django-openid-auth

Admin UI allows manual assignment of groups mapped to openid teams

Bug #386695 reported by Stuart Metcalfe
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
django-openid-auth
New
Undecided
Unassigned

Bug Description

If I add a user to a group manually in the admin interface, but that group is also mapped to a team of which the user is not a member in OPENID_LAUNCHPAD_TEAMS_MAPPING, the manual group assignment is removed on the user's next login. It should not be possible to add a user to a group through the admin ui if that group is bound to an openid team

See original description
Revision history for this message
James Henstridge (jamesh) wrote :

Is this actually a good idea? The purpose of OPENID_LAUNCHPAD_TEAMS_MAPPING is to bind certain Django groups to Launchpad teams. If the user is not a member of the given Launchpad team, then they shouldn't be a member of the Django group.

If you want to manage some group memberships outside of Launchpad, wouldn't it be simpler to manage them as a separate group?

Revision history for this message
Stuart Metcalfe (stuartmetcalfe) wrote : Re: [Bug 386695] Re: Manually assigned group memberships overridden by teams on login

James Henstridge wrote:
> Is this actually a good idea? The purpose of
> OPENID_LAUNCHPAD_TEAMS_MAPPING is to bind certain Django groups to
> Launchpad teams. If the user is not a member of the given Launchpad
> team, then they shouldn't be a member of the Django group.
>
> If you want to manage some group memberships outside of Launchpad,
> wouldn't it be simpler to manage them as a separate group?

If a group is defined in Django with a particular set of permissions
(often called a 'role' in other systems I've worked on), it seems odd to
have to duplicate that if we want to give exactly the same set of
permissions to people who are and people who aren't in a particular team
in an external system - especially if we aren't enforcing this rule in
the Django admin UI. It seems counter-intuitive to require this
distinction - the two methods of assignment should be able to co-exist.

Stuart Metcalfe (stuartmetcalfe)
summary: - Manually assigned group memberships overridden by teams on login
+ Admin UI allows manual assignment of groups mapped to openid teams
description: updated
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.