aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPaul Sokolovsky <pfalcon@users.sourceforge.net>2013-06-12 23:09:59 +0300
committerPaul Sokolovsky <pfalcon@users.sourceforge.net>2013-06-12 23:09:59 +0300
commit9eff517ae7205ae28c46cce83b4435fe33e4405b (patch)
treed8441ffc336accd9c660316644ffb6baba91637a
parentbfeb7cca8b747ec9fdaea5a12574a0275992e5f3 (diff)
downloaddjango-crowd-rest-backend-9eff517ae7205ae28c46cce83b4435fe33e4405b.tar.gz
Add AUTH_CROWD_CREATE_GROUPS setting to control auto group creation.
If set to False, no groups will be created, only pre-existing (as initialized with DB fixture, or entered manually) Django groups will be considered.
-rw-r--r--README.md14
-rw-r--r--crowdrest/__init__.py2
-rw-r--r--crowdrest/backend.py13
3 files changed, 24 insertions, 5 deletions
diff --git a/README.md b/README.md
index fceef94..a7e18ae 100644
--- a/README.md
+++ b/README.md
@@ -50,6 +50,20 @@ How to use it
If you use any form of group-based autorization/permission checking,
you'd rather have this as True (default). In particular, AUTH_CROWD_STAFF_GROUP
& AUTH_CROWD_SUPERUSER_GROUP settings depend on this.
+
+ _whether you want to sync all user's Crowd groups into Django_
+
+ AUTH_CROWD_CREATE_GROUPS = False
+ This setting is considered only if AUTH_CROWD_ALWAYS_UPDATE_GROUPS = True. If
+ this is True, then all user's groups in Crowd will be synced to Django (so,
+ effectively, you'll be able to check Crowd group memberships using Django API).
+ If set to False (default), no groups will be created by backend, and only groups
+ already existing in Django will be considered (i.e. user group membership in
+ Django will be updated to intersection of user's Crowd groups and all available
+ Django groups).
+
+ you'd rather have this as True (default). In particular, AUTH_CROWD_STAFF_GROUP
+ & AUTH_CROWD_SUPERUSER_GROUP settings depend on this.
_Django user will get staff flag when Crowd user is in given Crowd group_
diff --git a/crowdrest/__init__.py b/crowdrest/__init__.py
index 4113569..286c2e5 100644
--- a/crowdrest/__init__.py
+++ b/crowdrest/__init__.py
@@ -1 +1 @@
-__version__ = (0, 2, 0)
+__version__ = (0, 3, 0)
diff --git a/crowdrest/backend.py b/crowdrest/backend.py
index 8210509..ff3fd74 100644
--- a/crowdrest/backend.py
+++ b/crowdrest/backend.py
@@ -111,10 +111,7 @@ class CrowdRestBackend(object):
def sync_groups(self, user):
data = self.crowdClient.get_user_groups(user.username)
- group_names = [x["name"] for x in data["groups"]]
-
- group_objs = [Group.objects.get_or_create(name=g)[0] for g in group_names]
- user.groups = group_objs
+ group_names = set([x["name"] for x in data["groups"]])
if getattr(settings, "AUTH_CROWD_SUPERUSER_GROUP", None) in group_names:
user.is_superuser = True
@@ -125,6 +122,14 @@ class CrowdRestBackend(object):
else:
user.is_staff = False
+ if getattr(settings, "AUTH_CROWD_CREATE_GROUPS", False):
+ group_objs = [Group.objects.get_or_create(name=g)[0] for g in group_names]
+ else:
+ group_objs = Group.objects.all()
+ group_objs = filter(lambda x: x.name in group_names, group_objs)
+
+ user.groups = group_objs
+
def get_user(self, user_id):
"Return User instance of given identifier."
user = None