auth.py 2.56 KB
Newer Older
LE GAC Renaud's avatar
LE GAC Renaud committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40
# -*- coding: utf-8 -*-
""" auth

    * Customise the authentication

"""
from gluon.html import URL
from gluon.tools import Auth
from gluon.validators import IS_IN_DB


# Constant for admin role
ID_ADMIN = 1
ADMIN = "admin"
DEF_ADMIN = "administrators, librairians,..."

# constant for user role
ID_USER = 2
USER = "user",
DEF_USER = "liaisons, team leaders,..."


def configure_auth(db, migrate_user=False):
    """Configure the authentication process

    Args:
        db (gluon.dal.DAL): database connection
        migrate_user (bool):

    Returns:
        gluon.tools.Auth

    """
    #
    # User logging
    # Approval is required for newly registered users
    #
    auth = Auth(db, hmac_key=Auth.get_or_create_key())

    auth.define_tables(migrate=migrate_user)
LE GAC Renaud's avatar
LE GAC Renaud committed
41 42 43 44 45 46 47 48

    settings = auth.settings
    settings.create_user_groups = False
    settings.mailer = None
    settings.registration_requires_approval = True
    settings.registration_requires_verification = False
    settings.remember_me_form = False
    settings.reset_password_requires_verification = True
LE GAC Renaud's avatar
LE GAC Renaud committed
49 50

    # go to the login page after change password, logout and registration
LE GAC Renaud's avatar
LE GAC Renaud committed
51 52 53
    settings.change_password_next = URL("user", args="login")
    settings.logout_next = URL("user", args="login")
    settings.register_next = URL("user", args="login")
LE GAC Renaud's avatar
LE GAC Renaud committed
54 55

    # create user and admin groups
LE GAC Renaud's avatar
LE GAC Renaud committed
56 57 58 59
    auth_group = db.auth_group
    if not db(auth_group.id).count():
        auth_group.insert(id=ID_ADMIN, role=ADMIN, description=T(DEF_ADMIN))
        auth_group.insert(id=ID_USER, role=USER, description=T(DEF_USER))
LE GAC Renaud's avatar
LE GAC Renaud committed
60 61

    # Newly registered users go in the user group
LE GAC Renaud's avatar
LE GAC Renaud committed
62
    settings.everybody_group_id = ID_USER
LE GAC Renaud's avatar
LE GAC Renaud committed
63 64

    # The first user is auto approved and get all privilege (admin)
LE GAC Renaud's avatar
LE GAC Renaud committed
65 66 67 68
    auth_user = db.auth_user
    if not db(auth_user.id).count():
        settings.everybody_group_id = ID_ADMIN
        settings.registration_requires_approval = False
LE GAC Renaud's avatar
LE GAC Renaud committed
69 70

    # tune authentication fields for the extJS interface
LE GAC Renaud's avatar
LE GAC Renaud committed
71 72
    auth_user.registration_key.readable = True
    auth_user.registration_key.writable = True
LE GAC Renaud's avatar
LE GAC Renaud committed
73

LE GAC Renaud's avatar
LE GAC Renaud committed
74 75 76
    auth_membership = db.auth_membership
    auth_membership.user_id.label = "User"
    auth_membership.group_id.label = "Group"
LE GAC Renaud's avatar
LE GAC Renaud committed
77

LE GAC Renaud's avatar
LE GAC Renaud committed
78
    auth_membership.user_id.requires = IS_IN_DB(db, "auth_user.last_name")
LE GAC Renaud's avatar
LE GAC Renaud committed
79 80 81 82

    # HACK
    # JSON conversion of datetime failed in the action plugin_dbui.dbui_conf
    # Convert the date in advance help
LE GAC Renaud's avatar
LE GAC Renaud committed
83 84
    auth_event = db.auth_event
    auth_event.time_stamp.default = auth_event.time_stamp.default.isoformat()
LE GAC Renaud's avatar
LE GAC Renaud committed
85

LE GAC Renaud's avatar
LE GAC Renaud committed
86 87
    auth_cas = db.auth_cas
    auth_cas.created_on.default = auth_cas.created_on.default.isoformat()
LE GAC Renaud's avatar
LE GAC Renaud committed
88 89

    return auth