Now authenicates access to services based on groups, not simple tags

sso/forms.py

@@ -26,8 +26,18 @@ class ServiceUsernameField(forms.CharField):
         else:
             raise forms.ValidationError("That username is already taken")
 
-class ServiceAccountForm(forms.Form):
-    service = forms.ModelChoiceField(queryset=Service.objects.filter(active=1), empty_label="Select A Service... ")
-    username = ServiceUsernameField(min_length=4,max_length=50)
-    password = forms.CharField(label = u'Password',widget = forms.PasswordInput(render_value=False)) 
+def UserServiceAccountForm(user):
+    """ Generate a Service Account form based on the user's permissions """
 
+    services = Service.objects.filter(groups__in=user.groups.all())
+    choices = []
+
+    for service in services.all():
+        choices.append( ( service.name, service ) )
+
+    class ServiceAccountForm(forms.Form):
+        service = forms.ChoiceField(choices=choices)
+        username = ServiceUsernameField(min_length=4,max_length=50)
+        password = forms.CharField(label = u'Password',widget = forms.PasswordInput(render_value=False)) 
+
+    return ServiceAccountForm

sso/models.py

@@ -1,6 +1,7 @@
 from django.db import models
 from django.db.models import signals
-from django.contrib.auth.models import User, UserManager
+from django.contrib.auth.models import User, UserManager, Group
+from eve_api.models import EVEAccount
 
 from services import get_api
 
@@ -27,6 +28,15 @@ class SSOUser(models.Model):
 
     corp_user = models.BooleanField()
 
+    def update_access(self):
+        """ Steps through each Eve API registered to the user and updates their group 
+            access accordingly """
+        for eacc in EVEAccount.objects.filter(user=self.user):
+            for char in eacc.characters.all():
+                if char.corporation.group:
+                    self.user.groups.add(char.corporation.group)
+                
+
     def __str__(self):
         return self.user.__str__()
 
@@ -43,6 +53,7 @@ class Service(models.Model):
     url = models.CharField(max_length=200, blank=True)
     active = models.BooleanField(default=True)
     api = models.CharField(max_length=200)
+    groups = models.ForeignKey(Group)
 
     def __str__(self):
         #return "%s: %s" % (self.name, self.api)

sso/services/__init__.py

@@ -17,8 +17,6 @@ class BaseService():
 
     """
 
-    corp_only = False
-
     def add_user(self, username, password):
         """ Add a user """
         pass

sso/services/jabber/__init__.py

@@ -3,9 +3,7 @@ from sso.services.jabber.ejabberdctl import eJabberdCtl
 import settings
 
 class JabberService(BaseService):
-
-    corp_only = True
-    
+  
     def __init__(self):
         self.ejctl = eJabberdCtl(sudo=settings.JABBER_SUDO)
 

sso/views.py

@@ -9,7 +9,7 @@ from eve_api.api_puller.accounts import import_eve_account
 from eve_api.models.api_player import EVEAccount
 
 from sso.models import ServiceAccount, SSOUser
-from sso.forms import EveAPIForm, ServiceAccountForm
+from sso.forms import EveAPIForm, UserServiceAccountForm
 
 import settings
 
@@ -52,12 +52,7 @@ def eveapi_add(request):
             acc.description = form.cleaned_data['description']
             acc.save()
 
-            for eacc in EVEAccount.objects.filter(user=request.user):
-                if acc.api_status == 1 and acc.in_corp(settings.EVE_CORP_ID):
-                    profile = request.user.get_profile()
-                    profile.corp_user = True
-                    profile.save()
-                    break
+            request.user.get_profile().update_access()
 
             return HttpResponseRedirect(reverse('sso.views.profile')) # Redirect after POST
     else:
@@ -84,8 +79,10 @@ def eveapi_del(request, userid=0):
 
 @login_required
 def service_add(request):
+    clsform = UserServiceAccountForm(request.user)
+
     if request.method == 'POST': 
-        form = ServiceAccountForm(request.POST) 
+        form = clsform(request.POST) 
         if form.is_valid():
   
             acc = ServiceAccount()
@@ -98,7 +95,7 @@ def service_add(request):
             acc.save()
             return HttpResponseRedirect(reverse('sso.views.profile')) # Redirect after POST
     else:
-        form = ServiceAccountForm() # An unbound form
+        form = clsform() # An unbound form
 
     return render_to_response('sso/serviceaccount.html', {
         'form': form,