globuzma/canaille-globuzma
1
0
Fork 0
forked from Github-Mirrors/canaille
Code Pull requests Activity

Delayed LDAPObject may and must initialization

Browse source
This commit is contained in:
Éloi Rivard 2023-03-08 00:53:27 +01:00
parent edd7873cea
commit 5d9a41f18b
4 changed files with 27 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
canaille/account.py
View file

@ -366,7 +366,7 @@ def registration(data, hash):
def profile_create(current_app, form): def profile_create(current_app, form):
user = User() user = User()
for attribute in form: for attribute in form:
if attribute.name in user.may + user.must: if attribute.name in user.may() + user.must():
if isinstance(attribute.data, FileStorage): if isinstance(attribute.data, FileStorage):
data = attribute.data.stream.read() data = attribute.data.stream.read()
else: else:
@ -477,7 +477,7 @@ def profile_edit(editor, username):
else: else:
for attribute in form: for attribute in form:
if ( if (
attribute.name in user.may + user.must attribute.name in user.may() + user.must()
and attribute.name in editor.write and attribute.name in editor.write
): ):
if isinstance(attribute.data, FileStorage): if isinstance(attribute.data, FileStorage):

37
canaille/ldap_backend/ldapobject.py
View file

@ -9,8 +9,8 @@ from .utils import python_to_ldap
class LDAPObject: class LDAPObject:
_object_class_by_name = None _object_class_by_name = None
_attribute_type_by_name = None _attribute_type_by_name = None
may = None _may = None
must = None _must = None
base = None base = None
root_dn = None root_dn = None
rdn = None rdn = None
@ -25,9 +25,6 @@ class LDAPObject:
for name, value in kwargs.items(): for name, value in kwargs.items():
setattr(self, name, value) setattr(self, name, value)
if not self.may and not self.must:
self.update_ldap_attributes()
def __repr__(self): def __repr__(self):
rdn = getattr(self, self.rdn, "?") rdn = getattr(self, self.rdn, "?")
return f"<{self.__class__.__name__} {self.rdn}={rdn}>" return f"<{self.__class__.__name__} {self.rdn}={rdn}>"
@ -35,11 +32,11 @@ class LDAPObject:
def __eq__(self, other): def __eq__(self, other):
return ( return (
isinstance(other, self.__class__) isinstance(other, self.__class__)
and self.may == other.may and self.may() == other.may()
and self.must == other.must and self.must() == other.must()
and all( and all(
getattr(self, attr) == getattr(other, attr) getattr(self, attr) == getattr(other, attr)
for attr in self.may + self.must for attr in self.may() + self.must()
if hasattr(self, attr) and hasattr(other, attr) if hasattr(self, attr) and hasattr(other, attr)
) )
) )
@ -88,6 +85,16 @@ class LDAPObject:
rdn = self.attrs[self.rdn][0] rdn = self.attrs[self.rdn][0]
return f"{self.rdn}={ldap.dn.escape_dn_chars(rdn.strip())},{self.base},{self.root_dn}" return f"{self.rdn}={ldap.dn.escape_dn_chars(rdn.strip())},{self.base},{self.root_dn}"
def may(self):
if not self._may:
self.update_ldap_attributes()
return self._may
def must(self):
if not self._must:
self.update_ldap_attributes()
return self._must
@classmethod @classmethod
def ldap_connection(cls): def ldap_connection(cls):
return g.ldap_connection return g.ldap_connection
@ -246,8 +253,8 @@ class LDAPObject:
this_object_classes = {all_object_classes[name] for name in cls.object_class} this_object_classes = {all_object_classes[name] for name in cls.object_class}
done = set() done = set()
cls.may = [] cls._may = []
cls.must = [] cls._must = []
while len(this_object_classes) > 0: while len(this_object_classes) > 0:
object_class = this_object_classes.pop() object_class = this_object_classes.pop()
done.add(object_class) done.add(object_class)
@ -256,11 +263,11 @@ class LDAPObject:
for ocsup in object_class.sup for ocsup in object_class.sup
if ocsup not in done if ocsup not in done
} }
cls.may.extend(object_class.may) cls._may.extend(object_class.may)
cls.must.extend(object_class.must) cls._must.extend(object_class.must)
cls.may = list(set(cls.may)) cls._may = list(set(cls._may))
cls.must = list(set(cls.must)) cls._must = list(set(cls._must))
def reload(self, conn=None): def reload(self, conn=None):
conn = conn or self.ldap_connection() conn = conn or self.ldap_connection()
@ -325,6 +332,6 @@ class LDAPObject:
conn.delete_s(self.dn) conn.delete_s(self.dn)
def keys(self): def keys(self):
ldap_keys = self.must + self.may ldap_keys = self.must() + self.may()
inverted_table = {value: key for key, value in self.attribute_table.items()} inverted_table = {value: key for key, value in self.attribute_table.items()}
return [inverted_table.get(key, key) for key in ldap_keys] return [inverted_table.get(key, key) for key in ldap_keys]

4
canaille/templates/oidc/admin/authorization_view.html
View file

@ -9,10 +9,10 @@
<div class="ui attached clearing segment"> <div class="ui attached clearing segment">
<ul> <ul>
{% for attr in authorization.may %} {% for attr in authorization.may() %}
<li>{{ attr }}: {{ authorization[attr] }}</li> <li>{{ attr }}: {{ authorization[attr] }}</li>
{% endfor %} {% endfor %}
{% for attr in authorization.must %} {% for attr in authorization.must() %}
<li>{{ attr }}: {{ authorization[attr] }}</li> <li>{{ attr }}: {{ authorization[attr] }}</li>
{% endfor %} {% endfor %}
</ul> </ul>

2
tests/oidc/test_code_admin.py
View file

@ -13,5 +13,5 @@ def test_authorizaton_list(testclient, authorization, logged_admin):
def test_authorizaton_view(testclient, authorization, logged_admin): def test_authorizaton_view(testclient, authorization, logged_admin):
res = testclient.get("/admin/authorization/" + authorization.authorization_code_id) res = testclient.get("/admin/authorization/" + authorization.authorization_code_id)
for attr in authorization.may + authorization.must: for attr in authorization.may() + authorization.must():
assert attr in res.text assert attr in res.text