Commit 46dbdcf4 authored by Lukas Burgey's avatar Lukas Burgey
Browse files

Add authorisation groups

parent 9442403e
...@@ -22,6 +22,9 @@ class OIDCConfig(db_models.Model): ...@@ -22,6 +22,9 @@ class OIDCConfig(db_models.Model):
enabled = db_models.BooleanField(default=False) enabled = db_models.BooleanField(default=False)
name = db_models.CharField(max_length=200) name = db_models.CharField(max_length=200)
# does this idp provide us with group informations?
group_provider = db_models.BooleanField(default=False)
@property @property
def registration_response(self): def registration_response(self):
info = { info = {
...@@ -62,6 +65,14 @@ class OIDCConfig(db_models.Model): ...@@ -62,6 +65,14 @@ class OIDCConfig(db_models.Model):
) )
return auth_req.request(client.authorization_endpoint) return auth_req.request(client.authorization_endpoint)
def get_user_groupinformation(self, userinfo):
if not self.group_provider:
return models.AuthGroup.objects.none()
LOGGER.debug('Retrieving group information for %s', userinfo)
# TODO actually retrieve the group information
return models.AuthGroup.objects.none()
def default_idp(): def default_idp():
return OIDCConfig.objects.filter(enabled=True).first() return OIDCConfig.objects.filter(enabled=True).first()
......
...@@ -38,12 +38,13 @@ class DeploymentSerializerB(serializers.Serializer): ...@@ -38,12 +38,13 @@ class DeploymentSerializerB(serializers.Serializer):
class UserSerializer(serializers.ModelSerializer): class UserSerializer(serializers.ModelSerializer):
groups = backend_serializers.GroupSerializer(many=True) groups = backend_serializers.GroupSerializer(many=True)
auth_groups = backend_serializers.AuthGroupSerializer(many=True)
ssh_keys = backend_serializers.SSHPublicKeySerializer(many=True) ssh_keys = backend_serializers.SSHPublicKeySerializer(many=True)
deployments = DeploymentSerializer(many=True) deployments = DeploymentSerializer(many=True)
class Meta: class Meta:
model = models.User model = models.User
fields = ['email', 'userinfo', 'ssh_keys', 'groups', 'deployments'] fields = ['email', 'userinfo', 'ssh_keys', 'groups', 'deployments', 'auth_groups']
class ClientSerializer(serializers.HyperlinkedModelSerializer): class ClientSerializer(serializers.HyperlinkedModelSerializer):
......
...@@ -222,6 +222,12 @@ class User(AbstractUser): ...@@ -222,6 +222,12 @@ class User(AbstractUser):
userinfo=userinfo, userinfo=userinfo,
) )
user.save() user.save()
for group in idp.get_user_groupinformation(
userinfo,
).all():
group.users.add(user)
return user return user
@classmethod @classmethod
...@@ -307,6 +313,18 @@ class User(AbstractUser): ...@@ -307,6 +313,18 @@ class User(AbstractUser):
dep.deactivate() dep.deactivate()
# authorisation groups
class AuthGroup(models.Model):
name = models.CharField(
max_length=200,
)
users = models.ManyToManyField(
User,
related_name='auth_groups',
blank=True,
)
class Site(models.Model): class Site(models.Model):
client = models.OneToOneField( client = models.OneToOneField(
User, User,
......
...@@ -3,7 +3,7 @@ ...@@ -3,7 +3,7 @@
from django.contrib.auth.models import Group from django.contrib.auth.models import Group
from rest_framework import serializers from rest_framework import serializers
from .models import SSHPublicKey from .models import SSHPublicKey, AuthGroup
class GroupSerializer(serializers.ModelSerializer): class GroupSerializer(serializers.ModelSerializer):
...@@ -11,6 +11,13 @@ class GroupSerializer(serializers.ModelSerializer): ...@@ -11,6 +11,13 @@ class GroupSerializer(serializers.ModelSerializer):
model = Group model = Group
fields = ['id', 'name'] fields = ['id', 'name']
class AuthGroupSerializer(serializers.ModelSerializer):
class Meta:
model = AuthGroup
fields = ['id', 'name']
class SSHPublicKeySerializer(serializers.ModelSerializer): class SSHPublicKeySerializer(serializers.ModelSerializer):
class Meta: class Meta:
model = SSHPublicKey model = SSHPublicKey
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment