From dbf540d0e4a7b79e3f5ed71db5f3950c91197217 Mon Sep 17 00:00:00 2001
From: Ivan Procaccini <ivanprocaccini905@gmail.com>
Date: Tue, 23 Aug 2022 11:50:29 +0100
Subject: [PATCH] Feat: Add role-based automatic redirection on login
---
app/mocks/ldap_authentication.py | 2 +-
app/models/administration.py | 1 +
app/views/auth.py | 11 ++++++--
.../versions/6dea3a5014b0_add_role_column.py | 28 +++++++++++++++++++
4 files changed, 39 insertions(+), 3 deletions(-)
create mode 100644 migrations/versions/6dea3a5014b0_add_role_column.py
diff --git a/app/mocks/ldap_authentication.py b/app/mocks/ldap_authentication.py
index 22c59b0..37399fb 100644
--- a/app/mocks/ldap_authentication.py
+++ b/app/mocks/ldap_authentication.py
@@ -20,7 +20,7 @@ DUMMY_USER_BASE = {
"givenName": "Harry",
"sn": "Potter",
"distinguishedName": {"OU": ["doc"]},
- "extensionAttribute6": "Staff",
+ "extensionAttribute6": "Student",
},
"adumble": {
"name": "adumble",
diff --git a/app/models/administration.py b/app/models/administration.py
index 5fb8883..237b565 100644
--- a/app/models/administration.py
+++ b/app/models/administration.py
@@ -5,6 +5,7 @@ class AuthenticatedUser(db.Model):
username = db.Column(db.String(10), primary_key=True)
firstname = db.Column(db.String)
surname = db.Column(db.String)
+ role = db.Column(db.String, nullable=False)
def get_id(self):
return self.username
diff --git a/app/views/auth.py b/app/views/auth.py
index 37b0a26..2f892bd 100644
--- a/app/views/auth.py
+++ b/app/views/auth.py
@@ -8,7 +8,7 @@ from werkzeug.utils import redirect
from .. import messages, login_manager, ldap_service
from ..database import db
from ..forms import LoginForm
-from ..ldap_authentication.authenticator import NAME, SURNAME
+from ..ldap_authentication.authenticator import NAME, SURNAME, TITLE
from ..models import AuthenticatedUser
bp = Blueprint("auth", __name__)
@@ -50,6 +50,7 @@ def login():
username=username,
firstname=attributes.get(NAME, username.upper()),
surname=attributes.get(SURNAME, ""),
+ role=normalize_role(attributes.get(TITLE)),
)
db.session.add(user)
db.session.commit()
@@ -75,11 +76,17 @@ def logout():
##################################################################
# U T I L I T I E S
##################################################################
+
+
+def normalize_role(ldap_role):
+ return "student" if ldap_role in {"Student", "PGT", "Casual"} else "staff"
+
+
def to_next_page_or_home(next_pg):
if next_pg and is_safe_url(request.host_url, next_pg):
return next_pg
else:
- return url_for("student.projects")
+ return url_for(f"{current_user.role}.projects")
def is_safe_url(request_host_url, target):
diff --git a/migrations/versions/6dea3a5014b0_add_role_column.py b/migrations/versions/6dea3a5014b0_add_role_column.py
new file mode 100644
index 0000000..1ccf7d9
--- /dev/null
+++ b/migrations/versions/6dea3a5014b0_add_role_column.py
@@ -0,0 +1,28 @@
+"""Add role column
+
+Revision ID: 6dea3a5014b0
+Revises: a3f30aab004c
+Create Date: 2022-08-23 11:45:49.807695
+
+"""
+from alembic import op
+import sqlalchemy as sa
+
+
+# revision identifiers, used by Alembic.
+revision = "6dea3a5014b0"
+down_revision = "a3f30aab004c"
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+ # ### commands auto generated by Alembic - please adjust! ###
+ op.add_column("authenticated_user", sa.Column("role", sa.String(), nullable=False))
+ # ### end Alembic commands ###
+
+
+def downgrade():
+ # ### commands auto generated by Alembic - please adjust! ###
+ op.drop_column("authenticated_user", "role")
+ # ### end Alembic commands ###
--
GitLab