aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPaul Sokolovsky <pfalcon@users.sourceforge.net>2013-06-11 17:25:57 +0300
committerPaul Sokolovsky <pfalcon@users.sourceforge.net>2013-06-12 14:19:26 +0300
commitd49d19b589cce758654792b745b3585d65c04c2b (patch)
tree1deaa29c879c5c739bf66e90a203a79b2646ad16
parent9ac5e0e974aed69f6038ae0516574fc94cadd49a (diff)
downloaddjango-crowd-rest-backend-d49d19b589cce758654792b745b3585d65c04c2b.tar.gz
Support syncing user groups from Crowd (AUTH_CROWD_ALWAYS_UPDATE_GROUPS).
If AUTH_CROWD_ALWAYS_UPDATE_GROUPS is true, create Django groups based on Crowd groups, and make sure that user is assigned to same group set as Crowd.
-rw-r--r--README.md7
-rw-r--r--crowdrest/backend.py31
2 files changed, 27 insertions, 11 deletions
diff --git a/README.md b/README.md
index a38d6b1..9d21c5a 100644
--- a/README.md
+++ b/README.md
@@ -43,6 +43,13 @@ How to use it
_whether you want to sync django users from Crowd attributes_
AUTH_CROWD_ALWAYS_UPDATE_USER = True
+
+ _whether you want to sync django groups from Crowd groups_
+
+ AUTH_CROWD_ALWAYS_UPDATE_GROUPS = True
+ If you use any form of group-based autorization/permission checking,
+ you'd rather have this as True (default). In particular, AUTH_CROWD_STAFF_GROUP
+ & AUTH_CROWD_SUPERUSER_GROUP settings depend on this.
_Django user will get staff flag when Crowd user is in given Crowd group_
diff --git a/crowdrest/backend.py b/crowdrest/backend.py
index 8d8381a..595955b 100644
--- a/crowdrest/backend.py
+++ b/crowdrest/backend.py
@@ -71,6 +71,10 @@ class CrowdRestBackend(object):
self.sync(user)
saveUser = True
+ if crowd_settings.AUTH_CROWD_ALWAYS_UPDATE_GROUPS:
+ self.sync_groups(user)
+ saveUser = True
+
if saveUser:
user.save()
@@ -100,17 +104,21 @@ class CrowdRestBackend(object):
user.email = usrData["email"]
if "active" in usrData:
user.is_active = usrData["active"]
-
- grpData = self.crowdClient.get_user_groups(user.username)
- for grp in grpData["groups"]:
- if "name" in grp:
- grpName = grp["name"]
- if grpName == crowd_settings.AUTH_CROWD_SUPERUSER_GROUP:
- user.is_staff = True
- user.is_superuser = True
- if grpName == crowd_settings.AUTH_CROWD_STAFF_GROUP:
- user.is_staff = True
-
+
+ def sync_groups(self, user):
+ data = self.crowdClient.get_user_groups(user.username)
+
+ group_names = [x["name"] for x in data["groups"]]
+
+ group_objs = [Group.objects.get_or_create(name=g)[0] for g in group_names]
+ user.groups = group_objs
+
+ if crowd_settings.AUTH_CROWD_SUPERUSER_GROUP in group_names:
+ user.is_staff = True
+ user.is_superuser = True
+ if crowd_settings.AUTH_CROWD_STAFF_GROUP in group_names:
+ user.is_staff = True
+
def get_user(self, user_id):
"Return User instance of given identifier."
user = None
@@ -129,6 +137,7 @@ class CrowdSettings(object):
"""
defaults = {
'AUTH_CROWD_ALWAYS_UPDATE_USER': True,
+ 'AUTH_CROWD_ALWAYS_UPDATE_GROUPS' True,
'AUTH_CROWD_STAFF_GROUP': None,
'AUTH_CROWD_SUPERUSER_GROUP': None,
'AUTH_CROWD_SERVER_TRUSTED_ROOT_CERTS_FILE': None,