Changeset View
Changeset View
Standalone View
Standalone View
swh/auth/django/utils.py
Show First 20 Lines • Show All 41 Lines • ▼ Show 20 Lines | user = OIDCUser( | ||||
last_name=decoded_token.get("family_name", ""), | last_name=decoded_token.get("family_name", ""), | ||||
email=decoded_token.get("email", ""), | email=decoded_token.get("email", ""), | ||||
) | ) | ||||
# set is_staff user property based on groups | # set is_staff user property based on groups | ||||
if "groups" in decoded_token: | if "groups" in decoded_token: | ||||
user.is_staff = "/staff" in decoded_token["groups"] | user.is_staff = "/staff" in decoded_token["groups"] | ||||
realm_access = decoded_token.get("realm_access", {}) | |||||
permissions = realm_access.get("roles", []) | |||||
if client_id: | if client_id: | ||||
# extract user permissions if any | # extract user permissions if any | ||||
resource_access = decoded_token.get("resource_access", {}) | resource_access = decoded_token.get("resource_access", {}) | ||||
client_resource_access = resource_access.get(client_id, {}) | client_resource_access = resource_access.get(client_id, {}) | ||||
permissions = client_resource_access.get("roles", []) | permissions += client_resource_access.get("roles", []) | ||||
else: | |||||
permissions = [] | |||||
user.permissions = set(permissions) | # set user permissions and filter out default keycloak realm roles | ||||
user.permissions = set(permissions) - {"offline_access", "uma_authorization"} | |||||
# add user sub to custom User proxy model | # add user sub to custom User proxy model | ||||
user.sub = decoded_token["sub"] | user.sub = decoded_token["sub"] | ||||
return user | return user | ||||
def oidc_user_from_profile( | def oidc_user_from_profile( | ||||
▲ Show 20 Lines • Show All 123 Lines • Show Last 20 Lines |