cwinfo/powerdns-admin
5
0
Fork 0
mirror of https://github.com/cwinfo/powerdns-admin.git synced 2024-11-09 15:10:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1205 from joshsol1/master

Browse Source 
Modification to SAML groups and group management
This commit is contained in:
Vasileios Markopoulos 2022-06-18 13:39:01 +03:00 committed by GitHub
commit 83d2f3c791
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 20 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
configs/development.py
View File

@ -113,6 +113,14 @@ SAML_ENABLED = False
# ### the user is set as a non-administrator user. # ### the user is set as a non-administrator user.
# #SAML_ATTRIBUTE_ADMIN = 'https://example.edu/pdns-admin' # #SAML_ATTRIBUTE_ADMIN = 'https://example.edu/pdns-admin'
## Attribute to get admin status for groups with the IdP
# ### Default: Don't set administrator group with SAML attributes
#SAML_GROUP_ADMIN_NAME = 'GroupName'
## Attribute to get operator status for groups with the IdP
# ### Default: Don't set operator group with SAML attributes
#SAML_GROUP_OPERATOR_NAME = 'GroupName'
# ## Attribute to get account names from # ## Attribute to get account names from
# ### Default: Don't control accounts with SAML attribute # ### Default: Don't control accounts with SAML attribute
# ### If set, the user will be added and removed from accounts to match # ### If set, the user will be added and removed from accounts to match

12
powerdnsadmin/routes/index.py
View File

@ -1008,6 +1008,8 @@ def saml_authorized():
None) None)
admin_group_name = current_app.config.get('SAML_GROUP_ADMIN_NAME', admin_group_name = current_app.config.get('SAML_GROUP_ADMIN_NAME',
None) None)
operator_group_name = current_app.config.get('SAML_GROUP_OPERATOR_NAME',
None)
group_to_account_mapping = create_group_to_account_mapping() group_to_account_mapping = create_group_to_account_mapping()
if email_attribute_name in session['samlUserdata']: if email_attribute_name in session['samlUserdata']:
@ -1061,6 +1063,8 @@ def saml_authorized():
uplift_to_admin(user) uplift_to_admin(user)
elif admin_group_name in user_groups: elif admin_group_name in user_groups:
uplift_to_admin(user) uplift_to_admin(user)
elif operator_group_name in user_groups:
uplift_to_operator(user)
elif admin_attribute_name or group_attribute_name: elif admin_attribute_name or group_attribute_name:
if user.role.name != 'User': if user.role.name != 'User':
user.role_id = Role.query.filter_by(name='User').first().id user.role_id = Role.query.filter_by(name='User').first().id
@ -1117,6 +1121,14 @@ def uplift_to_admin(user):
created_by='SAML Assertion') created_by='SAML Assertion')
history.add() history.add()
def uplift_to_operator(user):
if user.role.name != 'Operator':
user.role_id = Role.query.filter_by(name='Operator').first().id
history = History(msg='Promoting {0} to operator'.format(
user.username),
created_by='SAML Assertion')
history.add()
@index_bp.route('/saml/sls') @index_bp.route('/saml/sls')
def saml_logout(): def saml_logout():