added code to raise user to operator on SAML auth if in the right group

2024-11-08 14:40:27 +00:00 · 2022-05-23 14:38:16 +10:00 · 2022-05-23 14:38:16 +10:00 · 715c6b76cd
commit 715c6b76cd
parent 83ed5cfb28
1 changed files with 12 additions and 0 deletions
--- a/powerdnsadmin/routes/index.py
+++ b/powerdnsadmin/routes/index.py
@ -1008,6 +1008,8 @@ def saml_authorized():
                                                      None)
        admin_group_name = current_app.config.get('SAML_GROUP_ADMIN_NAME',
                                                  None)
+        operator_group_name = current_app.config.get('SAML_GROUP_OPERATOR_NAME',
+                                                  None)
        group_to_account_mapping = create_group_to_account_mapping()

        if email_attribute_name in session['samlUserdata']:
@ -1061,6 +1063,8 @@ def saml_authorized():
            uplift_to_admin(user)
        elif admin_group_name in user_groups:
            uplift_to_admin(user)
+        elif operator_group_name in user_groups:
+            uplift_to_operator(user)
        elif admin_attribute_name or group_attribute_name:
            if user.role.name != 'User':
                user.role_id = Role.query.filter_by(name='User').first().id
@ -1117,6 +1121,14 @@ def uplift_to_admin(user):
                          created_by='SAML Assertion')
        history.add()

+def uplift_to_operator(user):
+    if user.role.name != 'Operator':
+        user.role_id = Role.query.filter_by(name='Operator').first().id
+        history = History(msg='Promoting {0} to operator'.format(
+            user.username),
+                          created_by='SAML Assertion')
+        history.add()
+

@index_bp.route('/saml/sls')
 def saml_logout():