Add support for group in django permissions

Author: Josue-T

conf/local.py.j2

@@ -2,6 +2,7 @@
 from __future__ import unicode_literals
 import os
 from .settings_base import *
+from .django_ldap_extension import *
 
 DEBUG = TEMPLATE_DEBUG = False
 
@@ -43,9 +44,9 @@ EMAIL_HOST = '{{ domain }}'
 EMAIL_HOST_USER = '{{ app }}@{{ domain }}'
 EMAIL_HOST_PASSWORD = '{{ mail_pwd }}'
 
-# Tous acces
+# LDAP authentication and group management
 import ldap
-from django_auth_ldap.config import LDAPSearch, MemberDNGroupType
+from django_auth_ldap.config import LDAPSearch, LDAPSearchUnion, MemberDNGroupType, LDAPGroupType
 AUTHENTICATION_BACKENDS = (
     'django_auth_ldap.backend.LDAPBackend',
     'django.contrib.auth.backends.ModelBackend',
@@ -63,13 +64,20 @@ AUTH_LDAP_USER_FLAGS_BY_GROUP = {
     "is_staff": "cn={{ app }}.staff,ou=permission,dc=yunohost,dc=org",
     "is_superuser": "cn={{ app }}.superadmin,ou=permission,dc=yunohost,dc=org"
 }
-AUTH_LDAP_GROUP_SEARCH = LDAPSearch("ou=permission,dc=yunohost,dc=org", ldap.SCOPE_SUBTREE)
-AUTH_LDAP_GROUP_TYPE = MemberDNGroupType("inheritPermission", "permissionYnh")
+AUTH_LDAP_GROUP_SEARCH = LDAPSearchUnion(
+    LDAPSearch("ou=permission,dc=yunohost,dc=org", ldap.SCOPE_SUBTREE, filterstr=u'(cn=coin.*)'),
+    LDAPSearch("ou=groups,dc=yunohost,dc=org", ldap.SCOPE_SUBTREE)
+)
+AUTH_LDAP_GROUP_TYPE = MemberDNGroupTypeUnion(
+    MemberDNGroupType("inheritPermission"), # permissionYnh
+    MemberDNGroupType("member")) # groupOfNamesYnh
 AUTH_LDAP_ALWAYS_UPDATE_USER = True
 AUTH_LDAP_AUTHORIZE_ALL_USERS = False
 AUTH_LDAP_FIND_GROUP_PERMS = True
 AUTH_LDAP_CACHE_GROUPS = True
 AUTH_LDAP_GROUP_CACHE_TIMEOUT = 1000
+# Link Yunohost group with django permission group
+AUTH_LDAP_MIRROR_GROUPS_EXCEPT = ("{{ app }}.main", "{{ app }}.staff", "{{ app }}.superadmin")
 # import logging
 # logger = logging.getLogger('django_auth_ldap')
 # logger.addHandler(logging.StreamHandler())

scripts/install

@@ -12,6 +12,7 @@ ynh_app_setting_set --app=$app --key=secret --value=$secret
 ynh_script_progression --message="Setting up source files..."
 
 ynh_setup_source --dest_dir="$install_dir"
+cp ../sources/django_ldap_extension.py "$install_dir"/coin/
 
 chmod 750 "$install_dir"
 chmod -R o-rwx "$install_dir"

scripts/upgrade

@@ -24,6 +24,7 @@ then
 
 	# Download, check integrity, uncompress and patch the source from app.src
 	ynh_setup_source --dest_dir="$install_dir" --full_replace=1 --keep=coin/settings_local.py
+	cp ../sources/django_ldap_extension.py "$install_dir"/coin/
 fi
 
 

sources/django_ldap_extension.py

@@ -0,0 +1,19 @@
+from django_auth_ldap.config import LDAPGroupType
+
+class MemberDNGroupTypeUnion(LDAPGroupType):
+
+    def __init__(self, *types, name_attr='cn'):
+        self.types = types
+        super(MemberDNGroupTypeUnion, self).__init__(name_attr)
+
+    def user_groups(self, ldap_user, group_search):
+        res = dict()
+        for t in self.types:
+            res.update(t.user_groups(ldap_user, group_search))
+        return res.items()
+
+    def is_member(self, ldap_user, group_dn):
+        for t in self.types:
+            if t.is_member(ldap_user, group_dn):
+                return True
+        return False