fix roles assigned in the ui for sso (#1017)
This commit fixes the ability to assign roles to people in the ui when the user is SSO. The idea is if a role is ever assigned via SSO it becomes a "SSO Role" or a "Third Party" Role. by setting third_party to true on the role object. Once a role is marked as third party it can no longer be controlled through the ui for SSO Users. (for ui users this poses no functional change). It must be controlled via SSO.
This commit is contained in:
Eric
kevgliss
@@ -10,7 +10,7 @@
|
||||
|
||||
"""
|
||||
from sqlalchemy.orm import relationship
|
||||
from sqlalchemy import Column, Integer, String, Text, ForeignKey
|
||||
from sqlalchemy import Boolean, Column, Integer, String, Text, ForeignKey
|
||||
|
||||
from lemur.database import db
|
||||
from lemur.utils import Vault
|
||||
@@ -27,6 +27,7 @@ class Role(db.Model):
|
||||
authority_id = Column(Integer, ForeignKey('authorities.id'))
|
||||
authorities = relationship("Authority", secondary=roles_authorities, passive_deletes=True, backref="role", cascade='all,delete')
|
||||
user_id = Column(Integer, ForeignKey('users.id'))
|
||||
third_party = Column(Boolean)
|
||||
users = relationship("User", secondary=roles_users, passive_deletes=True, backref="role")
|
||||
certificates = relationship("Certificate", secondary=roles_certificates, backref="role")
|
||||
|
||||
|
||||
@@ -26,6 +26,7 @@ class RoleOutputSchema(LemurOutputSchema):
|
||||
id = fields.Integer()
|
||||
name = fields.String()
|
||||
description = fields.String()
|
||||
third_party = fields.Boolean()
|
||||
authorities = fields.Nested(AuthorityNestedOutputSchema, many=True)
|
||||
users = fields.Nested(UserNestedOutputSchema, many=True)
|
||||
|
||||
|
||||
@@ -32,7 +32,22 @@ def update(role_id, name, description, users):
|
||||
return role
|
||||
|
||||
|
||||
def create(name, password=None, description=None, username=None, users=None):
|
||||
def set_third_party(role_id, third_party_status=False):
|
||||
"""
|
||||
Sets a role to be a third party role. A user should pretty much never
|
||||
call this directly.
|
||||
|
||||
:param role_id:
|
||||
:param third_party_status:
|
||||
:return:
|
||||
"""
|
||||
role = get(role_id)
|
||||
role.third_party = third_party_status
|
||||
database.update(role)
|
||||
return role
|
||||
|
||||
|
||||
def create(name, password=None, description=None, username=None, users=None, third_party=False):
|
||||
"""
|
||||
Create a new role
|
||||
|
||||
@@ -43,7 +58,7 @@ def create(name, password=None, description=None, username=None, users=None):
|
||||
:param password:
|
||||
:return:
|
||||
"""
|
||||
role = Role(name=name, description=description, username=username, password=password)
|
||||
role = Role(name=name, description=description, username=username, password=password, third_party=third_party)
|
||||
|
||||
if users:
|
||||
role.users = users
|
||||
|
||||
Reference in New Issue
Block a user