From 114572dac2c78cd235a6b99dc03e6d95d50ae27b Mon Sep 17 00:00:00 2001 From: Brian Wiborg Date: Sun, 24 Nov 2013 19:01:32 +0100 Subject: [PATCH 1/3] better aproach of limiting a view to c-lab group --- account/views.py | 2 +- cbmi/settings.py | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/account/views.py b/account/views.py index 4c335e2..8e77ee0 100644 --- a/account/views.py +++ b/account/views.py @@ -141,7 +141,7 @@ def gastropin(request): @login_required def clabpin(request): - if request.user.groups.filter(name='cey-c-lab').count() == 0: + if not request.user.is_clab_member: return render(request, 'access_denied.html') def calculate_clab_hash(pin): diff --git a/cbmi/settings.py b/cbmi/settings.py index 60fd668..848a62b 100644 --- a/cbmi/settings.py +++ b/cbmi/settings.py @@ -141,6 +141,7 @@ AUTH_LDAP_GROUP_TYPE = GroupOfNamesType(name_attr="cn") AUTH_LDAP_USER_FLAGS_BY_GROUP = { "is_member": "cn=crew,ou=groups,dc=c-base,dc=org", "is_circle_member": "cn=circle,ou=groups,dc=c-base,dc=org", + "is_clab_member": "cn=cey-c-lab,ou=groups,dc=c-base,dc=org", } AUTH_LDAP_USER_ATTR_MAP = { From 44e95f2638324a759b48c2e650b50260794eabff Mon Sep 17 00:00:00 2001 From: Brian Wiborg Date: Sun, 24 Nov 2013 21:35:01 +0100 Subject: [PATCH 2/3] fixing bug in syncing profile_flags --- account/models.py | 6 +++++- account/views.py | 2 +- cbmi/settings.py | 5 +++-- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/account/models.py b/account/models.py index 89a8795..a6b396c 100644 --- a/account/models.py +++ b/account/models.py @@ -34,10 +34,14 @@ class UserProfile(models.Model): null=True, blank=True, default=None) + is_member = models.BooleanField(default=False, editable=False) + is_ldap_admin = models.BooleanField(default=False, editable=False) + is_circle_member = models.BooleanField(default=False, editable=False) + is_clab_member = models.BooleanField(default=False, editable=False) def __unicode__(self): return 'Profile: %s' % self.user.username User.profile = property(lambda u: UserProfile.objects.get_or_create(user=u)[0]) signals.post_save.connect(create_profile, sender=User) -signals.pre_delete.connect(delete_profile, sender=User) \ No newline at end of file +signals.pre_delete.connect(delete_profile, sender=User) diff --git a/account/views.py b/account/views.py index 8e77ee0..48bb7f0 100644 --- a/account/views.py +++ b/account/views.py @@ -141,7 +141,7 @@ def gastropin(request): @login_required def clabpin(request): - if not request.user.is_clab_member: + if not request.user.profile.is_clab_member: return render(request, 'access_denied.html') def calculate_clab_hash(pin): diff --git a/cbmi/settings.py b/cbmi/settings.py index 848a62b..0afab4f 100644 --- a/cbmi/settings.py +++ b/cbmi/settings.py @@ -132,14 +132,15 @@ AUTH_LDAP_CACHE_GROUPS = True AUTH_LDAP_GROUP_CACHE_TIMEOUT = 300 AUTH_LDAP_MIRROR_GROUPS = True AUTH_LDAP_GROUP_SEARCH = LDAPSearch( - "dc=c-base,dc=org", + "ou=groups,dc=c-base,dc=org", ldap.SCOPE_SUBTREE, "(objectClass=groupOfNames)", ) AUTH_LDAP_REQUIRE_GROUP = "cn=crew,ou=groups,dc=c-base,dc=org" AUTH_LDAP_GROUP_TYPE = GroupOfNamesType(name_attr="cn") -AUTH_LDAP_USER_FLAGS_BY_GROUP = { +AUTH_LDAP_PROFILE_FLAGS_BY_GROUP = { "is_member": "cn=crew,ou=groups,dc=c-base,dc=org", + "is_ldap_admin": "cn=ldap_admins,ou=groups,dc=c-base,dc=org", "is_circle_member": "cn=circle,ou=groups,dc=c-base,dc=org", "is_clab_member": "cn=cey-c-lab,ou=groups,dc=c-base,dc=org", } From 99859a7c79de0aae892faeef1e6743d858d83e67 Mon Sep 17 00:00:00 2001 From: Brian Wiborg Date: Sun, 24 Nov 2013 21:41:30 +0100 Subject: [PATCH 3/3] bumping admin view to use profile_flag filter --- account/views.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/account/views.py b/account/views.py index 48bb7f0..86030b7 100644 --- a/account/views.py +++ b/account/views.py @@ -236,7 +236,7 @@ def nrf24(request): @login_required def admin(request): admin_member = retrieve_member(request) - if request.user.groups.filter(name='ldap_admins').count() == 0: + if not request.user.profile.is_ldap_admin: return render(request, 'access_denied.html') users = admin_member.list_users() if request.method == 'POST':