ynerant/nk20
1
0
Fork 0
mirror of https://gitlab.crans.org/bde/nk20 synced 2025-07-21 00:19:10 +02:00
Code Issues Releases Wiki Activity

Compare commits

base: ynerant:fae9ea46de3f0b17f9211de1c24b619d8286ed78
Branches Tags
ynerant:main ynerant:family ynerant:translations ynerant:wei ynerant:food_traceability ynerant:beta ynerant:django-5.2 ynerant:oidc ynerant:darbonne ynerant:potvieux ynerant:food_bugs ynerant:delete_activity ynerant:update_invoice_template ynerant:time-display ynerant:guests_schools ynerant:export_members_ml ynerant:notekfet_wrapped ynerant:Add_some_permissions ynerant:permissions_fo_parent_clubs ynerant:respo_comm_permissionsV2 ynerant:fix_activity_view ynerant:Automation_mailing_lists ynerant:New_permission ynerant:finito_sda ynerant:non-BDE-members-permission-fix ynerant:survey_wei_2024 ynerant:migration-django-4-2 ynerant:summary_notes ynerant:traduction_inclusive_fr ynerant:migration-django-5-0 ynerant:qrcode ynerant:VSS ynerant:update_permission ynerant:fix_pipeline ynerant:permission_var ynerant:inclusive ynerant:nix-shell ynerant:sheets ynerant:svg_icons ynerant:faster_ci
ynerant:v1.0.3 ynerant:v1.0.2 ynerant:v1.0.1 ynerant:v1.0.0
..
compare: ynerant:09d0a6d24382311355c54d00fa48299b469ab339
Branches Tags
ynerant:family ynerant:main ynerant:translations ynerant:wei ynerant:food_traceability ynerant:beta ynerant:django-5.2 ynerant:oidc ynerant:darbonne ynerant:potvieux ynerant:food_bugs ynerant:delete_activity ynerant:update_invoice_template ynerant:time-display ynerant:guests_schools ynerant:export_members_ml ynerant:notekfet_wrapped ynerant:Add_some_permissions ynerant:permissions_fo_parent_clubs ynerant:respo_comm_permissionsV2 ynerant:fix_activity_view ynerant:Automation_mailing_lists ynerant:New_permission ynerant:finito_sda ynerant:non-BDE-members-permission-fix ynerant:survey_wei_2024 ynerant:migration-django-4-2 ynerant:summary_notes ynerant:traduction_inclusive_fr ynerant:migration-django-5-0 ynerant:qrcode ynerant:VSS ynerant:update_permission ynerant:fix_pipeline ynerant:permission_var ynerant:inclusive ynerant:nix-shell ynerant:sheets ynerant:svg_icons ynerant:faster_ci
ynerant:v1.0.3 ynerant:v1.0.2 ynerant:v1.0.1 ynerant:v1.0.0

1 Commits
fae9ea46de ... 09d0a6d243

Author SHA1 Message Date
quark
09d0a6d243 Merge branch 'oidc' into 'main' 
OIDC 0 Quark 1

See merge request bde/nk20!322
 2025-06-17 00:55:18 +02:00
1 changed files with 5 additions and 7 deletions
Expand all files Collapse all files

12
apps/permission/scopes.py
View File

@ -1,6 +1,5 @@
# Copyright (C) 2018-2025 by BDE ENS Paris-Saclay
# SPDX-License-Identifier: GPL-3.0-or-later
from oauth2_provider.oauth2_validators import OAuth2Validator
from oauth2_provider.scopes import BaseScopes
from member.models import Club
@ -20,7 +19,7 @@ class PermissionScopes(BaseScopes):
def get_all_scopes(self):
scopes = {f"{p.id}_{club.id}": f"{p.description} (club {club.name})"
for p in Permission.objects.all() for club in Club.objects.all()}
for p in Permission.objects.all() for club in Club.objects.all()}
scopes['openid'] = "OpenID Connect"
return scopes
@ -28,8 +27,8 @@ class PermissionScopes(BaseScopes):
if not application:
return []
scopes = [f"{p.id}_{p.membership.club.id}"
for t in Permission.PERMISSION_TYPES
for p in PermissionBackend.get_raw_permissions(get_current_request(), t[0])]
for t in Permission.PERMISSION_TYPES
for p in PermissionBackend.get_raw_permissions(get_current_request(), t[0])]
scopes.append('openid')
return scopes
@ -37,11 +36,10 @@ class PermissionScopes(BaseScopes):
if not application:
return []
scopes = [f"{p.id}_{p.membership.club.id}"
for p in PermissionBackend.get_raw_permissions(get_current_request(), 'view')]
for p in PermissionBackend.get_raw_permissions(get_current_request(), 'view')]
scopes.append('openid')
return scopes
class PermissionOAuth2Validator(OAuth2Validator):
oidc_claim_scope = OAuth2Validator.oidc_claim_scope
oidc_claim_scope.update({"name": 'openid',
@ -76,7 +74,7 @@ class PermissionOAuth2Validator(OAuth2Validator):
scope = f"{p.id}_{p.membership.club.id}"
if scope in scopes:
valid_scopes.add(scope)
if 'openid' in scopes:
valid_scopes.add('openid')