allow AUTH_LDAP_USER_FLAGS_BY_GROUP to specify an OR'd list for a flag

see: https://github.com/ansible/tower/issues/968
2026-03-25 04:45:03 -02:30 · 2018-05-23 12:26:44 -04:00
parent 550c6edb33
commit 28a42850a2
2 changed files with 49 additions and 1 deletions
--- a/awx/sso/fields.py
+++ b/awx/sso/fields.py
@@ -220,6 +220,18 @@ class LDAPDNField(fields.CharField):
        return None if value == '' else value


+class LDAPDNListField(fields.StringListField):
+
+    def __init__(self, **kwargs):
+        super(LDAPDNListField, self).__init__(**kwargs)
+        self.validators.append(lambda dn: map(validate_ldap_dn, dn))
+
+    def run_validation(self, data=empty):
+        if not isinstance(data, (list, tuple)):
+            data = [data]
+        return super(LDAPDNListField, self).run_validation(data)
+
+
 class LDAPDNWithUserField(fields.CharField):

    def __init__(self, **kwargs):
@@ -431,7 +443,7 @@ class LDAPUserFlagsField(fields.DictField):
        'invalid_flag': _('Invalid user flag: "{invalid_flag}".'),
    }
    valid_user_flags = {'is_superuser', 'is_system_auditor'}
-    child = LDAPDNField()
+    child = LDAPDNListField()

    def to_internal_value(self, data):
        data = super(LDAPUserFlagsField, self).to_internal_value(data)