diff --git a/admin/migrations/0003_create_group_technicians.py b/admin/migrations/0003_create_group_technicians.py new file mode 100644 index 0000000..d5b1cae --- /dev/null +++ b/admin/migrations/0003_create_group_technicians.py @@ -0,0 +1,15 @@ +from django.db import models, migrations + +def apply_migration(apps, schema_editor): + Group = apps.get_model('auth', 'Group') + Group.objects.create(name='Technicians') + +class Migration(migrations.Migration): + + dependencies = [ + ('admin', '0002_auto_20200609_0830'), + ] + + operations = [ + migrations.RunPython(apply_migration) + ] diff --git a/webvirtcloud/ldapbackend.py b/webvirtcloud/ldapbackend.py index c81707c..7af45f8 100644 --- a/webvirtcloud/ldapbackend.py +++ b/webvirtcloud/ldapbackend.py @@ -1,5 +1,5 @@ from django.contrib.auth.backends import ModelBackend -from django.contrib.auth.models import User +from django.contrib.auth.models import User, Group from django.conf import settings from accounts.models import UserAttributes, UserInstance, UserSSHKey from django.contrib.auth.models import Permission @@ -44,21 +44,36 @@ try: # Get the user information from the LDAP if he can be authenticated isAdmin = False isStaff = False + isTechnician = False if self.get_LDAP_user(username, password, settings.LDAP_SEARCH_GROUP_FILTER_ADMINS) is None: - if self.get_LDAP_user(username, password, settings.LDAP_SEARCH_GROUP_FILTER_STAFF) is None: - if self.get_LDAP_user(username, password, settings.LDAP_SEARCH_GROUP_FILTER_USERS) is None: - print("User does not belong to any search group. Check LDAP_SEARCH_GROUP_FILTER in settings.") - return None - else: - isStaff = True + if self.get_LDAP_user(username, password, settings.LDAP_SEARCH_GROUP_FILTER_STAFF) is None: + if self.get_LDAP_user(username, password, settings.LDAP_SEARCH_GROUP_FILTER_TECHNICIANS) is None: + if self.get_LDAP_user(username, password, settings.LDAP_SEARCH_GROUP_FILTER_USERS) is None: + print("User does not belong to any search group. Check LDAP_SEARCH_GROUP_FILTER in settings.") + return None + else: + isTechnician = True + else: + isStaff = True else: - isAdmin = True - isStaff = True + isAdmin = True + isStaff = True + + techniciansGroup = Group.objects.get(name='Technicians') try: user = User.objects.get(username=username) attributes = UserAttributes.objects.get(user=user) + user.is_staff = isStaff + user.is_superuser = isAdmin + if isTechnician is False and user.groups.filter(name='Technicians').exists(): + user.groups.remove(techniciansGroup) + elif isTechnician is True and user.groups.filter(name='Technicians').exists() is False: + user.groups.add(techniciansGroup) + else: + print("The user is already in the Technicians group") + user.save() # TODO VERIFY except User.DoesNotExist: print("authenticate-create new user: {}".format(username)) @@ -68,6 +83,8 @@ try: user.is_superuser = isAdmin user.set_password(uuid.uuid4().hex) user.save() + if isTechnician is True: + user.groups.add(techniciansGroup) maxInstances = 1 maxCpus = 1 maxMemory = 128 diff --git a/webvirtcloud/settings.py.template b/webvirtcloud/settings.py.template index 75b6131..b16bd5e 100644 --- a/webvirtcloud/settings.py.template +++ b/webvirtcloud/settings.py.template @@ -269,10 +269,12 @@ LDAP_ROOT_DN = '' ## Queries to identify the users, i use groupOfUniqueNames on openldap ### PLEASE BE SURE memberOf overlay is activated on slapd -## e.g. memberOf=cn=admins,cn=staff,cn=webvirtcloud,ou=groups,dc=kendar,dc=org +## e.g. memberOf=cn=admins,cn=staff,cn=technicians,cn=webvirtcloud,ou=groups,dc=kendar,dc=org LDAP_SEARCH_GROUP_FILTER_ADMINS = '' -## e.g. memberOf=cn=staff,cn=webvirtcloud,ou=groups,dc=kendar,dc=org +## e.g. memberOf=cn=staff,cn=technicians,cn=webvirtcloud,ou=groups,dc=kendar,dc=org LDAP_SEARCH_GROUP_FILTER_STAFF = '' +## e.g. memberOf=cn=technicians,cn=webvirtcloud,ou=groups,dc=kendar,dc=org +LDAP_SEARCH_GROUP_FILTER_TECHNICIANS = '' ## e.g. memberOf=cn=webvirtcloud,ou=groups,dc=kendar,dc=org LDAP_SEARCH_GROUP_FILTER_USERS = ''