From 1c3423d452d0ca1e20dff36ce05c2e35d2894f29 Mon Sep 17 00:00:00 2001 From: Leif Johansson Date: Mon, 2 May 2011 14:43:23 +0200 Subject: new acl - first version --- src/meetingtools/apps/auth/utils.py | 9 +---- src/meetingtools/apps/auth/views.py | 72 ++++++++++++++++++++++++++----------- 2 files changed, 52 insertions(+), 29 deletions(-) (limited to 'src/meetingtools/apps/auth') diff --git a/src/meetingtools/apps/auth/utils.py b/src/meetingtools/apps/auth/utils.py index 3a7efe6..1a0174c 100644 --- a/src/meetingtools/apps/auth/utils.py +++ b/src/meetingtools/apps/auth/utils.py @@ -14,13 +14,6 @@ def anonid(): def groups(request): groups = [] if request.user.is_authenticated(): - if request.session and request.session.has_key('entitlement'): - groups = groups + request.session['entitlement'] - - if '@' in request.user.username: - (local,domain) = request.user.username.split('@') - groups.append(domain) - for e in ('member','employee','student'): - groups.append("%s@%s" % (e,domain)) + groups = request.user.groups return groups \ No newline at end of file diff --git a/src/meetingtools/apps/auth/views.py b/src/meetingtools/apps/auth/views.py index bbeb4be..fe2d97a 100644 --- a/src/meetingtools/apps/auth/views.py +++ b/src/meetingtools/apps/auth/views.py @@ -4,16 +4,18 @@ Created on Jul 5, 2010 @author: leifj ''' from django.http import HttpResponseRedirect -from django.contrib.auth.models import User +from django.contrib.auth.models import User, Group import datetime from django.views.decorators.cache import never_cache import logging from meetingtools.apps.userprofile.models import UserProfile from meetingtools.multiresponse import redirect_to, make_response_dict from meetingtools.apps.room.views import _acc_for_user -from meetingtools.ac import ac_api_client +from meetingtools.ac import ac_api_client, ac_api from django.shortcuts import render_to_response from django.contrib import auth +from django_co_connector.models import co_import_from_request, add_member,\ + remove_member def meta(request,attr): v = request.META.get(attr) @@ -30,15 +32,21 @@ def meta1(request,attr): return None def _localpart(a): + if hasattr(a,'name'): + a = a.name if '@' in a: (lp,dp) = a.split('@') a = lp return a -def _is_member_or_employee(affiliations): +def _is_member_or_employee_old(affiliations): lpa = map(_localpart,affiliations) return 'student' in lpa or 'staff' in lpa or ('member' in lpa and not 'student' in lpa) +def _is_member_or_employee(user): + lpa = map(_localpart,user.groups) + return 'student' in lpa or 'staff' in lpa or ('member' in lpa and not 'student' in lpa) + @never_cache def logout(request): auth.logout(request) @@ -48,6 +56,33 @@ def logout(request): def login(request): return render_to_response('apps/auth/login.html',make_response_dict(request,{'next': request.REQUEST.get("next")})); + +def join_group(group,**kwargs): + user = kwargs['user'] + acc = _acc_for_user(user) + connect_api = ac_api(acc) + + principal = connect_api.find_principal("login", user.username, "user") + if principal: + gp = connect_api.find_group(group.name) + if gp: + connect_api.add_member(principal.get('principal-id'),gp.get('principal-id')) + + +def leave_group(group,**kwargs): + user = kwargs['user'] + acc = _acc_for_user(user) + connect_api = ac_api(acc) + + principal = connect_api.find_principal("login", user.username, "user") + if principal: + gp = connect_api.find_group(group.name) + if gp: + connect_api.remove_member(principal.get('principal-id'),gp.get('principal-id')) + +add_member.connect(join_group,sender=Group) +remove_member.connect(leave_group,sender=Group) + def accounts_login_federated(request): if request.user.is_authenticated(): profile,created = UserProfile.objects.get_or_create(user=request.user) @@ -88,38 +123,33 @@ def accounts_login_federated(request): # Allow auto_now to kick in for the lastupdated field #profile.lastupdated = datetime.datetime.now() profile.save() - - epe = meta(request,'entitlement') - # XXX Do we really need thix? - if epe: - request.session['entitlement'] = epe - - affiliations = meta(request,'affiliation') acc = _acc_for_user(request.user) connect_api = ac_api_client(request, acc) - uid = request.user.username - principal = connect_api.find_or_create_principal("login", uid, "user", + # make sure the principal is created before shooting off + principal = connect_api.find_or_create_principal("login", request.user.username, "user", {'type': "user", 'has-children': "0", 'first-name':fn, 'last-name':ln, 'email':mail, - 'login':uid, - 'ext-login':uid}) + 'login':request.user.username, + 'ext-login':request.user.username}) + + co_import_from_request(request) - member_or_employee = _is_member_or_employee(affiliations) + member_or_employee = _is_member_or_employee(request.user) for gn in ('live-admins','seminar-admins'): group = connect_api.find_builtin(gn) if group: connect_api.add_remove_member(principal.get('principal-id'),group.get('principal-id'),member_or_employee) - (lp,domain) = uid.split('@') - for a in ('student','employee','member'): - affiliation = "%s@%s" % (a,domain) - group = connect_api.find_or_create_principal('name',affiliation,'group',{'type': 'group','has-children':'1','name': affiliation}) - member = affiliation in affiliations - connect_api.add_remove_member(principal.get('principal-id'),group.get('principal-id'),member) + #(lp,domain) = uid.split('@') + #for a in ('student','employee','member'): + # affiliation = "%s@%s" % (a,domain) + # group = connect_api.find_or_create_principal('name',affiliation,'group',{'type': 'group','has-children':'1','name': affiliation}) + # member = affiliation in affiliations + # connect_api.add_remove_member(principal.get('principal-id'),group.get('principal-id'),member) #for e in epe: # group = connect_api.find_or_create_principal('name',e,'group',{'type': 'group','has-children':'1','name': e}) -- cgit v1.1