Update to 2020-10-01 10:00

roles/mayan_edms/defaults/main.yml

@@ -74,6 +74,19 @@ mayan_ldap_group_type: "{{ ad_auth | default(False) | ternary('NestedActiveDirec
 # LDAP filter to search for groups
 mayan_ldap_group_filter: "{{ ad_auth | default(False) | ternary('(objectClass=group)','(objectClass=posixGroup)') }}"
 
+# Define user flags based on group membership, for example :
+#
+# mayan_ldap_flags_by_group:
+#   is_active:
+#     - CN=Users,DC=example,DC=org
+#   is_staff:
+#     - CN=IT,OU=Groups,DC=example,DC=org
+#   is_superuser:
+#     - CN=Role_Infra_Admin,OU=Roles,DC=example,DC=org
+#     - CN=Domain Admins,OU=Groups,DC=example,DC=org
+mayan_ldap_flags_by_group: {}
+
+
 # If defined, will either require user to be part of one of those groups,
 # or forbid access to membres of those groups
 # mayan_ldap_require_group:

roles/mayan_edms/tasks/directories.yml

@@ -24,4 +24,5 @@
       mode: 750
     - path: "{{ mayan_root_dir }}/fuse"
       mode: 700
+    - path: "{{ mayan_root_dir }}/input"
   tags: mayan

roles/mayan_edms/tasks/install.yml

@@ -77,6 +77,10 @@
     virtualenv_python: /usr/bin/python3
   tags: mayan
 
+- name: Install mayan-edms wrapper
+  template: src=mayan-edms.j2 dest=/usr/local/bin/mayan-edms mode=755
+  tags: mayan
+
 - name: Install Mayan EDMS
   pip:
     name:

roles/mayan_edms/templates/auth.py.j2

@@ -1,7 +1,7 @@
 import ldap
 
 from django_auth_ldap.config import (
-    LDAPSearch, LDAPSearchUnion, {{ mayan_ldap_group_type }}
+    LDAPSearch, LDAPSearchUnion, LDAPGroupQuery, {{ mayan_ldap_group_type }}
 )
 
 from mayan.settings.production import *
@@ -60,11 +60,25 @@ AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
 
 AUTH_LDAP_GROUP_TYPE = {{ mayan_ldap_group_type }}()
 
+AUTH_LDAP_USER_FLAGS_BY_GROUP = {
+{% for key in mayan_ldap_flags_by_group.keys() %}
+{% if mayan_ldap_flags_by_group[key] | length > 0 %}
+    '{{ key }}': (
+{% for group in mayan_ldap_flags_by_group[key] %}
+        LDAPGroupQuery('{{ group }}') {{ '|' if not loop.last }}
+{% endfor %}
+    ),
+{% endif %}
+{% endfor %}
+}
+
 AUTHENTICATION_BACKENDS = (
     'django_auth_ldap.backend.LDAPBackend',
     'django.contrib.auth.backends.ModelBackend'
 )
 
+AUTH_LDAP_MIRROR_GROUPS = True
+
 {% if mayan_auth_custom_conf is defined %}
 {{ mayan_auth_custom_conf }}
 {% endif %}

roles/mayan_edms/templates/mayan-edms.j2

@@ -0,0 +1,6 @@
+#!/bin/bash -e
+
+set -o allexport
+. {{ mayan_root_dir }}/config/.env
+set +o allexport
+{{ mayan_root_dir }}/venv/bin/python {{ mayan_root_dir }}/venv/bin/mayan-edms.py $@

roles/squid/files/acl/software_various.domains

@@ -200,6 +200,7 @@ graylog2-releases.s3.eu-west-1.amazonaws.com
 
 # NPM / NodeJS
 registry.npmjs.org
+registry.npmjs.com
 
 # Asterisk / FreePBX
 ast.tucny.com
@@ -290,6 +291,10 @@ static.crates.io
 npm.fontawesome.com
 dl.fontawesome.com
 
+# Google fonts
+fonts.googleapis.com
+fonts.gstatic.com
+
 # Jitsi
 download.jitsi.org
 # Needed to build Jitsi Meet