Commit 9563902e authored by Tanner Prestegard's avatar Tanner Prestegard Committed by GraceDB
Browse files

Update shibboleth auth middleware to use new AuthGroup mechanism

parent 6b5240ba
......@@ -5,10 +5,12 @@ from django.conf import settings
from django.contrib import auth
from django.contrib.auth.models import Group as DjangoGroup
from django.contrib.auth.middleware import PersistentRemoteUserMiddleware
from django.contrib.auth.models import Group
from django.core.exceptions import ImproperlyConfigured
from django.urls import reverse_lazy
from .models import AuthGroup
# Set up logger
logger = logging.getLogger(__name__)
......@@ -89,17 +91,17 @@ class ShibbolethWebAuthMiddleware(PersistentRemoteUserMiddleware):
# Get groups from session which are in database as a QuerySet
session_groups = Group.objects.filter(name__in=
request.META.get(cls.group_header, '') \
session_group_names = request.META.get(cls.group_header, '').split(
session_groups = AuthGroup.ldap_objects.filter(ldap_name__in=
# Add groups which are in session but not in database
# Remove groups in database which are not in session, except for groups
# which are managed by admins, like EM advocates and executives
[ for g in session_groups] + settings.ADMIN_MANAGED_GROUPS))
# NOTE: The two above operations could be done much more nicely if
# the queryset operation difference() worked in MySQL
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment