Advanced Default AD group Options

Issue #388 resolved
Cody Crewson created an issue

When using the AD group functionality to link user authentication, it would be nice if the user's presence or absence of a group dictated the QATrack group they would be in.

I.e. if User was in Agency_therapy, that would map to granting the user QATrack\Therapist rights.

I'm not sure if this would be the functional way to get this to work but I see this as a mapping table replacing the 'default group' value that maps a site's AD groups to QATrack groups. I would even be open to being forced to rename the QATrack groups to match their respective AD groups.

This would help significantly with onboarding and offboarding staff.

Comments (2)

  1. Randle Taylor
    • changed status to open

    A model like:

    class ADGroupMapper(models.Model):
    
        ad_group_name = models.CharField()
        group = models.ForeignKey(Group)
    

    could be created. When a new user is created in QATrack+ it could iterate over the AD group memberships and automatically populate the users groups based on this mapping table.

  2. Randle Taylor

    I plan on making all of the AD functionality editable through the admin at some point, but for now I’ve implemented a new setting:

    """AD_GROUP_MAP is a map from AD Group names to QATrack+ group names in form
    of e.g. {'Your Hospital - Physics': "Physics"}.
    When a user logs in to QATrack+, their AD groups will be
    checked and they will automatically be added to the
    corresponding QATrack+ group based on this map."""
    
    AD_GROUP_MAP = {}
    

    Note this is currently additive only. A user won’t have QATrack+ groups removed if they are no longer part of the corresponding group in AD.

  3. Log in to comment