diff --git a/mozilla_django_oidc_db/admin.py b/mozilla_django_oidc_db/admin.py index 1406422..8649a1d 100644 --- a/mozilla_django_oidc_db/admin.py +++ b/mozilla_django_oidc_db/admin.py @@ -50,6 +50,7 @@ class OpenIDConnectConfigAdmin(DynamicArrayMixin, SingletonModelAdmin): "sync_groups", "sync_groups_glob_pattern", "default_groups", + "group_mapping", "make_users_staff", ) }, diff --git a/mozilla_django_oidc_db/backends.py b/mozilla_django_oidc_db/backends.py index 4c97687..9b1f284 100644 --- a/mozilla_django_oidc_db/backends.py +++ b/mozilla_django_oidc_db/backends.py @@ -173,6 +173,14 @@ def update_user_groups(self, user, claims): groups_claim, ) claim_groups = [] + + if self.config.group_mapping: + new_claim_groups = set() + for group_name, map_to in self.config.group_mapping: + if group_name in claim_groups: + new_claim_groups.add(map_to) + claim_groups = list(new_claim_groups) + if sorted(claim_groups) != sorted(django_groups): existing_groups = list( Group.objects.filter(name__in=claim_groups).iterator() diff --git a/mozilla_django_oidc_db/migrations/0012_openidconnectconfig_group_mapping.py b/mozilla_django_oidc_db/migrations/0012_openidconnectconfig_group_mapping.py new file mode 100644 index 0000000..f7df63b --- /dev/null +++ b/mozilla_django_oidc_db/migrations/0012_openidconnectconfig_group_mapping.py @@ -0,0 +1,25 @@ +# Generated by Django 3.2.18 on 2023-12-19 14:55 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ( + "mozilla_django_oidc_db", + "0011_alter_openidconnectconfig_userinfo_claims_source", + ), + ] + + operations = [ + migrations.AddField( + model_name="openidconnectconfig", + name="group_mapping", + field=models.JSONField( + default=list, + help_text="Mapping from group names to local groups in the application", + verbose_name="group mapping", + ), + ), + ] diff --git a/mozilla_django_oidc_db/models.py b/mozilla_django_oidc_db/models.py index a40a1b5..4464a02 100644 --- a/mozilla_django_oidc_db/models.py +++ b/mozilla_django_oidc_db/models.py @@ -284,6 +284,11 @@ class OpenIDConnectConfig(CachingMixin, OpenIDConnectConfigBase): "The default groups to which every user logging in with OIDC will be assigned" ), ) + group_mapping = models.JSONField( + _("group mapping"), + default=list, + help_text=("Mapping from group names to local groups in the application"), + ) make_users_staff = models.BooleanField( _("make users staff"),