Skip to content

Auth

user_create(next_auth, context, data_dict=None)

Parameters:

Name Type Description Default
next_auth

the next auth function in the chain

 required
context
required
data_dict

(Default value = None)

 None
Source code in ckanext/ldap/logic/auth.py 
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
@toolkit.chained_auth_function
@toolkit.auth_allow_anonymous_access
def user_create(next_auth, context, data_dict=None):
    """
    :param next_auth: the next auth function in the chain
    :param context:
    :param data_dict:  (Default value = None)
    """
    if data_dict and 'name' in data_dict:
        ldap_user_dict = find_ldap_user(data_dict['name'])
        if ldap_user_dict:
            return {
                'success': False,
                'msg': toolkit._('An LDAP user by that name already exists'),
            }

    return next_auth(context, data_dict)

user_update(next_auth, context, data_dict)

Ensure LDAP users cannot be edited, and name clash with ldap users.

Parameters:

Name Type Description Default
next_auth

the next auth function in the chain

 required
context
required
data_dict
required
Source code in ckanext/ldap/logic/auth.py 
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
@toolkit.chained_auth_function
@toolkit.auth_allow_anonymous_access
def user_update(next_auth, context, data_dict):
    """
    Ensure LDAP users cannot be edited, and name clash with ldap users.

    :param next_auth: the next auth function in the chain
    :param context:
    :param data_dict:
    """
    user_obj = None
    try:
        user_obj = auth.get_user_object(context, data_dict)
    except toolkit.ObjectNotFound:
        pass
    # Prevent edition of LDAP users (if so configured)
    if (
        toolkit.config['ckanext.ldap.prevent_edits']
        and user_obj
        and LdapUser.by_user_id(user_obj.id)
    ):
        return {'success': False, 'msg': toolkit._('Cannot edit LDAP users')}
    # Prevent name clashes!
    if 'name' in data_dict and user_obj and user_obj.name != data_dict['name']:
        ldap_user_dict = find_ldap_user(data_dict['name'])
        if ldap_user_dict:
            if (
                len(user_obj.ldap_user) == 0
                or user_obj.ldap_user[0].ldap_id != ldap_user_dict['ldap_id']
            ):
                return {
                    'success': False,
                    'msg': toolkit._('An LDAP user by that name already exists'),
                }

    return next_auth(context, data_dict)