Logging in can now be restricted to members of a config-specified LDAP group.
This affects the IGV section of Genetics Ark.
Test that authorisation passes, if I am in the correct LDAP group:
Set up: provide the correct LDAP_PERMITTED_GROUP in the config
Test: Log in to Genetics Ark using my credentials
Result: Log in succeeds, and I am able to access IGV and view data
Test that authorisation fails, if I am not in the correct group:
Set up: deliberately provide an incorrect LDAP_PERMITTED_GROUP string in the config (it starts with LDAP_PERMITTED_GROUP=cn=GA Test,ou=GA Test and is in the LDAP_CONF scope)
Test: Log in to Genetics Ark using my credentials
Result: I get an error message in the website log-in page, telling me that log-in has failed. In the genetics-ark-web logs, I get the debug message: 'DEBUG 2024-07-24 13:26:07,283 django_auth_ldap Authentication failed for : user does not satisfy AUTH_LDAP_REQUIRE_GROUP'
So, authentication successfully block users who aren't in the config's LDAP_PERMITTED_GROUP
Logging in can now be restricted to members of a config-specified LDAP group. This affects the IGV section of Genetics Ark.
Test that authorisation passes, if I am in the correct LDAP group:
Test that authorisation fails, if I am not in the correct group:
This change is