Add newly created users after a LDAP authentication to group Analysts#247
Merged
whikernel merged 2 commits intoMay 24, 2023
Merged
Conversation
…ation, it is also added to the 'Analysts' group
Contributor
|
Hi @c8y3 Thanks for the PR! Indeed, this change might be a little too specific. Something we'd like to add is the ability to map a LDAP group to an IRIS group. That would be more flexible. What do you think? |
…roup into which newly created users are added
Contributor
Author
|
Yes, indeed that's right. |
whikernel
approved these changes
May 24, 2023
whikernel
left a comment
whikernel
left a comment
Contributor
There was a problem hiding this comment.
It is indeed! Thanks :)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
When IRIS_AUTHENTICATION_CREATE_USER_IF_NOT_EXIST is true and the authentication type is ldap, then users that do not yet exist in the IRIS database are automatically created during their first login.
This is a proposition to also add these newly created users into the group Analysts. Otherwise, they can't do much with the tool.
This suits best to our current use-case. However, there are probably alternatives. For instance, the default permissions/groups could be configurable, or maybe extracted from the ldap...
Note: in order to avoid code duplication, I introduced method
ac_get_group_analystsinapp.iris_engine.access_control.utils(it's called from both thepost_initandldap_handler). However, I hesitated about where to put this method: it may equally well find itself inapp.datamgmt.manage.manage_groups_db, or yet some other place...