Support syncing user groups from Crowd (AUTH_CROWD_ALWAYS_UPDATE_GROUPS).

If AUTH_CROWD_ALWAYS_UPDATE_GROUPS is true, create Django groups based on Crowd groups, and make sure that user is assigned to same group set as Crowd.
author: Paul Sokolovsky <pfalcon@users.sourceforge.net> 2013-06-11 17:25:57 +0300
committer: Paul Sokolovsky <pfalcon@users.sourceforge.net> 2013-06-12 14:19:26 +0300
commit: d49d19b589cce758654792b745b3585d65c04c2b (patch)
tree: 1deaa29c879c5c739bf66e90a203a79b2646ad16
parent: 9ac5e0e974aed69f6038ae0516574fc94cadd49a (diff)
2 files changed, 27 insertions, 11 deletions
diff --git a/README.md b/README.md
index a38d6b1..9d21c5a 100644
--- a/README.md
+++ b/README.md
@@ -43,6 +43,13 @@ How to use it
 	_whether you want to sync django users from Crowd attributes_
 	
 		AUTH_CROWD_ALWAYS_UPDATE_USER = True
+
+	_whether you want to sync django groups from Crowd groups_
+
+		AUTH_CROWD_ALWAYS_UPDATE_GROUPS = True
+	If you use any form of group-based autorization/permission checking,
+	you'd rather have this as True (default). In particular, AUTH_CROWD_STAFF_GROUP
+	& AUTH_CROWD_SUPERUSER_GROUP settings depend on this.
     
 	_Django user will get staff flag when Crowd user is in given Crowd group_
 	
diff --git a/crowdrest/backend.py b/crowdrest/backend.py
index 8d8381a..595955b 100644
--- a/crowdrest/backend.py
+++ b/crowdrest/backend.py
@@ -71,6 +71,10 @@ class CrowdRestBackend(object):
             self.sync(user)
             saveUser = True
 
+        if crowd_settings.AUTH_CROWD_ALWAYS_UPDATE_GROUPS:
+            self.sync_groups(user)
+            saveUser = True
+
         if saveUser:
             user.save()
             
@@ -100,17 +104,21 @@ class CrowdRestBackend(object):
             user.email = usrData["email"]
         if "active" in usrData:
             user.is_active = usrData["active"]
-        
-        grpData = self.crowdClient.get_user_groups(user.username)
-        for grp in grpData["groups"]:
-            if "name" in grp:
-                grpName = grp["name"]
-                if grpName == crowd_settings.AUTH_CROWD_SUPERUSER_GROUP:
-                    user.is_staff     = True
-                    user.is_superuser = True
-                if grpName == crowd_settings.AUTH_CROWD_STAFF_GROUP:
-                    user.is_staff = True
-    
+
+    def sync_groups(self, user):
+        data = self.crowdClient.get_user_groups(user.username)
+
+        group_names = [x["name"] for x in data["groups"]]
+
+        group_objs = [Group.objects.get_or_create(name=g)[0] for g in group_names]
+        user.groups = group_objs
+
+        if crowd_settings.AUTH_CROWD_SUPERUSER_GROUP in group_names:
+            user.is_staff     = True
+            user.is_superuser = True
+        if crowd_settings.AUTH_CROWD_STAFF_GROUP in group_names:
+            user.is_staff = True
+
     def get_user(self, user_id):
         "Return User instance of given identifier."
         user = None
@@ -129,6 +137,7 @@ class CrowdSettings(object):
     """
     defaults = {
         'AUTH_CROWD_ALWAYS_UPDATE_USER':             True,
+        'AUTH_CROWD_ALWAYS_UPDATE_GROUPS'            True,
         'AUTH_CROWD_STAFF_GROUP':                    None,
         'AUTH_CROWD_SUPERUSER_GROUP':                None,
         'AUTH_CROWD_SERVER_TRUSTED_ROOT_CERTS_FILE': None,
author	Paul Sokolovsky <pfalcon@users.sourceforge.net>	2013-06-11 17:25:57 +0300
committer	Paul Sokolovsky <pfalcon@users.sourceforge.net>	2013-06-12 14:19:26 +0300
commit	d49d19b589cce758654792b745b3585d65c04c2b (patch)
tree	1deaa29c879c5c739bf66e90a203a79b2646ad16
parent	9ac5e0e974aed69f6038ae0516574fc94cadd49a (diff)