Add authorisation groups

46dbdcf4 · Lukas Burgey · 9442403e · 46dbdcf4 · 46dbdcf4 · 46dbdcf4
Commit 46dbdcf4 authored Apr 20, 2018 by Lukas Burgey
4 changed files
--- a/django_backend/backend/auth/v1/models.py
+++ b/django_backend/backend/auth/v1/models.py
@@ -22,6 +22,9 @@ class OIDCConfig(db_models.Model):
    enabled = db_models.BooleanField(default=False)
    name = db_models.CharField(max_length=200)

+    # does this idp provide us with group informations?
+    group_provider = db_models.BooleanField(default=False)
+
    @property
    def registration_response(self):
        info = {
@@ -62,6 +65,14 @@ class OIDCConfig(db_models.Model):
        )
        return auth_req.request(client.authorization_endpoint)

+    def get_user_groupinformation(self, userinfo):
+        if not self.group_provider:
+            return models.AuthGroup.objects.none()
+
+        LOGGER.debug('Retrieving group information for %s', userinfo)
+        # TODO actually retrieve the group information
+        return models.AuthGroup.objects.none()
+

 def default_idp():
    return OIDCConfig.objects.filter(enabled=True).first()

--- a/django_backend/backend/frontend/serializers.py
+++ b/django_backend/backend/frontend/serializers.py
@@ -38,12 +38,13 @@ class DeploymentSerializerB(serializers.Serializer):

 class UserSerializer(serializers.ModelSerializer):
    groups = backend_serializers.GroupSerializer(many=True)
+    auth_groups = backend_serializers.AuthGroupSerializer(many=True)
    ssh_keys = backend_serializers.SSHPublicKeySerializer(many=True)
    deployments = DeploymentSerializer(many=True)

    class Meta:
        model = models.User
-        fields = ['email', 'userinfo', 'ssh_keys', 'groups', 'deployments']
+        fields = ['email', 'userinfo', 'ssh_keys', 'groups', 'deployments', 'auth_groups']


 class ClientSerializer(serializers.HyperlinkedModelSerializer):

--- a/django_backend/backend/models.py
+++ b/django_backend/backend/models.py
@@ -222,6 +222,12 @@ class User(AbstractUser):
            userinfo=userinfo,
        )
        user.save()
+
+        for group in idp.get_user_groupinformation(
+                userinfo,
+        ).all():
+            group.users.add(user)
+
        return user

    @classmethod
@@ -307,6 +313,18 @@ class User(AbstractUser):
                dep.deactivate()


+# authorisation groups
+class AuthGroup(models.Model):
+    name = models.CharField(
+        max_length=200,
+    )
+    users = models.ManyToManyField(
+        User,
+        related_name='auth_groups',
+        blank=True,
+    )
+
+
 class Site(models.Model):
    client = models.OneToOneField(
        User,

--- a/django_backend/backend/serializers.py
+++ b/django_backend/backend/serializers.py
@@ -3,7 +3,7 @@

 from django.contrib.auth.models import Group
 from rest_framework import serializers
-from .models import SSHPublicKey
+from .models import SSHPublicKey, AuthGroup


 class GroupSerializer(serializers.ModelSerializer):
@@ -11,6 +11,13 @@ class GroupSerializer(serializers.ModelSerializer):
        model = Group
        fields = ['id', 'name']

+
+class AuthGroupSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = AuthGroup
+        fields = ['id', 'name']
+
+
 class SSHPublicKeySerializer(serializers.ModelSerializer):
    class Meta:
        model = SSHPublicKey