mirror of
https://github.com/kakwa/ldapcherry
synced 2024-11-25 18:54:29 +01:00
better comments and slight improvement in perf
This commit is contained in:
parent
19f98aa664
commit
17499c82ae
@ -35,6 +35,7 @@ class Roles:
|
|||||||
raise DumplicateRoleKey(e.key)
|
raise DumplicateRoleKey(e.key)
|
||||||
stream.close()
|
stream.close()
|
||||||
self.roles = {}
|
self.roles = {}
|
||||||
|
self.admin_roles = []
|
||||||
self._nest()
|
self._nest()
|
||||||
|
|
||||||
def _is_parent(self, roleid1, roleid2):
|
def _is_parent(self, roleid1, roleid2):
|
||||||
@ -81,6 +82,9 @@ class Roles:
|
|||||||
for backend in role['backends']:
|
for backend in role['backends']:
|
||||||
self.backends.add(backend)
|
self.backends.add(backend)
|
||||||
|
|
||||||
|
#if 'LC_admins' in role and role['LC_admins']:
|
||||||
|
# self.admin_roles.append(roleid)
|
||||||
|
|
||||||
# Create the nested groups
|
# Create the nested groups
|
||||||
for roleid in self.roles_raw:
|
for roleid in self.roles_raw:
|
||||||
role = self.roles_raw[roleid]
|
role = self.roles_raw[roleid]
|
||||||
@ -117,9 +121,16 @@ class Roles:
|
|||||||
return yaml.dump(self.roles, Dumper=CustomDumper)
|
return yaml.dump(self.roles, Dumper=CustomDumper)
|
||||||
|
|
||||||
def _check_member(self, role, groups, notroles, roles, parentroles, usedgroups):
|
def _check_member(self, role, groups, notroles, roles, parentroles, usedgroups):
|
||||||
|
|
||||||
|
# if we have already calculate user is not member of role
|
||||||
|
# return False
|
||||||
if role in notroles:
|
if role in notroles:
|
||||||
return False
|
return False
|
||||||
|
|
||||||
|
# if we have already calculate that user is already member, skip
|
||||||
|
# role membership calculation
|
||||||
|
# (parentroles is a list of roles that the user is member of by
|
||||||
|
# being member of one of their subroles)
|
||||||
if not (role in parentroles or role in roles):
|
if not (role in parentroles or role in roles):
|
||||||
for b in self.roles[role]['backends']:
|
for b in self.roles[role]['backends']:
|
||||||
for g in self.roles[role]['backends'][b]['groups']:
|
for g in self.roles[role]['backends'][b]['groups']:
|
||||||
@ -130,22 +141,26 @@ class Roles:
|
|||||||
notroles.add(role)
|
notroles.add(role)
|
||||||
return False
|
return False
|
||||||
|
|
||||||
|
# add groups of the role to usedgroups
|
||||||
for b in self.roles[role]['backends']:
|
for b in self.roles[role]['backends']:
|
||||||
if not b in usedgroups:
|
if not b in usedgroups:
|
||||||
usedgroups[b] = Set([])
|
usedgroups[b] = Set([])
|
||||||
|
|
||||||
for g in self.roles[role]['backends'][b]['groups']:
|
for g in self.roles[role]['backends'][b]['groups']:
|
||||||
usedgroups[b].add(g)
|
usedgroups[b].add(g)
|
||||||
|
|
||||||
flag = True
|
flag = True
|
||||||
|
# recursively determine if user is member of any subrole
|
||||||
for subrole in self.roles[role]['subroles']:
|
for subrole in self.roles[role]['subroles']:
|
||||||
flag = flag and not self._check_member(subrole, groups, notroles, roles, parentroles, usedgroups)
|
flag = flag and not self._check_member(subrole, groups, notroles, roles, parentroles, usedgroups)
|
||||||
|
# if not, add role to the list of roles
|
||||||
if flag:
|
if flag:
|
||||||
roles.add(role)
|
roles.add(role)
|
||||||
|
# else remove it from the list of roles and add
|
||||||
|
# it to the list of parentroles
|
||||||
else:
|
else:
|
||||||
if role in roles:
|
if role in roles:
|
||||||
roles.remove(role)
|
roles.remove(role)
|
||||||
parentroles.add(role)
|
parentroles.add(role)
|
||||||
return True
|
return True
|
||||||
|
|
||||||
def get_roles(self, groups):
|
def get_roles(self, groups):
|
||||||
@ -156,8 +171,10 @@ class Roles:
|
|||||||
usedgroups = {}
|
usedgroups = {}
|
||||||
unusedgroups = {}
|
unusedgroups = {}
|
||||||
ret = {}
|
ret = {}
|
||||||
|
# determine roles membership
|
||||||
for role in self.roles:
|
for role in self.roles:
|
||||||
self._check_member(role, groups, notroles, roles, parentroles, usedgroups)
|
self._check_member(role, groups, notroles, roles, parentroles, usedgroups)
|
||||||
|
# determine standalone groups not matching any roles
|
||||||
for b in groups:
|
for b in groups:
|
||||||
for g in groups[b]:
|
for g in groups[b]:
|
||||||
if not b in usedgroups or not g in usedgroups[b]:
|
if not b in usedgroups or not g in usedgroups[b]:
|
||||||
|
Loading…
Reference in New Issue
Block a user