added feature to grant access permissions via SSO groups

2024-09-16 13:20:19 +02:00 · 2024-09-16 13:20:19 +02:00 · b5fbe28146
commit b5fbe28146
parent 09b2375d79
5 changed files with 102 additions and 0 deletions
--- a/src/c3nav/mapdata/migrations/0109_accesspermissionssogrant_accesspermission_sso_grant.py
+++ b/src/c3nav/mapdata/migrations/0109_accesspermissionssogrant_accesspermission_sso_grant.py
@ -0,0 +1,42 @@
+# Generated by Django 5.0.8 on 2024-09-12 21:22
+
+import django.db.models.deletion
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('mapdata', '0108_in_legend'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='AccessPermissionSSOGrant',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('provider', models.CharField(max_length=32, verbose_name='SSO Backend')),
+                ('group', models.CharField(max_length=64, verbose_name='SSO Group')),
+                ('access_restriction', models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, to='mapdata.accessrestriction')),
+                ('access_restriction_group', models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, to='mapdata.accessrestrictiongroup')),
+            ],
+            options={
+                'verbose_name': 'Access Permission SSO Grant',
+                'verbose_name_plural': 'Access Permission SSO Grants',
+                'default_related_name': 'accesspermission_sso_grants',
+            },
+        ),
+        migrations.AddField(
+            model_name='accesspermission',
+            name='sso_grant',
+            field=models.ForeignKey(null=True, on_delete=django.db.models.deletion.CASCADE, to='mapdata.accesspermissionssogrant', verbose_name='Access Permission SSO Grant'),
+        ),
+        migrations.AddConstraint(
+            model_name='accesspermissionssogrant',
+            constraint=models.CheckConstraint(check=models.Q(models.Q(('access_restriction__isnull', True), ('access_restriction_group__isnull', True), _negated=True), models.Q(('access_restriction__isnull', False), ('access_restriction_group__isnull', False), _negated=True)), name='sso_permission_grant_needs_restriction_or_restriction_group'),
+        ),
+        migrations.AlterUniqueTogether(
+            name='accesspermissionssogrant',
+            unique_together={('provider', 'group', 'access_restriction', 'access_restriction_group')},
+        ),
+    ]