forked from Github-Mirrors/canaille
Delayed LDAPObject may and must initialization
This commit is contained in:
parent
edd7873cea
commit
5d9a41f18b
4 changed files with 27 additions and 20 deletions
|
@ -366,7 +366,7 @@ def registration(data, hash):
|
||||||
def profile_create(current_app, form):
|
def profile_create(current_app, form):
|
||||||
user = User()
|
user = User()
|
||||||
for attribute in form:
|
for attribute in form:
|
||||||
if attribute.name in user.may + user.must:
|
if attribute.name in user.may() + user.must():
|
||||||
if isinstance(attribute.data, FileStorage):
|
if isinstance(attribute.data, FileStorage):
|
||||||
data = attribute.data.stream.read()
|
data = attribute.data.stream.read()
|
||||||
else:
|
else:
|
||||||
|
@ -477,7 +477,7 @@ def profile_edit(editor, username):
|
||||||
else:
|
else:
|
||||||
for attribute in form:
|
for attribute in form:
|
||||||
if (
|
if (
|
||||||
attribute.name in user.may + user.must
|
attribute.name in user.may() + user.must()
|
||||||
and attribute.name in editor.write
|
and attribute.name in editor.write
|
||||||
):
|
):
|
||||||
if isinstance(attribute.data, FileStorage):
|
if isinstance(attribute.data, FileStorage):
|
||||||
|
|
|
@ -9,8 +9,8 @@ from .utils import python_to_ldap
|
||||||
class LDAPObject:
|
class LDAPObject:
|
||||||
_object_class_by_name = None
|
_object_class_by_name = None
|
||||||
_attribute_type_by_name = None
|
_attribute_type_by_name = None
|
||||||
may = None
|
_may = None
|
||||||
must = None
|
_must = None
|
||||||
base = None
|
base = None
|
||||||
root_dn = None
|
root_dn = None
|
||||||
rdn = None
|
rdn = None
|
||||||
|
@ -25,9 +25,6 @@ class LDAPObject:
|
||||||
for name, value in kwargs.items():
|
for name, value in kwargs.items():
|
||||||
setattr(self, name, value)
|
setattr(self, name, value)
|
||||||
|
|
||||||
if not self.may and not self.must:
|
|
||||||
self.update_ldap_attributes()
|
|
||||||
|
|
||||||
def __repr__(self):
|
def __repr__(self):
|
||||||
rdn = getattr(self, self.rdn, "?")
|
rdn = getattr(self, self.rdn, "?")
|
||||||
return f"<{self.__class__.__name__} {self.rdn}={rdn}>"
|
return f"<{self.__class__.__name__} {self.rdn}={rdn}>"
|
||||||
|
@ -35,11 +32,11 @@ class LDAPObject:
|
||||||
def __eq__(self, other):
|
def __eq__(self, other):
|
||||||
return (
|
return (
|
||||||
isinstance(other, self.__class__)
|
isinstance(other, self.__class__)
|
||||||
and self.may == other.may
|
and self.may() == other.may()
|
||||||
and self.must == other.must
|
and self.must() == other.must()
|
||||||
and all(
|
and all(
|
||||||
getattr(self, attr) == getattr(other, attr)
|
getattr(self, attr) == getattr(other, attr)
|
||||||
for attr in self.may + self.must
|
for attr in self.may() + self.must()
|
||||||
if hasattr(self, attr) and hasattr(other, attr)
|
if hasattr(self, attr) and hasattr(other, attr)
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
|
@ -88,6 +85,16 @@ class LDAPObject:
|
||||||
rdn = self.attrs[self.rdn][0]
|
rdn = self.attrs[self.rdn][0]
|
||||||
return f"{self.rdn}={ldap.dn.escape_dn_chars(rdn.strip())},{self.base},{self.root_dn}"
|
return f"{self.rdn}={ldap.dn.escape_dn_chars(rdn.strip())},{self.base},{self.root_dn}"
|
||||||
|
|
||||||
|
def may(self):
|
||||||
|
if not self._may:
|
||||||
|
self.update_ldap_attributes()
|
||||||
|
return self._may
|
||||||
|
|
||||||
|
def must(self):
