def valid_form_user(ldap, request, cn, uidNumber, employeeNumber, mail, edit=False):
# Valid
is_valid = True
if not edit:
try:
ldap.get_user(cn)
is_valid = False
messages.add_message(
request, messages.WARNING, ldap_messages.get("error_duplicated_name_user") % cn)
except LDAPError:
pass
for usr in get_users(ldap):
if edit and cn == usr.get("cn"):
continue
if uidNumber == usr.get("uidNumber"):
is_valid = False
messages.add_message(request, messages.WARNING, ldap_messages.get(
"error_duplicated_uidNumber_user") % uidNumber)
if employeeNumber == usr.get("employeeNumber"):
is_valid = False
messages.add_message(request, messages.WARNING, ldap_messages.get(
"error_duplicated_employeeNumber_user") % employeeNumber)
if mail == usr.get("mail"):
is_valid = False
messages.add_message(request, messages.WARNING, ldap_messages.get(
"error_duplicated_mail_user") % mail)
return is_valid
def ajax_unlock_user(request):
ldap = Ldap(AuthSession(request.session).get_user().get_username())
status_code = 500
try:
cn = request.GET['cn']
ldap.unlock_user(cn)
status_code = 200
messages.add_message(
request, messages.SUCCESS, ldap_messages.get("success_unlock_user") % cn)
except LDAPNotFoundError, e:
messages.add_message(
request, messages.ERROR, ldap_messages.get("invalid_user") % cn)
def add_group_form(request):
try:
lists = dict()
ldap = Ldap(AuthSession(request.session).get_user().get_username())
users_list = get_users(ldap)
if request.method == "POST":
form = GroupForm(users_list, request.POST)
if form.is_valid():
cn = str(form.cleaned_data['cn'])
gidNumber = str(form.cleaned_data['gidNumber'])
member_uid = form.cleaned_data['member_uid']
if valid_form_group(ldap, request, cn, gidNumber):
ldap.add_group(cn, gidNumber, member_uid)
messages.add_message(
request, messages.SUCCESS, ldap_messages.get("success_insert_group"))
return redirect('ldap.group.list')
else:
form = GroupForm(
users_list, initial={'gidNumber': gidNumber_suggest(ldap)})
except LDAPError, e:
logger.error(e)
messages.add_message(request, messages.ERROR, e)
def delete_sudoer_all(request):
if request.method == 'POST':
ldap = Ldap(AuthSession(request.session).get_user().get_username())
form = DeleteForm(request.POST)
if form.is_valid():
# All cns to be deleted
cns = split_to_array(form.cleaned_data['ids'])
# All messages to display
error_list = list()
# Control others exceptions
have_errors = False
# For each sudoer selected to remove
for cn in cns:
try:
ldap.rem_sudoer(cn)
except LDAPNotFoundError, e:
error_list.append(cn)
have_errors = True
except LDAPError, e:
logger.error(e)
messages.add_message(request, messages.ERROR, e)
have_errors = True
break
# If cant remove nothing
if len(error_list) == len(cns):
messages.add_message(
request, messages.ERROR, error_messages.get("can_not_remove_all"))
# If cant remove someones
elif len(error_list) > 0:
msg = ""
for id_error in error_list:
msg = msg + id_error + ", "
msg = error_messages.get("can_not_remove") % msg[:-2]
messages.add_message(request, messages.WARNING, msg)
# If all has ben removed
elif have_errors == False:
messages.add_message(
request, messages.SUCCESS, ldap_messages.get("success_remove_sudoer"))
else:
messages.add_message(
request, messages.SUCCESS, error_messages.get("can_not_remove_error"))
def edit_sudoer_form(request, cn):
try:
lists = dict()
lists["edit"] = True
lists["action"] = reverse("ldap.sudoer.edit", args=[cn])
ldap = Ldap(AuthSession(request.session).get_user().get_username())
groups_list = get_groups(ldap)
if request.method == "POST":
commands_list = request.POST.getlist(
'commands') if "commands" in request.POST else []
form = SudoerForm(groups_list, commands_list, request.POST)
if form.is_valid():
cn = str(form.cleaned_data['cn'])
sudoHost = str(form.cleaned_data['host'])
sudoUser = form.cleaned_data['groups']
sudoCommand = form.cleaned_data['commands']
ldap.edit_sudoer(cn, sudoHost, sudoUser, sudoCommand)
messages.add_message(
request, messages.SUCCESS, ldap_messages.get("success_edit_sudoer"))
return redirect('ldap.sudoer.list')
else:
sudoer = ldap.get_sudoer(cn)
groups = []
for grp in validates_dict(sudoer, ("sudoUser")):
groups.append(str(grp).replace("%", ""))
form = SudoerForm(groups_list, validates_dict(sudoer, ("sudoCommand")), initial={'cn': sudoer.get(
"cn"), 'host': sudoer.get("sudoHost"), 'groups': groups, 'commands': validates_dict(sudoer, ("sudoCommand"))})
except LDAPNotFoundError, e:
messages.add_message(
request, messages.ERROR, ldap_messages.get("invalid_sudoer") % cn)
return redirect('ldap.sudoer.form')
def clean(self):
cleaned_data = self.cleaned_data
userType = cleaned_data.get("userType")
homeDirectory = cleaned_data.get("homeDirectory")
uidNumber = cleaned_data.get("uidNumber")
groupPattern = cleaned_data.get("groupPattern")
if groupPattern is not None:
if str(groupPattern) == str(CHOICES_GROUP[0][0]):
if homeDirectory is None or homeDirectory == "":
self._errors["homeDirectory"] = self.error_class(
[error_messages.get("required")])
if userType is None or userType == "":
self._errors["userType"] = self.error_class(
[error_messages.get("required")])
if uidNumber is not None:
ldap = Ldap(None)
if groupPattern == ldap.groupStandard:
if not ldap.valid_range_user_internal(uidNumber):
self._errors["uidNumber"] = self.error_class([
ldap_messages.get("error_range_out_user") %
(ldap.rangeUsers[0], ldap.rangeUsers[-1])
])
else:
if not ldap.valid_range_user_external(uidNumber):
self._errors["uidNumber"] = self.error_class([
ldap_messages.get("error_range_out_user") %
(ldap.rangeUsersExternal[0],
ldap.rangeUsersExternal[-1])
])
return cleaned_data
def add_sudoer_form(request):
try:
lists = dict()
ldap = Ldap(AuthSession(request.session).get_user().get_username())
groups_list = get_groups(ldap)
if request.method == "POST":
commands_list = request.POST.getlist(
'commands') if "commands" in request.POST else []
form = SudoerForm(groups_list, commands_list, request.POST)
if form.is_valid():
cn = str(form.cleaned_data['cn'])
sudoHost = str(form.cleaned_data['host'])
sudoUser = form.cleaned_data['groups']
sudoCommand = form.cleaned_data['commands']
try:
# Valid cn
sudoer = None
sudoer = ldap.get_sudoer(cn)
except LDAPError, e:
pass
if sudoer is None:
ldap.add_sudoer(cn, sudoHost, sudoUser, sudoCommand)
messages.add_message(
request, messages.SUCCESS, ldap_messages.get("success_insert_sudoer"))
return redirect('ldap.sudoer.list')
else:
messages.add_message(request, messages.WARNING, ldap_messages.get(
"error_duplicated_name_sudoer") % cn)
else:
def valid_form_group(ldap, request, cn, gidNumber):
# Valid
is_valid = True
try:
ldap.get_group(cn)
is_valid = False
messages.add_message(request, messages.WARNING, ldap_messages.get(
"error_duplicated_name_group") % cn)
except LDAPError:
pass
for grp in get_groups(ldap):
if gidNumber == grp.get("gidNumber"):
is_valid = False
messages.add_message(request, messages.WARNING, ldap_messages.get(
"error_duplicated_gidNumber_group") % gidNumber)
return is_valid
def clean(self):
cleaned_data = self.cleaned_data
gidNumber = cleaned_data.get("gidNumber")
if gidNumber is not None:
ldap = Ldap(None)
if not ldap.valid_range_group(gidNumber):
self._errors["gidNumber"] = self.error_class([ldap_messages.get(
"error_range_out_group") % (ldap.rangeGroups[0], ldap.rangeGroups[-1])])
return cleaned_data
def add_user_form(request, pattern):
try:
lists = dict()
ldap = Ldap(AuthSession(request.session).get_user().get_username())
group_list = get_groups(ldap)
policy_list = get_policies(ldap)
if pattern == PATTERN_TYPES.INTERNAL:
groupPattern = ldap.groupStandard
usertype_list = CHOICES_GROUP
loginShell = "/bin/bash"
elif pattern == PATTERN_TYPES.EXTERNAL:
groupPattern = ldap.groupStandardExternal
usertype_list = None
loginShell = "/sbin/nologin"
if request.method == "POST":
form = UserForm(group_list, policy_list, usertype_list, request.POST, initial={
'groupPattern': groupPattern})
if form.is_valid():
data = form.cleaned_data
for e in data.keys():
if type(data[e]) == unicode or type(data[e]) == int:
data[e] = str(data[e])
if valid_form_user(ldap, request, data['cn'], data['uidNumber'], data['employeeNumber'], data['mail']):
ldap.add_user(data['cn'], data['uidNumber'], data['groupPattern'], data['homeDirectory'], data['givenName'], data['initials'], data['sn'], data['mail'], data['homePhone'], data['mobile'], data['street'], data[
'description'], data['employeeNumber'], data['employeeType'], data['loginShell'], data['shadowLastChange'], data['shadowMin'], data['shadowMax'], data['shadowWarning'], data['policy'], data['groups'])
messages.add_message(
request, messages.SUCCESS, ldap_messages.get("success_insert_user"))
return HttpResponseRedirect(reverse('ldap.user.list', args=[pattern]))
else:
form = UserForm(group_list, policy_list, usertype_list, initial={'uidNumber': uidNumber_suggest(
ldap, pattern), 'groupPattern': groupPattern, 'shadowMin': 1, 'shadowMax': 365, 'shadowWarning': 335, 'shadowLastChange': 1, 'loginShell': loginShell})
except LDAPError, e:
logger.error(e)
messages.add_message(request, messages.ERROR, e)
def edit_group_form(request, cn):
try:
lists = dict()
lists["edit"] = True
lists["action"] = reverse("ldap.group.edit", args=[cn])
ldap = Ldap(AuthSession(request.session).get_user().get_username())
users_list = get_users(ldap)
form = GroupForm(users_list)
if request.method == "POST":
form = GroupForm(users_list, request.POST)
if form.is_valid():
cn = str(form.cleaned_data['cn'])
gidNumber = str(form.cleaned_data['gidNumber'])
member_uid = form.cleaned_data['member_uid']
ldap.edit_group(cn, gidNumber, member_uid)
messages.add_message(
request, messages.SUCCESS, ldap_messages.get("success_edit_group"))
return redirect('ldap.group.list')
else:
group = ldap.get_group(cn)
form = GroupForm(users_list, initial={'cn': group.get("cn"), 'gidNumber': group.get(
"gidNumber"), 'member_uid': validates_dict(group, ("memberUid"))})
except LDAPNotFoundError, e:
messages.add_message(
request, messages.ERROR, ldap_messages.get("invalid_group") % cn)
return redirect('ldap.group.form')
def clean(self):
cleaned_data = self.cleaned_data
userType = cleaned_data.get("userType")
homeDirectory = cleaned_data.get("homeDirectory")
uidNumber = cleaned_data.get("uidNumber")
groupPattern = cleaned_data.get("groupPattern")
if groupPattern is not None:
if str(groupPattern) == str(CHOICES_GROUP[0][0]):
if homeDirectory is None or homeDirectory == "":
self._errors["homeDirectory"] = self.error_class(
[error_messages.get("required")])
if userType is None or userType == "":
self._errors["userType"] = self.error_class(
[error_messages.get("required")])
if uidNumber is not None:
ldap = Ldap(None)
if groupPattern == ldap.groupStandard:
if not ldap.valid_range_user_internal(uidNumber):
self._errors["uidNumber"] = self.error_class([ldap_messages.get(
"error_range_out_user") % (ldap.rangeUsers[0], ldap.rangeUsers[-1])])
else:
if not ldap.valid_range_user_external(uidNumber):
self._errors["uidNumber"] = self.error_class([ldap_messages.get(
"error_range_out_user") % (ldap.rangeUsersExternal[0], ldap.rangeUsersExternal[-1])])
return cleaned_data
def ajax_reset_password_user(request):
lists = dict()
ldap = Ldap(AuthSession(request.session).get_user().get_username())
status_code = 500
try:
cn = request.GET['cn']
ldap.reset_pwd(cn)
lists["password"] = LDAP_PASSWORD_DEFAULT
status_code = 200
except LDAPNotFoundError, e:
messages.add_message(
request, messages.ERROR, ldap_messages.get("invalid_user") % cn)
def clean(self):
cleaned_data = self.cleaned_data
gidNumber = cleaned_data.get("gidNumber")
if gidNumber is not None:
ldap = Ldap(None)
if not ldap.valid_range_group(gidNumber):
self._errors["gidNumber"] = self.error_class([
ldap_messages.get("error_range_out_group") %
(ldap.rangeGroups[0], ldap.rangeGroups[-1])
])
return cleaned_data
def edit_user_form(request, pattern, cn):
try:
lists = dict()
lists["pattern"] = pattern
lists["action"] = reverse(
"ldap.user.edit", kwargs={"pattern": pattern, "cn": cn})
lists["edit"] = True
ldap = Ldap(AuthSession(request.session).get_user().get_username())
group_list = get_groups(ldap)
policy_list = get_policies(ldap)
if pattern == PATTERN_TYPES.INTERNAL:
groupPattern = ldap.groupStandard
usertype_list = CHOICES_GROUP
elif pattern == PATTERN_TYPES.EXTERNAL:
groupPattern = ldap.groupStandardExternal
usertype_list = None
if request.method == "POST":
form = UserForm(group_list, policy_list, usertype_list, request.POST, initial={
'groupPattern': groupPattern})
if form.is_valid():
data = form.cleaned_data
for e in data.keys():
if type(data[e]) == unicode or type(data[e]) == int:
data[e] = str(data[e])
if valid_form_user(ldap, request, data['cn'], data['uidNumber'], data['employeeNumber'], data['mail'], edit=True):
ldap.edit_user(data['cn'], data['uidNumber'], data['groupPattern'], data['homeDirectory'], data['givenName'], data['initials'], data['sn'], data['mail'], data['homePhone'], data['mobile'], data['street'], data[
'description'], data['employeeNumber'], data['employeeType'], data['loginShell'], data['shadowLastChange'], data['shadowMin'], data['shadowMax'], data['shadowWarning'], data['policy'], data['groups'])
client_user = AuthSession(
request.session).get_clientFactory().create_usuario()
try:
local_user = client_user.get_by_user_ldap(data['cn'])
local_user = local_user['usuario']
name = data['givenName'] + ' ' + \
data['initials'] + ' ' + data['sn']
client_user.alterar(local_user['id'], local_user['user'], local_user[
'pwd'], name, local_user['ativo'], data['mail'], local_user['user_ldap'])
except UsuarioNaoExisteError:
pass
messages.add_message(
request, messages.SUCCESS, ldap_messages.get("success_edit_user"))
return HttpResponseRedirect(reverse('ldap.user.list', args=[pattern]))
else:
user = ldap.get_user(cn)
user['groups'] = ldap.get_groups_user(cn)
user['groupPattern'] = groupPattern
form = UserForm(
group_list, policy_list, usertype_list, initial=user)
except LDAPNotFoundError, e:
messages.add_message(
request, messages.ERROR, ldap_messages.get("invalid_user") % cn)
return HttpResponseRedirect(reverse('ldap.user.list', args=[pattern]))
def delete_user_all(request, pattern):
if request.method == 'POST':
ldap = Ldap(AuthSession(request.session).get_user().get_username())
form = DeleteForm(request.POST)
if form.is_valid():
# All cns to be deleted
cns = split_to_array(form.cleaned_data['ids'])
# All messages to display
error_list = list()
# Control others exceptions
have_errors = False
# For each user selected to remove
for cn in cns:
try:
ldap.rem_user(cn)
client_user = AuthSession(
request.session).get_clientFactory().create_usuario()
try:
local_user = client_user.get_by_user_ldap(cn)
local_user = local_user['usuario']
client_user.alterar(local_user['id'], local_user['user'], local_user[
'pwd'], local_user['nome'], local_user['ativo'], local_user['email'], None)
except UsuarioNaoExisteError:
pass
except LDAPMethodError, e:
error_list.append(cn)
have_errors = True
except LDAPError, e:
logger.error(e)
messages.add_message(request, messages.ERROR, e)
have_errors = True
break
# If cant remove nothing
if len(error_list) == len(cns):
messages.add_message(
request, messages.ERROR, error_messages.get("can_not_remove_all"))
# If cant remove someones
elif len(error_list) > 0:
msg = ""
for id_error in error_list:
msg = msg + id_error + ", "
msg = error_messages.get("can_not_remove") % msg[:-2]
messages.add_message(request, messages.WARNING, msg)
# If all has ben removed
elif have_errors == False:
messages.add_message(
request, messages.SUCCESS, ldap_messages.get("success_remove_user"))
else:
messages.add_message(
request, messages.SUCCESS, error_messages.get("can_not_remove_error"))
