authentication.py 2.54 KB
Newer Older
LE GAC Renaud's avatar
LE GAC Renaud committed
1
""" authentication
LE GAC Renaud's avatar
LE GAC Renaud committed
2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17

    * Customise the authentication

"""
from gluon.html import URL
from gluon.tools import Auth
from gluon.validators import IS_IN_DB


# Constant for admin role
ID_ADMIN = 1
ADMIN = "admin"
DEF_ADMIN = "administrators, librairians,..."

# constant for user role
ID_USER = 2
18
USER = "user"
LE GAC Renaud's avatar
LE GAC Renaud committed
19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39
DEF_USER = "liaisons, team leaders,..."


def configure_auth(db, migrate_user=False):
    """Configure the authentication process

    Args:
        db (gluon.dal.DAL): database connection
        migrate_user (bool):

    Returns:
        gluon.tools.Auth

    """
    #
    # User logging
    # Approval is required for newly registered users
    #
    auth = Auth(db, hmac_key=Auth.get_or_create_key())

    auth.define_tables(migrate=migrate_user)
LE GAC Renaud's avatar
LE GAC Renaud committed
40 41 42 43 44 45 46 47

    settings = auth.settings
    settings.create_user_groups = False
    settings.mailer = None
    settings.registration_requires_approval = True
    settings.registration_requires_verification = False
    settings.remember_me_form = False
    settings.reset_password_requires_verification = True
LE GAC Renaud's avatar
LE GAC Renaud committed
48 49

    # go to the login page after change password, logout and registration
LE GAC Renaud's avatar
LE GAC Renaud committed
50 51 52
    settings.change_password_next = URL("user", args="login")
    settings.logout_next = URL("user", args="login")
    settings.register_next = URL("user", args="login")
LE GAC Renaud's avatar
LE GAC Renaud committed
53 54

    # create user and admin groups
LE GAC Renaud's avatar
LE GAC Renaud committed
55 56 57 58
    auth_group = db.auth_group
    if not db(auth_group.id).count():
        auth_group.insert(id=ID_ADMIN, role=ADMIN, description=T(DEF_ADMIN))
        auth_group.insert(id=ID_USER, role=USER, description=T(DEF_USER))
LE GAC Renaud's avatar
LE GAC Renaud committed
59 60

    # Newly registered users go in the user group
LE GAC Renaud's avatar
LE GAC Renaud committed
61
    settings.everybody_group_id = ID_USER
LE GAC Renaud's avatar
LE GAC Renaud committed
62 63

    # The first user is auto approved and get all privilege (admin)
LE GAC Renaud's avatar
LE GAC Renaud committed
64 65 66 67
    auth_user = db.auth_user
    if not db(auth_user.id).count():
        settings.everybody_group_id = ID_ADMIN
        settings.registration_requires_approval = False
LE GAC Renaud's avatar
LE GAC Renaud committed
68 69

    # tune authentication fields for the extJS interface
LE GAC Renaud's avatar
LE GAC Renaud committed
70 71
    auth_user.registration_key.readable = True
    auth_user.registration_key.writable = True
LE GAC Renaud's avatar
LE GAC Renaud committed
72

LE GAC Renaud's avatar
LE GAC Renaud committed
73 74 75
    auth_membership = db.auth_membership
    auth_membership.user_id.label = "User"
    auth_membership.group_id.label = "Group"
LE GAC Renaud's avatar
LE GAC Renaud committed
76

LE GAC Renaud's avatar
LE GAC Renaud committed
77
    auth_membership.user_id.requires = IS_IN_DB(db, "auth_user.last_name")
LE GAC Renaud's avatar
LE GAC Renaud committed
78 79 80 81

    # HACK
    # JSON conversion of datetime failed in the action plugin_dbui.dbui_conf
    # Convert the date in advance help
LE GAC Renaud's avatar
LE GAC Renaud committed
82 83
    auth_event = db.auth_event
    auth_event.time_stamp.default = auth_event.time_stamp.default.isoformat()
LE GAC Renaud's avatar
LE GAC Renaud committed
84

LE GAC Renaud's avatar
LE GAC Renaud committed
85 86
    auth_cas = db.auth_cas
    auth_cas.created_on.default = auth_cas.created_on.default.isoformat()
LE GAC Renaud's avatar
LE GAC Renaud committed
87 88

    return auth