|
||||||
|
if not self._must:
|
||||||
|
self.update_ldap_attributes()
|
||||||
|
return self._must
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
def ldap_connection(cls):
|
def ldap_connection(cls):
|
||||||
return g.ldap_connection
|
return g.ldap_connection
|
||||||
|
@ -246,8 +253,8 @@ class LDAPObject:
|
||||||
this_object_classes = {all_object_classes[name] for name in cls.object_class}
|
this_object_classes = {all_object_classes[name] for name in cls.object_class}
|
||||||
done = set()
|
done = set()
|
||||||
|
|
||||||
cls.may = []
|
cls._may = []
|
||||||
cls.must = []
|
cls._must = []
|
||||||
while len(this_object_classes) > 0:
|
while len(this_object_classes) > 0:
|
||||||
object_class = this_object_classes.pop()
|
object_class = this_object_classes.pop()
|
||||||
done.add(object_class)
|
done.add(object_class)
|
||||||
|
@ -256,11 +263,11 @@ class LDAPObject:
|
||||||
for ocsup in object_class.sup
|
for ocsup in object_class.sup
|
||||||
if ocsup not in done
|
if ocsup not in done
|
||||||
}
|
}
|
||||||
cls.may.extend(object_class.may)
|
cls._may.extend(object_class.may)
|
||||||
cls.must.extend(object_class.must)
|
cls._must.extend(object_class.must)
|
||||||
|
|
||||||
cls.may = list(set(cls.may))
|
cls._may = list(set(cls._may))
|
||||||
cls.must = list(set(cls.must))
|
cls._must = list(set(cls._must))
|
||||||
|
|
||||||
def reload(self, conn=None):
|
def reload(self, conn=None):
|
||||||
conn = conn or self.ldap_connection()
|
conn = conn or self.ldap_connection()
|
||||||
|
@ -325,6 +332,6 @@ class LDAPObject:
|
||||||
conn.delete_s(self.dn)
|
conn.delete_s(self.dn)
|
||||||
|
|
||||||
def keys(self):
|
def keys(self):
|
||||||
ldap_keys = self.must + self.may
|
ldap_keys = self.must() + self.may()
|
||||||
inverted_table = {value: key for key, value in self.attribute_table.items()}
|
inverted_table = {value: key for key, value in self.attribute_table.items()}
|
||||||
return [inverted_table.get(key, key) for key in ldap_keys]
|
return [inverted_table.get(key, key) for key in ldap_keys]
|
||||||
|
|
|
@ -9,10 +9,10 @@
|
||||||
|
|
||||||
<div class="ui attached clearing segment">
|
<div class="ui attached clearing segment">
|
||||||
<ul>
|
<ul>
|
||||||
{% for attr in authorization.may %}
|
{% for attr in authorization.may() %}
|
||||||
<li>{{ attr }}: {{ authorization[attr] }}</li>
|
<li>{{ attr }}: {{ authorization[attr] }}</li>
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% for attr in authorization.must %}
|
{% for attr in authorization.must() %}
|
||||||
<li>{{ attr }}: {{ authorization[attr] }}</li>
|
<li>{{ attr }}: {{ authorization[attr] }}</li>
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
</ul>
|
</ul>
|
||||||
|
|
|
@ -13,5 +13,5 @@ def test_authorizaton_list(testclient, authorization, logged_admin):
|
||||||
|
|
||||||
def test_authorizaton_view(testclient, authorization, logged_admin):
|
def test_authorizaton_view(testclient, authorization, logged_admin):
|
||||||
res = testclient.get("/admin/authorization/" + authorization.authorization_code_id)
|
res = testclient.get("/admin/authorization/" + authorization.authorization_code_id)
|
||||||
for attr in authorization.may + authorization.must:
|
for attr in authorization.may() + authorization.must():
|
||||||
assert attr in res.text
|
assert attr in res.text
|
||||||
|
|
Loading…
Reference in a new issue