Skip to content
Snippets Groups Projects
Commit 6a88b405 authored by Jorrit Schaap's avatar Jorrit Schaap
Browse files

Merge branch 'TMSS-445-ldap' into 'master' 

Resolve TMSS-445 "Ldap"

Closes TMSS-445

See merge request !398
parents 32c6d2b5 13f833ab
No related branches found
No related tags found
1 merge request!398Resolve TMSS-445 "Ldap"
Hide whitespace changes
Inline Side-by-side
SAS/TMSS/backend/src/tmss/tmssapp/populate.py
+ 10
10
View file @ 6a88b405
...@@ -602,23 +602,23 @@ def assign_system_permissions(): ...@@ -602,23 +602,23 @@ def assign_system_permissions():
def populate_system_test_users(): def populate_system_test_users():
# TODO: Set proper credentials (passwords at least). # TODO: Set proper credentials (passwords at least).
to_observer_user = User.objects.create(username='to_observer', password='to_observer') to_observer_user, _ = User.objects.get_or_create(username='to_observer', password='to_observer')
to_observer_user.groups.add(Group.objects.get(name='TO observer')) to_observer_user.groups.add(Group.objects.get(name='TO observer'))
sdco_support_user = User.objects.create(username='sdco_support', password='sdco_support') sdco_support_user, _ = User.objects.get_or_create(username='sdco_support', password='sdco_support')
sdco_support_user.groups.add(Group.objects.get(name='SDCO support')) sdco_support_user.groups.add(Group.objects.get(name='SDCO support'))
tmss_maintainer_user = User.objects.create(username='tmss_maintainer', password='tmss_maintainer') tmss_maintainer_user, _ = User.objects.get_or_create(username='tmss_maintainer', password='tmss_maintainer')
tmss_maintainer_user.groups.add(Group.objects.get(name='TMSS Maintainer')) tmss_maintainer_user.groups.add(Group.objects.get(name='TMSS Maintainer'))
tmss_admin_user = User.objects.create(username='tmss_admin', password='tmss_admin') tmss_admin_user, _ = User.objects.get_or_create(username='tmss_admin', password='tmss_admin')
tmss_admin_user.groups.add(Group.objects.get(name='TMSS Admin')) tmss_admin_user.groups.add(Group.objects.get(name='TMSS Admin'))
to_maintenance_user = User.objects.create(username='to_maintenance', password='to_maintenance') to_maintenance_user, _ = User.objects.get_or_create(username='to_maintenance', password='to_maintenance')
to_maintenance_user.groups.add(Group.objects.get(name='TO maintenance')) to_maintenance_user.groups.add(Group.objects.get(name='TO maintenance'))
to_user = User.objects.create(username='to_user', password='to_user') to_user, _ = User.objects.get_or_create(username='to_user', password='to_user')
to_user.groups.add(Group.objects.get(name='TO user')) to_user.groups.add(Group.objects.get(name='TO user'))
scientist_user = User.objects.create(username='scientist', password='scientist') scientist_user, _ = User.objects.get_or_create(username='scientist', password='scientist')
scientist_user.groups.add(Group.objects.get(name='Scientist')) scientist_user.groups.add(Group.objects.get(name='Scientist'))
e_scientist_user = User.objects.create(username='e_scientist', password='e_scientist') e_scientist_user, _ = User.objects.get_or_create(username='e_scientist', password='e_scientist')
e_scientist_user.groups.add(Group.objects.get(name='Scientist (Expert)')) e_scientist_user.groups.add(Group.objects.get(name='Scientist (Expert)'))
guest_user = User.objects.create(username='guest', password='guest') guest_user, _ = User.objects.get_or_create(username='guest', password='guest')
guest_user.groups.add(Group.objects.get(name='Guest')) guest_user.groups.add(Group.objects.get(name='Guest'))
lta_user = User.objects.create(username='lta_user', password='lta_user') lta_user, _ = User.objects.get_or_create(username='lta_user', password='lta_user')
lta_user.groups.add(Group.objects.get(name='LTA User')) lta_user.groups.add(Group.objects.get(name='LTA User'))
SAS/TMSS/backend/src/tmss/tmssapp/viewsets/permissions.py
+ 4
0
View file @ 6a88b405
...@@ -233,6 +233,10 @@ class IsProjectMemberFilterBackend(drf_filters.BaseFilterBackend): ...@@ -233,6 +233,10 @@ class IsProjectMemberFilterBackend(drf_filters.BaseFilterBackend):
if view.action != 'list': if view.action != 'list':
return queryset return queryset
