jegomez/attendance-flask-mini-app
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Indicate completed tasks

Browse Source
This commit is contained in:
Jorge Enrique Gómez Gómez 2023-05-27 22:06:13 +00:00
parent 13d799b2e7
commit 69c7b0be65
1 changed files with 13 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
README.md
View File

@ -31,30 +31,31 @@ Add this code to the nginx configuration file for the virtual host:
}
```
## Decided, pending to be done
## Tasks
* Create a separate group in LDAP for non-Workspace users
* Change **Google Cloud Directory Sync** configuration to skip users in this
* [X] Create a separate group in LDAP for non-Workspace users
* [X] Change **Google Cloud Directory Sync** configuration to skip users in this
group
* List all non-Workspace users with access to Odoo and create them in LDAP
* [X] List all non-Workspace users with access to Odoo and create them in LDAP
## To be decided
* The Flask app will be installed in a central container? or a separate
instance on every Raspberry Pi display?
* If every display has an instance, how to prevent direct connections
* [X] The Flask app will be installed in a central container? or a separate
instance on every Raspberry Pi display?: In a central container
* [X] If every display has an instance, how to prevent direct connections
to it, that bypass Authelia?
* Different QR codes pointing to different URLs (perhaps with the same
* [X] Different QR codes pointing to different URLs (perhaps with the same
UUID?) for entrance/exit, very clearly labeled.
* How to allow the display to show the main screen without having to
* [ ] How to allow the display to show the main screen without having to
login to Authelia? (remember that the Authelia registration cookie
expires every month), and still requiring login for everyone else?
* How to prevent users from accessing the main page and displaying the QR code?
* [ ] How to prevent users from accessing the main page and displaying the QR code?
Perhaps using a separate attendance-checking domain?
### Odoo login: OIDC or LDAP?
* Install [OIDC module][1] in Odoo to allow access and login via Authelia
* The [OIDC module][1] could be installed in Odoo to allow access and login
via Authelia instead of Google/Oauth
* Configure Authelia to require password from users in this LDAP group
when accessing Odoo.
* Change nginx configuration in Odoo server to force users to go through
@ -62,7 +63,7 @@ Add this code to the nginx configuration file for the virtual host:
in Authelia; non-Workspace users who have logged into Authelia will be able
to login to Odoo using one click).
* Another option is to install the LDAP authentication module in Odoo,
* Another option would be to install the LDAP authentication module in Odoo,
and allow users to enter their username and password, instead of their
personal Google account (not sure if it's possible), or a manually
assigned password. The user would login twice in this scenario: