Feat: Add role-based automatic redirection on login

dbf540d0 · Ivan Procaccini · 4d4165da · dbf540d0 · dbf540d0 · dbf540d0
Commit dbf540d0 authored 2 years ago by Ivan Procaccini
--- a/app/mocks/ldap_authentication.py
+++ b/app/mocks/ldap_authentication.py
@@ -20,7 +20,7 @@ DUMMY_USER_BASE = {
        "givenName": "Harry",
        "sn": "Potter",
        "distinguishedName": {"OU": ["doc"]},
-        "extensionAttribute6": "Staff",
+        "extensionAttribute6": "Student",
    },
    "adumble": {
        "name": "adumble",

--- a/app/models/administration.py
+++ b/app/models/administration.py
@@ -5,6 +5,7 @@ class AuthenticatedUser(db.Model):
    username = db.Column(db.String(10), primary_key=True)
    firstname = db.Column(db.String)
    surname = db.Column(db.String)
+    role = db.Column(db.String, nullable=False)
    def get_id(self):
        return self.username

--- a/app/views/auth.py
+++ b/app/views/auth.py
@@ -8,7 +8,7 @@ from werkzeug.utils import redirect
 from .. import messages, login_manager, ldap_service
 from ..database import db
 from ..forms import LoginForm
-from ..ldap_authentication.authenticator import NAME, SURNAME
+from ..ldap_authentication.authenticator import NAME, SURNAME, TITLE
 from ..models import AuthenticatedUser
 bp = Blueprint("auth", __name__)
@@ -50,6 +50,7 @@ def login():
                username=username,
                firstname=attributes.get(NAME, username.upper()),
                surname=attributes.get(SURNAME, ""),
+                role=normalize_role(attributes.get(TITLE)),
            )
            db.session.add(user)
            db.session.commit()
@@ -75,11 +76,17 @@ def logout():
 ##################################################################
 # U T I L I T I E S
 ##################################################################
+def normalize_role(ldap_role):
+    return "student" if ldap_role in {"Student", "PGT", "Casual"} else "staff"
 def to_next_page_or_home(next_pg):
    if next_pg and is_safe_url(request.host_url, next_pg):
        return next_pg
    else:
-        return url_for("student.projects")
+        return url_for(f"{current_user.role}.projects")
 def is_safe_url(request_host_url, target):

--- a/migrations/versions/6dea3a5014b0_add_role_column.py
+++ b/migrations/versions/6dea3a5014b0_add_role_column.py
+"""Add role column
+Revision ID: 6dea3a5014b0
+Revises: a3f30aab004c
+Create Date: 2022-08-23 11:45:49.807695
+"""
+from alembic import op
+import sqlalchemy as sa
+# revision identifiers, used by Alembic.
+revision = "6dea3a5014b0"
+down_revision = "a3f30aab004c"
+branch_labels = None
+depends_on = None
+def upgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.add_column("authenticated_user", sa.Column("role", sa.String(), nullable=False))
+    # ### end Alembic commands ###
+def downgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.drop_column("authenticated_user", "role")
+    # ### end Alembic commands ###