Shibboleth integration #3
Conversation
| @@ -51,6 +51,9 @@ def user_list(request): | |||
| return render(request, 'administration/user_list.html', locals()) | |||
|
|
|||
| def user_edit(request, id): | |||
| if not request.user.is_superuser: | |||
There was a problem hiding this comment.
Shibboleth users shouldn't be editable. I left in the ability for superusers to do this but perhaps this should be removed entirely. Or thinking more around Shibboleth being an optional component, making this conditional on whether it's enabled?
| @@ -69,6 +72,9 @@ def user_edit(request, id): | |||
| return render(request, 'administration/user_form.html', locals()) | |||
|
|
|||
| def user_create(request): | |||
| if not request.user.is_superuser: | |||
There was a problem hiding this comment.
comment for user_edit also applies here.
| @@ -78,6 +84,17 @@ def user_create(request): | |||
| return render(request, 'administration/user_form.html', locals()) | |||
|
|
|||
|
|
|||
| def user_detail(request, id): | |||
There was a problem hiding this comment.
This just summarises the user rather than allows editing. Only visible for themselves or superuser (since it shows API key)
| ) | ||
|
|
||
|
|
||
| class CustomShibbolethRemoteUserMiddleware(ShibbolethRemoteUserMiddleware): |
There was a problem hiding this comment.
This is the same as the Dashboard one. Maybe it can be common code, since the differences (for now at least) are all in config. Is there somewhere shared between the two repos that this could live?
| @@ -163,6 +165,7 @@ def get_env_variable(var_name): | |||
| 'django.template.context_processors.tz', | |||
| 'django.template.context_processors.request', | |||
| 'django.contrib.messages.context_processors.messages', | |||
| 'shibboleth.context_processors.logout_link', | |||
There was a problem hiding this comment.
as with dashboard, not working yet.
| @@ -52,7 +52,7 @@ | |||
| <li><a href="{% url 'package_list' %}">{% trans "Packages" %}</a></li> | |||
| <li><a href="{% url 'settings_edit' %}">{% trans "Administration" %}</a></li> | |||
| {% if user.is_authenticated %} | |||
| <li><a href="{% url 'logout' %}">{% trans "Log out" %}</a></li> | |||
| <li><a href="{{ logout_link }}">{% trans "Log out" %}</a></li> | |||
|
I've rebased the |
* Auto creates user based on info received in configured X-Shib headers * Auto logs in existing user if matches X-Shib-User header Limitations: * Usernames still limited to 30 characters * Does not hook into login/logout URLs yet
* Replace existing login with Shibboleth * Insert "logged out" message page after logout to prevent bouncing straight back to login.
* Regular users get a read-only view of themselves (so they can see their details and API key) * Regular users cannot change password * Admins can still do this for any user
Lets Django app know whether we're behind an SSL connection.
This is similar to JiscSD/archivematica#5 and many of the comments there apply here too.