[users at bb.net] Roles

Paulo Matos pmatos at linki.tools
Fri Jul 7 10:05:23 UTC 2017

On 07/07/17 11:43, Pierre Tardy wrote:
> On Fri, Jul 7, 2017 at 11:30 AM Paulo Matos <pmatos at linki.tools> wrote:
>     On 07/07/17 10:47, Pierre Tardy wrote:
>     > Hi Paulo,
>     >
>     > This is not something that is supported by current code.
>     By 'This' you mean disabling anonymous access?
> By this I mean using '*' in getRolesFromEmails.
> The design for people who need tight control like disabling anonymous
> access is more to use an authentication plugin that supports group (or
> create one for themselves)

Not sure if I understood what you meant but this seems to work well:

class RoleForDomain(util.RolesFromEmails):

    def __init__(self, **kwargs):
        super(util.RolesFromEmails, self).__init__()

        self.domain_roles = {}
        for role, domains in kwargs.items():
            for domain in domains:
                self.domain_roles.setdefault(domain, []).append(role)

    def getRolesFromUser(self, userDetails):
        if 'email' in userDetails:
            email = userDetails['email']
            edomain = re.search('@[a-zA-Z0-9_.]+', email).group()[1:]
            if edomain in self.domain_roles:
                roles = self.domain_roles[edomain]
                return roles
        return []

authz = util.Authz(
        util.AnyEndpointMatcher(role="admin", defaultDeny=True),
auth=util.UserPasswordAuth({'pmatos at matos-sorge.com': 'foobar'})

In this case if you are not logged in you won't see anything, but if you
login as pmatos at matos-sorge.com, you'll see everything. Not entirely
clear on how it works, but it does. What I can't understand is really
the endpoints bit which looks a bit complicated.

Would you be interested in a pull request with the code for RoleForDomain?

Paulo Matos

More information about the users mailing list