Mapped Attrs - WIPticket_25

1 files changed, 42 insertions, 1 deletions

diff --git a/ipsilon/providers/saml2/admin.py b/ipsilon/providers/saml2/admin.py
index 0ab2a41..e9d37ea 100644
--- a/ipsilon/providers/saml2/admin.py
+++ b/ipsilon/providers/saml2/admin.py
@@ -23,6 +23,7 @@ from ipsilon.admin.common import ADMIN_STATUS_WARN
 from ipsilon.providers.saml2.provider import ServiceProvider
 from ipsilon.providers.saml2.provider import ServiceProviderCreator
 from ipsilon.providers.saml2.provider import InvalidProviderId
+import json
 import re
 import requests
 
@@ -205,7 +206,32 @@ class SPAdminPage(AdminPage):
                     raise InvalidValueFormat(err)
             return {'allowed_nameids': list(v)}
         else:
-            raise UnauthorizedUser("Unauthorized to set alowed nameids values")
+            raise UnauthorizedUser("Unauthorized to set allowed nameids values")
+
+    def change_attribute_mappings(self, from_attrs, to_attrs, deleted_mappings):
+        mappings = []
+
+        if self.user.is_admin:
+            if len(from_attrs) != len(to_attrs):
+                raise InvalidValueFormat('Invalid attribute mapping value')
+        else:
+            raise UnauthorizedUser('Unauthorized to set attribute mapping values')
+
+        mappings = []
+        for i in range(len(from_attrs)):
+            # Don't add deleted mappings
+            if i not in deleted_mappings:
+                mappings.append([from_attrs[i], to_attrs[i]])
+
+        if mappings == self.sp.attribute_mappings:
+            return False
+
+        if self.user.is_admin:
+            self._debug("Replacing attribute_mappings: %s -> %s" %
+                        (self.sp.attribute_mappings, mappings))
+            return {'attribute_mappings': json.dumps(mappings)}
+        else:
+            raise UnauthorizedUser('Unauthorized to set attribute mapping values')
 
     def POST(self, *args, **kwargs):
 
@@ -219,6 +245,7 @@ class SPAdminPage(AdminPage):
                     r = self.change_name(key, value)
                     if r:
                         results.update(r)
+
                 elif key == 'owner':
                     r = self.change_owner(key, value)
                     if r:
@@ -234,6 +261,18 @@ class SPAdminPage(AdminPage):
                     if r:
                         results.update(r)
 
+            # Extract all of the attribute mapping values
+            from_attrs = dict((int(k.replace(' attribute_mappings-from', '')), v) for
+                               k,v in kwargs.iteritems() if k.endswith('attribute_mappings-from'))
+            to_attrs = dict((int(k.replace(' attribute_mappings-to', '')), v) for
+                            k,v in kwargs.iteritems() if k.endswith('attribute_mappings-to'))
+            deleted_mappings = dict((int(k.replace(' attribute_mappings-delete', '')), v) for
+                                    k, v in kwargs.iteritems() if k.endswith('attribute_mappings-delete'))
+
+            r = self.change_attribute_mappings(from_attrs, to_attrs, deleted_mappings)
+            if r:
+                results.update(r)
+
         except InvalidValueFormat, e:
             message = str(e)
             message_type = ADMIN_STATUS_WARN
@@ -258,6 +297,8 @@ class SPAdminPage(AdminPage):
                     self.sp.default_nameid = results['default_nameid']
                 if 'allowed_nameids' in results:
                     self.sp.allowed_nameids = results['allowed_nameids']
+                if 'attribute_mappings' in results:
+                    self.sp.attribute_mappings = results['attribute_mappings']
                 self.sp.save_properties()
                 if 'rename' in results:
                     rename = results['rename']