From 6b663355370ef91baed6974003006a13ef279b33 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andrej=20Rama=C5=A1euski?= <andrej@x2.cz>
Date: Sun, 3 Jan 2021 23:30:16 +0100
Subject: [PATCH] Umozneno lokalni mapovani skupin na role
---
.gitlab-ci.yml | 2 +-
lib/CF/Helpers/Auth.pm | 16 +++++++++++++++-
openapi.yaml | 3 ++-
3 files changed, 18 insertions(+), 3 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 9b4d1e3..5d2a6df 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -3,7 +3,7 @@ image: docker:19.03.1
variables:
DOCKER_TLS_CERTDIR: "/certs"
IMAGE_TAG: $CI_REGISTRY_IMAGE
- IMAGE_VER: 1.7.0
+ IMAGE_VER: 1.8.0
services:
- docker:19.03.1-dind
diff --git a/lib/CF/Helpers/Auth.pm b/lib/CF/Helpers/Auth.pm
index fe004ae..df369d5 100644
--- a/lib/CF/Helpers/Auth.pm
+++ b/lib/CF/Helpers/Auth.pm
@@ -94,9 +94,23 @@ sub register ( $class, $self, $conf) {
@roles = split /\W+/, $c->req->headers('X-Roles');
}
elsif ( my $claims = $c->oauth_claims ) {
- @roles = @{ $claims->{roles} // [] };
+
+ if ( $c->cfg->{groups_to_roles_map} ) {
+ GROUP:
+ foreach my $group ( sort @{ $claims->{groups} } ) {
+ if ($c->cfg->{groups_to_roles_map} =~ /$group=(\w+)/x) {
+ push @roles, $1;
+ }
+ }
+ }
+ else {
+ @roles = @{ $claims->{roles} // [] };
+ }
+
}
+$c->trace(join '=', @roles);
+
$c->stash->{user_roles} //= { map { $_ => 1 } @roles };
return $c->stash->{user_roles};
});
diff --git a/openapi.yaml b/openapi.yaml
index 2a3f3d9..2e4991a 100644
--- a/openapi.yaml
+++ b/openapi.yaml
@@ -1,7 +1,7 @@
openapi: 3.0.3
info:
- version: 1.7.0
+ version: 1.8.0
title: CF Online
description: CF Online
license:
@@ -124,6 +124,7 @@ components:
type: string
jitsi_url:
type: string
+ nullable: true
is_banned:
type: boolean
Announcement:
--
GitLab