Skip to content
This repository has been archived by the owner on Oct 5, 2023. It is now read-only.

Commit

Permalink
update permissions mappings to be optional
Browse files Browse the repository at this point in the history
  • Loading branch information
Ryan Sonnek committed Jul 14, 2011
1 parent e03d04f commit af3a9a6
Show file tree
Hide file tree
Showing 3 changed files with 81 additions and 4 deletions.
11 changes: 7 additions & 4 deletions lib/socialcast/cli.rb
View file
Expand Up @@ -149,13 +149,16 @@ def provision
end

memberships = entry[membership_attribute]
if memberships.include?(permission_mappings['account_types']['external'])
external_ldap_group = permission_mappings.fetch('account_types', {})['external']
if external_ldap_group && memberships.include?(external_ldap_group)
user.tag! 'account-type', 'external'
else
user.tag! 'account-type', 'member'
user.tag! 'roles', :type => 'array' do |roles|
permission_mappings['roles'].each_pair do |socialcast_role, ldap_role|
roles.role socialcast_role if entry[membership_attribute].include?(ldap_role)
if permission_roles_mappings = permission_mappings['roles']
user.tag! 'roles', :type => 'array' do |roles|
permission_roles_mappings.each_pair do |socialcast_role, ldap_group|
roles.role socialcast_role if entry[membership_attribute].include?(ldap_group)
end
end
end
end
Expand Down
21 changes: 21 additions & 0 deletions spec/cli_spec.rb
View file
Expand Up @@ -2,6 +2,27 @@

describe Socialcast::CLI do
describe '#provision' do
context 'with ldap.yml configuration excluding permission_mappings' do
before do
@entry = Net::LDAP::Entry.new("dc=example,dc=com")
@entry[:mail] = 'ryan@example.com'

Net::LDAP.any_instance.stub(:search).and_yield(@entry)

@result = ''
Zlib::GzipWriter.stub(:open).and_yield(@result)
File.stub(:open).with(/ldap.yml/).and_yield(File.read(File.join(File.dirname(__FILE__), 'fixtures', 'ldap_without_permission_mappings.yml')))
File.stub(:open).with(/users.xml.gz/, anything).and_yield(@result)
File.stub(:open).with(/credentials.yml/).and_yield(File.read(File.join(File.dirname(__FILE__), 'fixtures', 'credentials.yml')))

RestClient::Resource.any_instance.stub(:post)

Socialcast::CLI.start ['provision', '-c', 'spec/fixtures/ldap.yml']
end
it 'excludes roles element' do
@result.should_not =~ %r{roles}
end
end
context 'with external group member' do
before do
@entry = Net::LDAP::Entry.new("dc=example,dc=com")
Expand Down
53 changes: 53 additions & 0 deletions spec/fixtures/ldap_without_permission_mappings.yml
View file
@@ -0,0 +1,53 @@
---
# LDAP connections
connections:
example_connection_1:
username: "cn=Directory Manager"
password: "test"
host: localhost
port: 1389
basedn: "dc=example,dc=com"
filter: "(mail=*)"


# LDAP attribute mappings
mappings:
first_name: givenName
last_name: sn
email: mail
# only use employee_number if the email is unknown
# employee_number: emp_id
# only use unique_identifier if you do not wish to use email as the main user identification method
# unique_identifier: samaccountname


# Map LDAP Group Memberships to Socialcast Permissions
# permission_mappings:
# # configure LDAP field for group memberships (ex: memberof, isMemberOf, etc)
# attribute_name: isMemberOf
# account_types:
# external: "cn=External,dc=example,dc=com"
# roles:
# tenant_admin: "cn=Admins,dc=example,dc=com"
# sbi_admin: "cn=SbiAdmins,dc=example,dc=com"
# reach_admin: "cn=ReachAdmins,dc=example,dc=com"
# town_hall_admin: "cn=TownHallAdmins,dc=example,dc=com"


# general script options
options:
# cleanup the extracted ldap data file after run is complete
delete_users_file: false
# skip sending emails to newly activated users
skip_emails: true
# do not actually provision accounts
# useful during testing
test: true


# http options for connecting to Socialcast servers
http:
timeout: 660
# optional setting if script must connect to Socialcast server through a proxy
# proxy: "http://username:password@proxy.company.com:3128"

0 comments on commit af3a9a6

Please sign in to comment.