[IMP] auth_oidc: Add AuthOauthProviderGroupLine

Thanks to 4204bd8 @hbrunn & @26hpredraglazarevic
OCA · Aug 28, 2024 · 62a5bdd · 62a5bdd
1 parent e6dfb2a
commit 62a5bdd
Show file tree

Hide file tree

Showing 4 changed files with 30 additions and 1 deletion.
diff --git a/auth_oidc/__manifest__.py b/auth_oidc/__manifest__.py
@@ -16,6 +16,10 @@
     "summary": "Allow users to login through OpenID Connect Provider",
     "external_dependencies": {"python": ["python-jose"]},
     "depends": ["auth_oauth"],
-    "data": ["views/auth_oauth_provider.xml", "data/auth_oauth_data.xml"],
+    "data": [
+        "views/auth_oauth_provider.xml",
+        "data/auth_oauth_data.xml",
+        "security/ir.model.access.csv",
+    ],
     "demo": ["demo/local_keycloak.xml"],
 }
diff --git a/auth_oidc/models/auth_oauth_provider.py b/auth_oidc/models/auth_oauth_provider.py
@@ -47,6 +47,11 @@ class AuthOauthProvider(models.Model):
     )
     jwks_uri = fields.Char(string="JWKS URL", help="Required for OpenID Connect.")
     groups_field = fields.Char(help="Token field that stores the groups' mapping")
+    group_line_ids = fields.One2many(
+        "auth.oauth.provider.group_line",
+        "provider_id",
+        string="Group maps",
+    )
 
     @tools.ormcache("self.jwks_uri", "kid")
     def _get_keys(self, kid):
@@ -105,3 +110,15 @@ def _decode_id_token(self, access_token, id_token, kid):
         if error:
             raise error
         return {}
+
+
+class AuthOauthProviderGroupLine(models.Model):
+    _name = "auth.oauth.provider.group_line"
+    _description = "Mapping OAuth-provided groups with Odoo groups"
+
+    provider_id = fields.Many2one("auth.oauth.provider", required=True)
+    oauth_group_name = fields.Char(
+        required=True,
+        help="Group name as passed in the Access Token from the IdP",
+    )
+    group_id = fields.Many2one("res.groups", required=True)
diff --git a/auth_oidc/security/ir.model.access.csv b/auth_oidc/security/ir.model.access.csv
@@ -0,0 +1,2 @@
+id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
+access_auth_oauth_provider_group_line,auth_oauth_provider,model_auth_oauth_provider_group_line,base.group_system,1,1,1,1
diff --git a/auth_oidc/views/auth_oauth_provider.xml b/auth_oidc/views/auth_oauth_provider.xml
@@ -18,6 +18,12 @@
             <field name="validation_endpoint" position="after">
                 <field name="token_endpoint" />
                 <field name="groups_field" />
+                <field name="group_line_ids">
+                    <tree>
+                        <field name="oauth_group_name" />
+                        <field name="group_id" />
+                    </tree>
+                </field>
                 <field name="jwks_uri" />
             </field>
         </field>