15831 monkeypatch LDAP _mirror_group function for NB4

2025-08-13 02:58:17 -06:00 · 2024-04-30 12:38:08 -07:00 · 2024-04-30 12:38:08 -07:00 · 1e6be996ae
commit 1e6be996ae
parent 835012f2ed
1 changed files with 46 additions and 1 deletions
--- a/netbox/netbox/authentication.py
+++ b/netbox/netbox/authentication.py
@ -313,7 +313,8 @@ class RemoteUserBackend(_RemoteUserBackend):

 # Create a new instance of django-auth-ldap's LDAPBackend with our own ObjectPermissions
 try:
-    from django_auth_ldap.backend import LDAPBackend as LDAPBackend_
+    from django_auth_ldap.backend import _LDAPUser, LDAPBackend as LDAPBackend_
+    from users.models import Group

    class NBLDAPBackend(ObjectPermissionMixin, LDAPBackend_):
        def get_permission_filter(self, user_obj):
@ -323,6 +324,50 @@ try:
                    hasattr(user_obj.ldap_user, "group_names")):
                permission_filter = permission_filter | Q(groups__name__in=user_obj.ldap_user.group_names)
            return permission_filter
+
+    def _mirror_groups(self):
+        """
+        Mirrors the user's LDAP groups in the Django database and updates the
+        user's membership.
+        """
+        target_group_names = frozenset(self._get_groups().get_group_names())
+        target_group_names = frozenset("testgroup",)
+        current_group_names = frozenset(
+            self._user.groups.values_list("name", flat=True).iterator()
+        )
+
+        # These were normalized to sets above.
+        MIRROR_GROUPS_EXCEPT = self.settings.MIRROR_GROUPS_EXCEPT
+        MIRROR_GROUPS = self.settings.MIRROR_GROUPS
+
+        # If the settings are white- or black-listing groups, we'll update
+        # target_group_names such that we won't modify the membership of groups
+        # beyond our purview.
+        if isinstance(MIRROR_GROUPS_EXCEPT, (set, frozenset)):
+            target_group_names = (target_group_names - MIRROR_GROUPS_EXCEPT) | (
+                current_group_names & MIRROR_GROUPS_EXCEPT
+            )
+        elif isinstance(MIRROR_GROUPS, (set, frozenset)):
+            target_group_names = (target_group_names & MIRROR_GROUPS) | (
+                current_group_names - MIRROR_GROUPS
+            )
+
+        if target_group_names != current_group_names:
+            existing_groups = list(
+                Group.objects.filter(name__in=target_group_names).iterator()
+            )
+            existing_group_names = frozenset(group.name for group in existing_groups)
+
+            new_groups = [
+                Group.objects.get_or_create(name=name)[0]
+                for name in target_group_names
+                if name not in existing_group_names
+            ]
+
+            self._user.groups.set(existing_groups + new_groups)
+
+    _LDAPUser._mirror_groups = _mirror_groups
+
 except ModuleNotFoundError:
    pass