception(self):
         raise ACPException,self.status
@@ -86,4 +89,38 @@ class ACPClient():
         result = self.request('login',{'login':username,'password':password})
         if result.is_error():
             raise result.exception()
-    
-\ No newline at end of file
+    
+    def find_or_create_principal(self,key,value,type,dict):
+        result = self.request('principal-list',{'filter-%s' % key: value,'filter-type': type}, True)
+        principal = result.get_principal()
+        if result.is_error():
+            if result.status_code() != 'no_data':
+                result.exception()
+        elif not principal:
+            dict['principal-id'] = principal.get('principal-id')
+        
+        update_result = self.request('principal-update',dict)
+        rp = update_result.get_principal()
+        if not rp:
+            rp = principal
+        return principal
+    
+    def find_builtin(self,type):
+        result = self.request('principal-list', {'filter-type': type}, True)
+        return result.get_principal()
+    
+    def find_group(self,name):
+        result = self.request('principal-list',{'filter-name':name,'filter-type':'group'},True)
+        return result.get_principal()
+    
+    def add_remove_member(self,principal_id,group_id,is_member):
+        m = "0"
+        if is_member:
+            m = "1"
+        self.request('group-membership-update',{'group-id': group_id, 'principal-id': principal_id,'is-member':m},True)
+        
+    def add_member(self,principal_id,group_id):
+        return self.add_remove_member(principal_id, group_id, True)
+    
+    def remove_member(self,principal_id,group_id):
+        return self.add_remove_member(principal_id, group_id, False)
+\ No newline at end of file
diff --git a/src/meetingtools/apps/auth/views.py b/src/meetingtools/apps/auth/views.py
index 6828ac2..a95a2bd 100644
--- a/src/meetingtools/apps/auth/views.py
+++ b/src/meetingtools/apps/auth/views.py
@@ -10,6 +10,8 @@ from django.views.decorators.cache import never_cache
 import logging
 from meetingtools.apps.userprofile.models import UserProfile
 from meetingtools.multiresponse import redirect_to
+from meetingtools.apps.room.views import _acc_for_user
+from meetingtools.ac import ac_api_client
 
 def meta(request,attr):
     v = request.META.get(attr)
@@ -25,6 +27,16 @@ def meta1(request,attr):
     else:
         return None
 
+def _localpart(a):
+    if '@' in a:
+        (lp,dp) = a.split('@')
+        a = lp
+    return a
+
+def _is_member_or_employee(affiliations):
+    lpa = map(_localpart,affiliations)
+    return 'student' in lpa or 'staff' in lpa or ('member' in lpa and not 'student' in lpa)
+
 def accounts_login_federated(request):
     if request.user.is_authenticated():
         profile,created = UserProfile.objects.get_or_create(user=request.user)
@@ -68,8 +80,41 @@ def accounts_login_federated(request):
         profile.save()
         
         epe = meta(request,'entitlement')
+        # XXX Do we really need thix?
         if epe:
             request.session['entitlement'] = epe
+
+        affiliations = meta(request,'affiliation')
+
+        acc = _acc_for_user(request.user)
+        connect_api = ac_api_client(request, acc)
+        uid = request.user.username
+        principal = connect_api.find_or_create_principal("login", uid, "user", 
+                                                         {'type': "user",
+                                                          'has-children': "0",
+                                                          'first-name':fn,
+                                                          'last-name':ln,
+                                                          'email':mail,
+                                                          'login':uid,
+                                                          'ext-login':uid})
+        
+        member_or_employee = _is_member_or_employee(affiliations)
+        for gn in ('live-admins','seminar-admins'):
+            group = connect_api.find_builtin(gn)
+            if group:
+                connect_api.add_remove_member(principal.get('principal-id'),group.get('principal-id'),member_or_employee)
+        
+        (lp,domain) = uid.split('@')
+        for a in ('student','employee','member'):
+            affiliation = "%s@%s" % (a,domain)
+            group = connect_api.find_or_create_principal('name',affiliation,'group',{'type': 'group','has-children':'1','name': affiliation})
+            member = affiliation in affiliations
+            connect_api.add_remove_member(principal.get('principal-id'),group.get('principal-id'),member)
+            
+        #for e in epe:
+        #    group = connect_api.find_or_create_principal('name',e,'group',{'type': 'group','has-children':'1','name': e})
+        #    if group:
+        #        connect_api.add_remove_member(principal.get('principal-id'),group.get('principal-id'),True)
             
         next = request.session.get("after_login_redirect", None)
         if next is not None: