Maintenance will be performed on,,, and on the morning of Tuesday 11th August 2020, starting at approximately 9am PDT. It is expected to take around 20 minutes and there will be a short period of downtime (less than five minutes) towards the end of the maintenance window. Please direct any comments, questions, or concerns to

Commit 9563902e authored by Tanner Prestegard's avatar Tanner Prestegard Committed by GraceDB

Update shibboleth auth middleware to use new AuthGroup mechanism

parent 6b5240ba
......@@ -5,10 +5,12 @@ from django.conf import settings
from django.contrib import auth
from django.contrib.auth.models import Group as DjangoGroup
from django.contrib.auth.middleware import PersistentRemoteUserMiddleware
from django.contrib.auth.models import Group
from django.core.exceptions import ImproperlyConfigured
from django.urls import reverse_lazy
from .models import AuthGroup
# Set up logger
logger = logging.getLogger(__name__)
......@@ -89,17 +91,17 @@ class ShibbolethWebAuthMiddleware(PersistentRemoteUserMiddleware):
# Get groups from session which are in database as a QuerySet
session_groups = Group.objects.filter(name__in=
request.META.get(cls.group_header, '') \
session_group_names = request.META.get(cls.group_header, '').split(
session_groups = AuthGroup.ldap_objects.filter(ldap_name__in=
# Add groups which are in session but not in database
# Remove groups in database which are not in session, except for groups
# which are managed by admins, like EM advocates and executives
[ for g in session_groups] + settings.ADMIN_MANAGED_GROUPS))
# NOTE: The two above operations could be done much more nicely if
# the queryset operation difference() worked in MySQL
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment