accounts2/fas/fas controllers.py,1.4,1.5 fasLDAP.py,1.4,1.5
Michael Patrick McGrath (mmcgrath)
fedora-extras-commits at redhat.com
Wed Apr 4 16:36:54 UTC 2007
- Previous message (by thread): accounts2/fas dev.cfg,1.2,1.3
- Next message (by thread): accounts2/fas/fas/templates editAccount.kid, 1.4, 1.5 editGroup.kid, 1.2, 1.3 login.kid, 1.2, 1.3 resetPassword.kid, 1.1, 1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: mmcgrath
Update of /cvs/fedora/accounts2/fas/fas
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv11966/fas
Modified Files:
controllers.py fasLDAP.py
Log Message:
Added many features and needed cleanup. Still not yet ready for a production release
Index: controllers.py
===================================================================
RCS file: /cvs/fedora/accounts2/fas/fas/controllers.py,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- controllers.py 28 Mar 2007 18:54:59 -0000 1.4
+++ controllers.py 4 Apr 2007 16:36:47 -0000 1.5
@@ -5,8 +5,10 @@
from fas.fasLDAP import UserAccount
from fas.fasLDAP import Person
from fas.fasLDAP import Groups
+from fas.fasLDAP import UserGroup
from turbogears import exception_handler
import turbogears
+import ldap
# from fas import json
# import logging
# log = logging.getLogger("fas.controllers")
@@ -77,7 +79,11 @@
except KeyError:
# Not in group
myStatus = 'Not a Member'
- return dict(groups=groups, group=group, myStatus=myStatus)
+ try:
+ me = groups[userName]
+ except:
+ me = UserGroup()
+ return dict(groups=groups, group=group, me=me)
@expose(template="fas.templates.groupList")
@exception_handler(errorMessage,rules="isinstance(tg_exceptions,ValueError)")
@@ -93,9 +99,10 @@
groups = {}
return dict(groups=groups, search=search, myGroups=myGroups)
+
@expose(template="fas.templates.resetPassword")
@exception_handler(errorMessage,rules="isinstance(tg_exceptions,ValueError)")
- def resetPassword(self, userName=None, password=None, passwordCheck=None, email=None):
+ def resetPassword(self, userName=None, password=None, passwordCheck=None, mail=None):
import turbomail
# Logged in
@@ -103,42 +110,49 @@
return dict()
# Not logged in
- if not (userName and password and email):
+ if not (userName and mail) and not turbogears.identity.current.user_name:
+ turbogears.flash('Please provide your username and password')
return dict()
if turbogears.identity.current.user_name:
userName = turbogears.identity.current.user_name
p = Person.byUserName(userName)
- if password and passwordCheck and turbogears.identity.current.user_name:
+ if password and passwordCheck:
if not password == passwordCheck:
turbogears.flash('Passwords do not match!')
return dict()
- else:
- turbogears.flash('Passwords do not matchasfdasdf!')
+ if len(password) < 8:
+ turbogears.flash('Password is too short. Must be at least 8 characters long')
return dict()
+ newpass = p.generatePassword(password)
- if userName and email and not turbogears.identity.current.user_name:
- if not email == p.mail:
- turbogears.flash("'%s' Updated to %s" % (attribute, value))
+ if userName and mail and not turbogears.identity.current.user_name:
+ if not mail == p.mail:
+ turbogears.flash("username + email combo unknown.")
return dict()
- newpass = p.generatePassword(password='test')
- message = turbomail.Message('mmcgrath at fedoraproject.org', 'mmcgrath at redhat.com', 'Fedora Project Password Reset')
+ newpass = p.generatePassword()
+ message = turbomail.Message('accounts at fedoraproject.org', p.mail, 'Fedora Project Password Reset')
message.plain = "You have requested a password reset - %s - %s" % (newpass['hash'], newpass['pass'])
turbomail.enqueue(message)
-# p.__setattr__('userPassword', newpass['hash'])
+ p.__setattr__('userPassword', newpass['hash'])
- newpass = p.generatePassword(password)
p.userPassword = newpass['hash']
- return dict()
+ print "PASS: %s" % newpass['pass']
- @expose(template="fas.templates.resetTrap")
- def resetTrap(self):
- return dict()
+ if turbogears.identity.current.user_name:
+ turbogears.flash("Password Changed")
+ turbogears.redirect("editAccount")
+ else:
+ turbogears.flash('Your password has been emailed to you')
+ return dict()
+
+
+ changePassword = resetPassword
@expose(template="fas.templates.userList")
@exception_handler(errorMessage,rules="isinstance(tg_exceptions,ValueError)")
- @identity.require(identity.in_group("sysadmin-main"))
+# @identity.require(identity.in_group("sysadmin-main"))
def listUser(self, search='a*'):
users = Person.users(search)
try:
@@ -161,15 +175,111 @@
turbogears.flash("'%s' Updated to %s" % (attribute, value))
return dict(userName=userName, attribute=attribute, value=value)
- @expose(template='fas.template.apply')
+ @expose(template='fas.templates.apply')
+ @exception_handler(errorMessage, rules="isinstance(tg_exceptions,ValueError)")
+ @identity.require(identity.not_anonymous())
+ def sudo(self, userName):
+ # This doesn't work
+ turbogears.identity.current.user_name=userName
+ turbogears.flash('Sudoed to %s' % userName)
+ turbogears.recirect('editAccount')
+
+ @expose(template='fas.templates.apply')
+ @exception_handler(errorMessage, rules="isinstance(tg_exceptions,ValueError)")
+ @identity.require(identity.not_anonymous())
+ def modifyGroup(self, groupName, action, userName):
+ ''' Modifies group based on action, groupName and userName '''
+ try:
+ group = Groups.groups(groupName)[groupName]
+ except KeyError, e:
+ turbogears.flash('Group Error: %s does not exist - %s' % (groupName, e))
+ turbogears.redirect('editGroup?groupName=%s' % group.cn)
+
+ try:
+ p = Person.byUserName(userName)
+ if not p.cn:
+ raise KeyError, 'User %s, just not there' % userName
+ except KeyError, e:
+ turbogears.flash('User Error: %s does not exist - %s' % (userName, e))
+ turbogears.redirect('editGroup?groupName=%s' % group.cn)
+
+ try:
+ userGroup = Groups.byGroupName(groupName)[userName]
+ except KeyError:
+ # User not already in the group (happens when users apply for a group)
+ userGroup = UserGroup()
+ pass
+
+ if action == 'remove':
+ try:
+ Groups.remove(group.cn, p.cn)
+ except TypeError:
+ turbogears.flash('%s could not be removed from %s!' % (p.cn, group.cn))
+ turbogears.redirect('editGroup?groupName=%s' % group.cn)
+ else:
+ turbogears.flash('%s removed from %s!' % (p.cn, group.cn))
+ turbogears.redirect('editGroup?groupName=%s' % group.cn)
+ return dict()
+
+ if action == 'upgrade':
+ try:
+ p.upgrade(groupName)
+ except TypeError, e:
+ turbogears.flash('Cannot upgrade %s - %s!' % (userGroup.fedoraRoleType, e))
+ turbogears.redirect('editGroup?groupName=%s' % group.cn)
+ turbogears.flash('%s Upgraded!' % p.cn)
+ turbogears.redirect('editGroup?groupName=%s' % group.cn)
+
+ if action == 'downgrade':
+ try:
+ p.downgrade(groupName)
+ except TypeError, e:
+ turbogears.flash('Cannot downgrade %s - %s!' % (userGroup.fedoraRoleType, e))
+ turbogears.redirect('editGroup?groupName=%s' % group.cn)
+ turbogears.flash('%s Downgraded!' % p.cn)
+ turbogears.redirect('editGroup?groupName=%s' % group.cn)
+
+ if action == 'apply':
+ Groups.apply(groupName, userName)
+ turbogears.flash('%s Applied!' % p.cn)
+ turbogears.redirect('editGroup?groupName=%s' % group.cn)
+
+ # Done
+ turbogears.flash('Invalid action: %s' % action)
+ turbogears.redirect('editGroup?groupName=%s' % group.cn)
+ return dict()
+
+ @expose(template='fas.templates.apply')
@exception_handler(errorMessage,rules="isinstance(tg_exceptions,ValueError)")
@identity.require(identity.not_anonymous())
- def applyForGroup(self, groupName, action=None):
+ def applyForGroup(self, groupName, action=None, requestField=None):
userName = turbogears.identity.current.user_name
- if action:
- Groups.apply(groupName, userName)
- group = Groups.groups(groupName)
- return dict(group=group)
+ group = Groups.groups(groupName)[groupName]
+ user = Person.byUserName(userName)
+ if action != 'Remove':
+ try:
+ Groups.apply(groupName, userName)
+ turbogears.flash('Application sent for %s' % user.cn)
+ except ldap.ALREADY_EXISTS, e:
+ turbogears.flash('Application Denied: %s' % e[0]['desc'])
+ turbogears.redirect('editGroup?groupName=%s' % group.cn)
+
+ if action == 'Remove' and group.fedoraGroupUserCanRemove == 'TRUE':
+ try:
+ Groups.remove(group.cn, user.cn)
+ except TypeError:
+ turbogears.flash('%s could not be removed from %s!' % (user.cn, group.cn))
+ turbogears.redirect('editGroup?groupName=%s' % group.cn)
+ else:
+ turbogears.flash('%s removed from %s!' % (user.cn, group.cn))
+ turbogears.redirect('editGroup?groupName=%s' % group.cn)
+ else:
+ turbogears.flash('%s does not allow self removal' % group.cn)
+ turbogears.redirect('editGroup?groupName=%s' % group.cn)
+ return dict()
+def relativeUser(realUser, sudoUser):
+ ''' Takes user and sees if they are allow to sudo for remote group'''
+ p = Person.byUserName('realUser')
Index: fasLDAP.py
===================================================================
RCS file: /cvs/fedora/accounts2/fas/fas/fasLDAP.py,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- fasLDAP.py 28 Mar 2007 18:54:59 -0000 1.4
+++ fasLDAP.py 4 Apr 2007 16:36:47 -0000 1.5
@@ -20,7 +20,7 @@
class UserGroup:
''' Individual User->Group abstraction class '''
- def __init__(self, fedoraRoleApprovalDate, fedoraRoleSponsor, cn, fedoraRoleCreationDate, objectClass, fedoraRoleType, fedoraRoleStatus, fedoraRoleDomain):
+ def __init__(self, fedoraRoleApprovalDate=None, fedoraRoleSponsor=None, cn=None, fedoraRoleCreationDate=None, objectClass=None, fedoraRoleType=None, fedoraRoleStatus='Not a Member', fedoraRoleDomain=None):
self.fedoraRoleApprovalDate = fedoraRoleApprovalDate
self.fedoraRoleSponsor = fedoraRoleSponsor
self.cn = cn
@@ -48,6 +48,8 @@
base = 'ou=Roles,cn=%s,ou=People,dc=fedoraproject,dc=org' % cn
groupsDict = search(base, filter)
+ if not groupsDict:
+ groupsDict = []
for group in groupsDict:
cn = group[0][1]['cn'][0]
groups[cn] = UserGroup(
@@ -88,11 +90,17 @@
def remove(self, groupName, userName=None):
if not userName:
userName = self.__userName
- if groupName in self.byUserName(userName):
- # Probably shouldn't be 'TypeError'
- delete('cn=%s,ou=Roles,cn=%s,ou=People,dc=fedoraproject,dc=org' % (groupName, userName))
