Merge branch '4-sync-user-groups-after-login' into 'master'

Resolve "Sync user groups after login" Closes #4 See merge request !1

Merge branch '4-sync-user-groups-after-login' into 'master'
505f75a9 · Nik | Klampfradler · a01789a3 · 4c2b9b98 · 505f75a9 · 505f75a9
Commit 505f75a9 authored 5 years ago by Nik | Klampfradler
--- a/aleksis/apps/ldap/settings.py
+++ b/aleksis/apps/ldap/settings.py
@@ -17,19 +17,25 @@ CONSTANCE_ADDITIONAL_FIELDS = {

 CONSTANCE_CONFIG = {
    "ENABLE_LDAP_SYNC": (True, _("Enable ldap sync"), bool),
-    "LDAP_SYNC_CREATE": (True, _("Match created persons to users"), bool),
    "LDAP_SYNC_ON_UPDATE": (True, _("Also sync if user updates"), bool),
    "LDAP_MATCHING_FIELDS": (
        None,
        _("LDAP sync matching fields"),
        "matching-fields-select",
    ),
+    "ENABLE_LDAP_GROUP_SYNC": (True, _("Enable ldap group sync"), bool),
+    "LDAP_SYNC_CREATE_GROUPS": (True, _("Create non-existing groups"), bool),
+    "LDAP_GROUP_SYNC_FIELD_SHORT_NAME": ("cn", _("Field for short name of group"), str),
+    "LDAP_GROUP_SYNC_FIELD_NAME": ("cn", _("Field for name of group"), str),
 }
 CONSTANCE_CONFIG_FIELDSETS = {
    "LDAP-Sync settings": (
        "ENABLE_LDAP_SYNC",
-        "LDAP_SYNC_CREATE",
        "LDAP_SYNC_ON_UPDATE",
        "LDAP_MATCHING_FIELDS",
+        "ENABLE_LDAP_GROUP_SYNC",
+        "LDAP_SYNC_CREATE_GROUPS",
+        "LDAP_GROUP_SYNC_FIELD_SHORT_NAME",
+        "LDAP_GROUP_SYNC_FIELD_NAME",
    ),
 }
--- a/aleksis/apps/ldap/util/ldap_sync.py
+++ b/aleksis/apps/ldap/util/ldap_sync.py
@@ -7,35 +7,41 @@ from constance import config
 def ldap_create_user(sender, instance, created, raw, using, update_fields, **kwargs):
    """ Find ldap users by configurable matching fields and connect them to django users. """
    Person = apps.get_model("core", "Person")
+    Group = apps.get_model("core", "Group")

-    if config.ENABLE_LDAP_SYNC and (created or config.LDAP_SYNC_ON_UPDATE):
+    if config.ENABLE_LDAP_SYNC and (created or config.LDAP_SYNC_ON_UPDATE) and hasattr(instance, "ldap_user"):
        # Check if there is an existing person connected to the user.
        if not Person.objects.filter(user=instance).exists():
-            if config.LDAP_MATCHING_FIELDS == "match-email":
-                # Get or create a person matching to email field.
-                person, created = Person.objects.get_or_create(
-                    email=instance.email,
-                    defaults={
-                        "first_name": instance.first_name,
-                        "last_name": instance.last_name,
-                    },
-                )
-            elif config.LDAP_MATCHING_FIELDS == "match-name":
-                # Get or create a person matching to the first and last name.
-                person, created = Person.objects.get_or_create(
-                    first_name=instance.first_name,
-                    last_name=instance.last_name,
-                    defaults={"email": instance.email},
-                )
-            elif config.LDAP_MATCHING_FIELDS == "match-email-name":
-                # Get or create a person matching to the email and the first and last name.
-                person, created = Person.objects.get_or_create(
-                    first_name=instance.first_name,
-                    last_name=instance.last_name,
-                    email=instance.email,
+            # Build filter criteria depending on config
+            matches = {}
+            if "-email" in config.LDAP_MATCHING_FIELDS:
+                matches["email"] = instance.email
+            if "-name" in config.LDAP_MATCHING_FIELDS:
+                matches["first_name"] = instance.first_name
+                matches["last_name"] = instance.last_name
+
+            try:
+                person = Person.objects.get(**matches)
+            except Person.DoesNotExist:
+                # Bail out of further processing
+                return
+
+            person.user = instance
+            person.save()
+
+        if config.ENABLE_LDAP_GROUP_SYNC:
+            group_objects = []
+            groups = instance.ldap_user._get_groups()
+            group_infos = list(groups._get_group_infos())
+            for ldap_group in group_infos:
+                group, created = Group.objects.update_or_create(
+                    import_ref = ldap_group[0],
+                    defaults = {
+                        "short_name": ldap_group[1][config.LDAP_GROUP_SYNC_FIELD_SHORT_NAME][0][-16:],
+                        "name": ldap_group[1][config.LDAP_GROUP_SYNC_FIELD_NAME][0][:60]
+                    }
                )

-            # Save person if enabled in config or no new person was created.
-            if config.LDAP_SYNC_CREATE or not created:
-                person.user = instance
-                person.save()
+                group_objects.append(group)
+
+            instance.person.member_of.set(group_objects)