# if a system role allows general access to the model, do not filter
if TMSSDjangoModelPermissions().has_permission(request, view):
return queryset
# we don't filer for superuser (e.g. in test environment, where a regular user is created to test filtering specifically) # we don't filer for superuser (e.g. in test environment, where a regular user is created to test filtering specifically)
if request.user.is_superuser: if request.user.is_superuser:
logger.info("IsProjectMemberFilterBackend: User=%s is superuser. Not enforcing project permissions!" % request.user) logger.info("IsProjectMemberFilterBackend: User=%s is superuser. Not enforcing project permissions!" % request.user)
......
SAS/TMSS/backend/test/ldap_test_service.py
+ 80
0
View file @ 6a88b405
...@@ -105,6 +105,86 @@ class TestLDAPServer(): ...@@ -105,6 +105,86 @@ class TestLDAPServer():
'mail': '%s@lofar.test' % self.dbcreds.user, 'mail': '%s@lofar.test' % self.dbcreds.user,
'givenName': self.dbcreds.user, 'givenName': self.dbcreds.user,
'sn': 'lofar_test'}}, 'sn': 'lofar_test'}},
{'objectclass': 'lofarPerson',
'dn': 'cn=to_observer,ou=users,o=lofar,c=eu',
'attributes': {'cn': 'to_observer',
'userPassword': 'to_observer',
'mail': 'to_observer@astron.nl',
'givenName': 'to_observer',
'sn': 'to_observer',
'lofarPersonSystemrole': 'cn=support,ou=Roles,o=lofar,c=eu'}},
{'objectclass': 'lofarPerson',
'dn': 'cn=sdco_support,ou=users,o=lofar,c=eu',
'attributes': {'cn': 'sdco_support',
'userPassword': 'sdco_support',
'mail': 'sdco_support@astron.nl',
'givenName': 'sdco_support',
'sn': 'sdco_support',
'lofarPersonSystemrole': 'cn=support,ou=Roles,o=lofar,c=eu'}},
{'objectclass': 'lofarPerson',
'dn': 'cn=tmss_maintainer,ou=users,o=lofar,c=eu',
'attributes': {'cn': 'tmss_maintainer',
'userPassword': 'tmss_maintainer',
'mail': 'tmss_maintainer@astron.nl',
'givenName': 'tmss_maintainer',
'sn': 'tmss_maintainer',
'lofarPersonSystemrole': 'cn=support,ou=Roles,o=lofar,c=eu'}},
{'objectclass': 'lofarPerson',
'dn': 'cn=tmss_admin,ou=users,o=lofar,c=eu',
'attributes': {'cn': 'tmss_admin',
'userPassword': 'tmss_admin',
'mail': 'tmss_admin@astron.nl',
'givenName': 'tmss_admin',
'sn': 'tmss_admin',
'lofarPersonSystemrole': 'cn=support,ou=Roles,o=lofar,c=eu'}},
{'objectclass': 'lofarPerson',
'dn': 'cn=to_maintenance,ou=users,o=lofar,c=eu',
'attributes': {'cn': 'to_maintenance',
'userPassword': 'to_maintenance',
'mail': 'to_maintenance@astron.nl',
'givenName': 'to_maintenance',
'sn': 'to_maintenance',
'lofarPersonSystemrole': 'cn=support,ou=Roles,o=lofar,c=eu'}},
{'objectclass': 'lofarPerson',
'dn': 'cn=to_user,ou=users,o=lofar,c=eu',
'attributes': {'cn': 'to_user',
'userPassword': 'to_user',
'mail': 'to_user@astron.nl',
'givenName': 'to_user',
'sn': 'to_user',
'lofarPersonSystemrole': 'cn=support,ou=Roles,o=lofar,c=eu'}},
{'objectclass': 'lofarPerson',
'dn': 'cn=scientist,ou=users,o=lofar,c=eu',
'attributes': {'cn': 'scientist',
'userPassword': 'scientist',
'mail': 'scientist@astron.nl',
'givenName': 'scientist',
'sn': 'scientist',
'lofarPersonSystemrole': 'cn=support,ou=Roles,o=lofar,c=eu'}},
{'objectclass': 'lofarPerson',
'dn': 'cn=e_scientist,ou=users,o=lofar,c=eu',
'attributes': {'cn': 'e_scientist',
'userPassword': 'e_scientist',
'mail': 'e_scientist@astron.nl',
'givenName': 'e_scientist',
'sn': 'e_scientist',
'lofarPersonSystemrole': 'cn=support,ou=Roles,o=lofar,c=eu'}},
{'objectclass': 'lofarPerson',
'dn': 'cn=guest,ou=users,o=lofar,c=eu',
'attributes': {'cn': 'guest',
'userPassword': 'guest',
'mail': 'guest@astron.nl',
'givenName': 'guest',
'sn': 'guest',
'lofarPersonSystemrole': 'cn=support,ou=Roles,o=lofar,c=eu'}},
{'objectclass': 'lofarPerson',
'dn': 'cn=lta_user,ou=users,o=lofar,c=eu',
'attributes': {'cn': 'lta_user',
'userPassword': 'lta_user',
'mail': 'lta_user@astron.nl',
'givenName': 'lta_user',
'sn': 'lta_user',
'lofarPersonSystemrole': 'cn=support,ou=Roles,o=lofar,c=eu'}},
{'objectclass': 'organizationUnit', {'objectclass': 'organizationUnit',
'dn': 'ou=Roles,o=lofar,c=eu', 'dn': 'ou=Roles,o=lofar,c=eu',
'attributes': {'ou': 'Roles'}}, 'attributes': {'ou': 'Roles'}},
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment