48 lines
1.5 KiB
YAML
48 lines
1.5 KiB
YAML
# Ultimail — claim OIDC `groups` pour RBAC backend (contacts, calendar, drive, photos)
|
|
version: 1
|
|
metadata:
|
|
name: Ultimail suite groups
|
|
labels:
|
|
blueprints.goauthentik.io/instantiate: "true"
|
|
entries:
|
|
- model: authentik_core.group
|
|
id: ulti-admins-group
|
|
identifiers:
|
|
name: ulti-admins
|
|
attrs:
|
|
name: ulti-admins
|
|
is_superuser: false
|
|
|
|
- model: authentik_providers_oauth2.scopemapping
|
|
id: ulti-suite-groups-mapping
|
|
identifiers:
|
|
name: ulti-suite-groups
|
|
attrs:
|
|
name: ulti-suite-groups
|
|
scope_name: profile
|
|
description: Suite RBAC groups for Ultimail API
|
|
expression: |
|
|
groups = [
|
|
"role:user",
|
|
"contacts:write",
|
|
"calendar:write",
|
|
"drive:write",
|
|
"photos:write",
|
|
]
|
|
for group in user.ak_groups.all():
|
|
if group.name == "ulti-admins":
|
|
groups.extend(["admin", "admin:write"])
|
|
break
|
|
return {"groups": groups}
|
|
|
|
- model: authentik_providers_oauth2.oauth2provider
|
|
identifiers:
|
|
name: ulti-backend-provider
|
|
attrs:
|
|
property_mappings:
|
|
- !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]]
|
|
- !Find [authentik_providers_oauth2.scopemapping, [scope_name, email]]
|
|
- !Find [authentik_providers_oauth2.scopemapping, [scope_name, profile]]
|
|
- !Find [authentik_providers_oauth2.scopemapping, [scope_name, offline_access]]
|
|
- !KeyOf ulti-suite-groups-mapping
|