mirror of
https://github.com/cwinfo/powerdns-admin.git
synced 2024-11-08 22:50:26 +00:00
Emit audit history when SAML assertions promote or demote a user.
This commit is contained in:
parent
17a61d04b5
commit
765351c5e9
12
app/views.py
12
app/views.py
@ -253,10 +253,18 @@ def saml_authorized():
|
||||
if admin_attribute_name:
|
||||
if 'true' in session['samlUserdata'].get(admin_attribute_name, []):
|
||||
logging.debug("User is an admin")
|
||||
user.role_id = Role.query.filter_by(name='Administrator').first().id
|
||||
admin_role = Role.query.filter_by(name='Administrator').first().id
|
||||
if user.role_id != admin_role:
|
||||
user.role_id = admin_role
|
||||
history = History(msg='Promoting {0} to administrator'.format(user.username), created_by='SAML Assertion')
|
||||
history.add()
|
||||
else:
|
||||
logging.debug("User is NOT an admin")
|
||||
user.role_id = Role.query.filter_by(name='User').first().id
|
||||
user_role = Role.query.filter_by(name='User').first().id
|
||||
if user.role_id != user_role:
|
||||
user.role_id = user_role
|
||||
history = History(msg='Demoting {0} to user'.format(user.username), created_by='SAML Assertion')
|
||||
history.add()
|
||||
user.plain_text_password = None
|
||||
user.update_profile()
|
||||
session['external_auth'] = True
|
||||
|
Loading…
Reference in New Issue
Block a user