Page MenuHomeSoftware Heritage
Differential D5578 Diff 19937 swh/auth/django/utils.py

Changeset View

Standalone View

View Options

swh/auth/django/utils.py

Show First 20 LinesShow All 41 Lines▼ Show 20 Lines user = OIDCUser(
last_name=decoded_token.get("family_name", ""), last_name=decoded_token.get("family_name", ""),
email=decoded_token.get("email", ""), email=decoded_token.get("email", ""),
) )
# set is_staff user property based on groups # set is_staff user property based on groups
if "groups" in decoded_token: if "groups" in decoded_token:
user.is_staff = "/staff" in decoded_token["groups"] user.is_staff = "/staff" in decoded_token["groups"]
realm_access = decoded_token.get("realm_access", {})
permissions = realm_access.get("roles", [])
if client_id: if client_id:
# extract user permissions if any # extract user permissions if any
resource_access = decoded_token.get("resource_access", {}) resource_access = decoded_token.get("resource_access", {})
client_resource_access = resource_access.get(client_id, {}) client_resource_access = resource_access.get(client_id, {})
permissions = client_resource_access.get("roles", []) permissions += client_resource_access.get("roles", [])
else:
permissions = []
user.permissions = set(permissions) # set user permissions and filter out default keycloak realm roles
user.permissions = set(permissions) - {"offline_access", "uma_authorization"}
# add user sub to custom User proxy model # add user sub to custom User proxy model
user.sub = decoded_token["sub"] user.sub = decoded_token["sub"]
return user return user
def oidc_user_from_profile( def oidc_user_from_profile(
▲ Show 20 LinesShow All 123 LinesShow Last 20 Lines
About · Developer information · Legal