Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Automatic permissions from AD groups #1464

Open
wants to merge 9 commits into
base: main
Choose a base branch
from

Conversation

matti-lamppu
Copy link
Collaborator

@matti-lamppu matti-lamppu commented Dec 11, 2024

🛠️ Changelog

  • Add a new field to UnitRole for tracking if the unit role was given from an AD group
  • Add a new field to Unit that determines if the above roles are allowed for that unit
  • Add a login pipeline step to update these roles when the user logs in
  • Add setting FAKE_SUPERUSER_AD_GROUPS for faking superuser AD groups for testing purposes

AD group convention: <prefix>__varaamo__<roles>__<tprek_id>

  • <prefix>: can be anything
  • <roles>: roles separated by double underscore
    • i.e. single: viewer or multiple: reserver__handler
    • Only viewer, reserver, and handler are allowed - others or unknown values will be skipped.
  • <tprek_id>: tprek_id for the unit this role is for
    • Unit must allow ad group roles or no role will be given
  • AD group case doesn't matter

🧪 Test plan

  • Automated tests

🚧 Dependencies

  • None

🎫 Tickets

@matti-lamppu matti-lamppu added the feature Adds a new feature label Dec 11, 2024
@matti-lamppu matti-lamppu self-assigned this Dec 11, 2024
@matti-lamppu matti-lamppu marked this pull request as ready for review December 11, 2024 14:15
@matti-lamppu matti-lamppu changed the title Automatic permissions from aAD groups Automatic permissions from AD groups Dec 11, 2024
ranta
ranta previously approved these changes Dec 11, 2024
Copy link
Collaborator

@ranta ranta left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good stuff 🚀

tilavarauspalvelu/models/unit_role/model.py Outdated Show resolved Hide resolved
Copy link

@vergama vergama left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just one small typofix

@matti-lamppu matti-lamppu force-pushed the automatic-permissions-from-ad-groups branch 2 times, most recently from 2adebc9 to f01f041 Compare December 16, 2024 12:29
@matti-lamppu matti-lamppu force-pushed the automatic-permissions-from-ad-groups branch from f01f041 to c60de81 Compare December 17, 2024 07:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
feature Adds a new feature
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants