How to restric admin login to specific users?

urbanplatform / django-keycloak-auth

Middleware to allow authorization using Keycloak and Django for django-rest-framework (DRF). This package should only be used in projects starting from scratch, since it overrides the users' management.

MIT License

32 stars 14 forks source link

How to restric admin login to specific users? #28

Closed Wissperwind closed 2 years ago

Wissperwind commented 2 years ago

Hi,

Is there a way to let only specific users log in into the admin area?

moritz89 commented 2 years ago

AFAIK, this is outside the scope of this plugin and has to be configured in the permissions of Keycloak itself.

Wissperwind commented 2 years ago

I thin I found a way... The Code:

    def has_superuser_perm(self, token):
        """
        Check if token belongs to a user with superuser permissions
        """

        print(self.client_roles(token))
        if self.client_admin_role in self.client_roles(token):
            return True

        print(self.realm_roles(token))
        if self.realm_admin_role in self.realm_roles(token):
            return True
        return False

Just use roles. Users that have the realm admin role in the configuration can login into admin.

simao-silva commented 2 years ago

@Wissperwind this is outside of the scope of this plugin. Still, I am glad you found a solution.

AzureIP commented 2 years ago

I don't think so. It is the scope of keycloak to tell what roles a user has. It is the scope of the application, that is this plugin and django, to decide which role allow to do what. So as I implemented, the client decides that it let specific users in a specific gropu into the admin area.