deblan/PowerDNS-Admin
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

SAML Provisioning update

Browse source
This commit is contained in:
KostasMparmparousis 2021-12-21 15:38:06 +02:00
parent c3c2dca293
commit 5fc3412058
1 changed files with 15 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
powerdnsadmin/models/user.py
View file

@ -605,7 +605,7 @@ class User(db.Model):
return False return False
def set_role(self, role_name): def set_role(self, role_name):
role = Role.query.filter(Role.name == role_name).first() role = Role.query.filter(Role.name == role_name.capitalize()).first()
if role: if role:
user = User.query.filter(User.username == self.username).first() user = User.query.filter(User.username == self.username).first()
user.role_id = role.id user.role_id = role.id
@ -676,12 +676,12 @@ class User(db.Model):
entitlements= getCorrectEntitlements(Entitlements, urn_value) entitlements= getCorrectEntitlements(Entitlements, urn_value)
if len(entitlements)!=0: if len(entitlements)!=0:
self.revoke_privilege(True) self.revoke_privilege(True)
role="user"
for entitlement in entitlements: for entitlement in entitlements:
arguments=entitlement.split(':') arguments=entitlement.split(':')
entArgs=arguments[arguments.index('powerdns-admin')+1:] entArgs=arguments[arguments.index('powerdns-admin')+1:]
role= entArgs[0] role= self.get_role(role,entArgs[0].lower())
self.set_role(role) if (role=="user") and len(entArgs)>1:
if (role=="User") and len(entArgs)>1:
current_domains=getUserInfo(self.get_user_domains()) current_domains=getUserInfo(self.get_user_domains())
current_accounts=getUserInfo(self.get_accounts()) current_accounts=getUserInfo(self.get_accounts())
domain=entArgs[1] domain=entArgs[1]
@ -689,6 +689,14 @@ class User(db.Model):
if len(entArgs)>2: if len(entArgs)>2:
account=entArgs[2] account=entArgs[2]
self.addMissingAccount(account, current_accounts) self.addMissingAccount(account, current_accounts)
self.set_role(role)
def get_role(self, previousRole, newRole):
dict = { "user": 1, "operator" : 2, "administrator" : 3}
if (dict[newRole] > dict[previousRole]):
return newRole
else:
return previousRole
def addMissingDomain(self, autoprovision_domain, current_domains): def addMissingDomain(self, autoprovision_domain, current_domains):
""" """
@ -741,7 +749,7 @@ def getCorrectEntitlements(Entitlements, urn_value):
continue continue
entArgs=arguments[arguments.index('powerdns-admin')+1:] entArgs=arguments[arguments.index('powerdns-admin')+1:]
role=entArgs[0] role=entArgs[0].lower()
roles= Role.query.all() roles= Role.query.all()
role_names=get_role_names(roles) role_names=get_role_names(roles)
@ -751,7 +759,7 @@ def getCorrectEntitlements(Entitlements, urn_value):
continue continue
if len(entArgs)>1: if len(entArgs)>1:
if (role!="User"): if (role!="user"):
e="Too many arguments for Admin or Operator" e="Too many arguments for Admin or Operator"
current_app.logger.warning("Cannot apply autoprovisioning on user: {}".format(e)) current_app.logger.warning("Cannot apply autoprovisioning on user: {}".format(e))
continue continue
@ -796,7 +804,7 @@ def get_role_names(roles):
""" """
roles_list=[] roles_list=[]
for role in roles: for role in roles:
roles_list.append(role.name) roles_list.append(role.name.lower())
return roles_list return roles_list
def getUserInfo(DomainsOrAccounts): def getUserInfo(DomainsOrAccounts):