moschlar/rlpshibbolethhook.py

## rlpshibbolethhook.py
# -*- coding: utf-8 -*-
'''

Attributes need to be declared in SHIBBOLETH_ATTRIBUTE_MAP:

    SHIBBOLETH_ATTRIBUTE_MAP = {
        ...
        "affiliation": (False, "affiliation"),
        "groups": (False, "groups"),
    }
'''

import logging
from seaserv import ccnet_api
from pysearpc import SearpcError

from shibboleth.middleware import ShibbolethRemoteUserMiddleware


class RLPShibbolethRemoteUserMiddleware(ShibbolethRemoteUserMiddleware):

    def make_profile(self, user, shib_meta):
        # Call method from parent class to let it do its thing
        super(ShibbolethRemoteUserMiddleware, self).make_profile(self, user, shib_meta)

        email = user.email

        # Handle role associations
        # cf. seahub.views.sysadmin
        shib_affiliation = shib_meta.get('affiliation', None)
        if shib_affiliation:
            # shib_affiliations = shib_affiliation.split(';')
            role = None
            if 'faculty@' in shib_affiliation:
                role = 'employee'
            if 'staff@' in shib_affiliation:
                role = 'employee'
            if 'employee@' in shib_affiliation:
                role = 'employee'
            if role:
                user = User.objects.get(email)
                User.objects.update_role(user.email, role)

        # Handle group associations
        # cf. seahub.api2.endpoints.search_group
        # cf. seahub.api2.endpoints.group_members
        shib_groups = shib_meta.get('groups', None)
        if shib_groups:
            groups = {}
            for g in ccnet_api.get_all_groups(-1, -1):
                if g.group_name:
                    groups[g.group_name] = g.group_id

            for g in shib_groups.split(';'):
                if g in groups:
                    group_id = groups[g]
                    if not seafserv.is_group_user(group_id, email):
                        try:
                            # TODO: Need a valid staff user instead of None here...
                            ccnet_api.group_add_member(group_id, None, email)
                        except SearpcError as e:
                            logger.error(e)
	# -- coding: utf-8 --
	'''

	Attributes need to be declared in SHIBBOLETH_ATTRIBUTE_MAP:

	SHIBBOLETH_ATTRIBUTE_MAP = {
	...
	"affiliation": (False, "affiliation"),
	"groups": (False, "groups"),
	}
	'''

	import logging
	from seaserv import ccnet_api
	from pysearpc import SearpcError

	from shibboleth.middleware import ShibbolethRemoteUserMiddleware


	class RLPShibbolethRemoteUserMiddleware(ShibbolethRemoteUserMiddleware):

	def make_profile(self, user, shib_meta):
	# Call method from parent class to let it do its thing
	super(ShibbolethRemoteUserMiddleware, self).make_profile(self, user, shib_meta)

	email = user.email

	# Handle role associations
	# cf. seahub.views.sysadmin
	shib_affiliation = shib_meta.get('affiliation', None)
	if shib_affiliation:
	# shib_affiliations = shib_affiliation.split(';')
	role = None
	if 'faculty@' in shib_affiliation:
	role = 'employee'
	if 'staff@' in shib_affiliation:
	role = 'employee'
	if 'employee@' in shib_affiliation:
	role = 'employee'
	if role:
	user = User.objects.get(email)
	User.objects.update_role(user.email, role)

	# Handle group associations
	# cf. seahub.api2.endpoints.search_group
	# cf. seahub.api2.endpoints.group_members
	shib_groups = shib_meta.get('groups', None)
	if shib_groups:
	groups = {}
	for g in ccnet_api.get_all_groups(-1, -1):
	if g.group_name:
	groups[g.group_name] = g.group_id

	for g in shib_groups.split(';'):
	if g in groups:
	group_id = groups[g]
	if not seafserv.is_group_user(group_id, email):
	try:
	# TODO: Need a valid staff user instead of None here...
	ccnet_api.group_add_member(group_id, None, email)
	except SearpcError as e:
	logger.error(e)