- else:
- raise TypeError, 'User not in that group'
+ print "userName: %s" % userName
+ try:
+ g = self.byUserName(userName, includeUnapproved=True)[groupName]
+ except:
+ raise TypeError, 'User not in group %s' % groupName
+ try:
+ delete('cn=%s+fedoraRoleType=%s,ou=Roles,cn=%s,ou=People,dc=fedoraproject,dc=org' % (g.cn, g.fedoraRoleType, userName))
+ except ldap.NO_SUCH_OBJECT:
+ delete('cn=%s,ou=Roles,cn=%s,ou=People,dc=fedoraproject,dc=org' % (g.cn, userName))
+ except:
+ raise TypeError, 'Could Not delete %s from %s' % (userName, g.cn)
@classmethod
def apply(self, groupName, userName=None):
@@ -111,7 +119,7 @@
raise TypeError, 'Group "%s" does not exist' % groupName
dt = datetime.datetime.now()
- now = '%s-%s-%s %s:%s:%s.%s' % (dt.year,
+ now = '%.2i-%.2i-%.2i %.2i:%.2i:%.2i.%.2i' % (dt.year,
dt.month,
dt.day,
dt.hour,
@@ -119,7 +127,7 @@
dt.second,
dt.microsecond)
- attributes = { 'cn' : groupName,
+ attributes = { 'cn' : groupName.encode('utf8'),
'fedoraRoleApprovaldate' : 'NotApproved',
'fedoraRoleCreationDate' : now,
'fedoraRoleDomain' : 'None',
@@ -128,6 +136,7 @@
'fedoraRoleType' : 'user',
'objectClass' : ('fedoraRole')}
+ print 'cn=%s,ou=Roles,cn=%s,ou=People,dc=fedoraproject,dc=org' % (groupName, userName), attributes
add('cn=%s,ou=Roles,cn=%s,ou=People,dc=fedoraproject,dc=org' % (groupName, userName), attributes)
@@ -224,8 +233,34 @@
who = 'cn=%s,ou=People,dc=fedoraproject,dc=org' % who
ldapServer.simple_bind_s(who, password)
+ def upgrade(self, group):
+ base = 'cn=%s,ou=Roles,cn=%s,ou=People,dc=fedoraproject,dc=org' % (group, self.cn)
+ g = Groups.byGroupName(group, includeUnapproved=True)[self.cn]
+ if not g.fedoraRoleStatus.lower() == 'approved':
+ '''User not approved or sponsored'''
+ raise TypeError, 'User is not approved'
+ if g.fedoraRoleType.lower() == 'administrator':
+ raise TypeError, 'User cannot be upgraded beyond administrator'
+ elif g.fedoraRoleType.lower() == 'sponsor':
+ modify(base, 'fedoraRoleType', 'administrator', g.fedoraRoleType)
+ elif g.fedoraRoleType.lower() == 'user':
+ modify(base, 'fedoraRoleType', 'sponsor', g.fedoraRoleType)
+
+ def downgrade(self, group):
+ base = 'cn=%s,ou=Roles,cn=%s,ou=People,dc=fedoraproject,dc=org' % (group, self.cn)
+ g = Groups.byGroupName(group, includeUnapproved=True)[self.cn]
+ if not g.fedoraRoleStatus.lower() == 'approved':
+ '''User not approved or sponsored'''
+ raise TypeError, 'User is not approved'
+ if g.fedoraRoleType.lower() == 'user':
+ raise TypeError, 'User cannot be downgraded below user, did you mean remove?'
+ elif g.fedoraRoleType.lower() == 'sponsor':
+ modify(base, 'fedoraRoleType', 'user', g.fedoraRoleType)
+ elif g.fedoraRoleType.lower() == 'administrator':
+ modify(base, 'fedoraRoleType', 'sponsor', g.fedoraRoleType)
+
- def generatePassword(self,length=14,password=None,salt=''):
+ def generatePassword(self,password=None,length=14,salt=''):
from random import Random
import sha
import sha
@@ -268,6 +303,7 @@
ldapServer = s.ldapConn
ldapServer.simple_bind_s('cn=directory manager', 'test')
+ print "Deleteing %s " % base
ldapServer.delete_s(base)
def add(base, attributes, ldapServer=None):
- Previous message (by thread): accounts2/fas dev.cfg,1.2,1.3
- Next message (by thread): accounts2/fas/fas/templates editAccount.kid, 1.4, 1.5 editGroup.kid, 1.2, 1.3 login.kid, 1.2, 1.3 resetPassword.kid, 1.1, 1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list