diff --git a/account/models.py b/account/models.py index 89a8795..a6b396c 100644 --- a/account/models.py +++ b/account/models.py @@ -34,10 +34,14 @@ class UserProfile(models.Model): null=True, blank=True, default=None) + is_member = models.BooleanField(default=False, editable=False) + is_ldap_admin = models.BooleanField(default=False, editable=False) + is_circle_member = models.BooleanField(default=False, editable=False) + is_clab_member = models.BooleanField(default=False, editable=False) def __unicode__(self): return 'Profile: %s' % self.user.username User.profile = property(lambda u: UserProfile.objects.get_or_create(user=u)[0]) signals.post_save.connect(create_profile, sender=User) -signals.pre_delete.connect(delete_profile, sender=User) \ No newline at end of file +signals.pre_delete.connect(delete_profile, sender=User) diff --git a/account/views.py b/account/views.py index 8e77ee0..48bb7f0 100644 --- a/account/views.py +++ b/account/views.py @@ -141,7 +141,7 @@ def gastropin(request): @login_required def clabpin(request): - if not request.user.is_clab_member: + if not request.user.profile.is_clab_member: return render(request, 'access_denied.html') def calculate_clab_hash(pin): diff --git a/cbmi/settings.py b/cbmi/settings.py index 848a62b..0afab4f 100644 --- a/cbmi/settings.py +++ b/cbmi/settings.py @@ -132,14 +132,15 @@ AUTH_LDAP_CACHE_GROUPS = True AUTH_LDAP_GROUP_CACHE_TIMEOUT = 300 AUTH_LDAP_MIRROR_GROUPS = True AUTH_LDAP_GROUP_SEARCH = LDAPSearch( - "dc=c-base,dc=org", + "ou=groups,dc=c-base,dc=org", ldap.SCOPE_SUBTREE, "(objectClass=groupOfNames)", ) AUTH_LDAP_REQUIRE_GROUP = "cn=crew,ou=groups,dc=c-base,dc=org" AUTH_LDAP_GROUP_TYPE = GroupOfNamesType(name_attr="cn") -AUTH_LDAP_USER_FLAGS_BY_GROUP = { +AUTH_LDAP_PROFILE_FLAGS_BY_GROUP = { "is_member": "cn=crew,ou=groups,dc=c-base,dc=org", + "is_ldap_admin": "cn=ldap_admins,ou=groups,dc=c-base,dc=org", "is_circle_member": "cn=circle,ou=groups,dc=c-base,dc=org", "is_clab_member": "cn=cey-c-lab,ou=groups,dc=c-base,dc=org", }