def save(self, widget, data):
settings = ugm_users(self.model)
attrmap = settings.attrs.users_form_attrmap
for key in attrmap:
if key in ['id', 'login', 'userPassword']:
continue
extracted = data.fetch('userform.%s' % key).extracted
if not extracted:
if key in self.model.attrs:
del self.model.attrs[key]
else:
self.model.attrs[key] = extracted
# set object classes if missing
# XXX: move to cone.ldap
ocs = self.model.model.context.attrs['objectClass']
for oc in settings.attrs.users_object_classes:
if isinstance(ocs, compat.STR_TYPE):
ocs = [ocs]
if oc not in ocs:
ocs.append(oc)
if ocs != self.model.model.context.attrs['objectClass']:
self.model.model.context.attrs['objectClass'] = ocs
password = data.fetch('userform.userPassword').extracted
self.model.model.context()
if password is not UNSET:
uid = self.model.name
self.model.parent.backend.passwd(uid, None, password)
def save(self, widget, data):
settings = ugm_users(self.model)
attrmap = settings.attrs.users_form_attrmap
extracted = dict()
for key, val in attrmap.items():
val = data.fetch('userform.%s' % key).extracted
if not val:
continue
extracted[key] = val
# possibly extracted by other behaviors
# XXX: call next at the end in all extension behaviors to reduce
# database queries.
for key, val in self.model.attrs.items():
extracted[key] = val
users = self.model.parent.backend
uid = extracted.pop('id')
password = extracted.pop('userPassword')
users.create(uid, **extracted)
users()
if self.model.local_manager_consider_for_user:
groups = users.parent.groups
for gid in self.model.local_manager_default_gids:
groups[gid].add(uid)
groups()
self.request.environ['next_resource'] = uid
if password is not UNSET:
users.passwd(uid, None, password)
self.model.parent.invalidate()
# Access already added user after invalidation. If not done, there's
# some kind of race condition with ajax continuation.
# XXX: figure out why.
self.model.parent[uid]
def user_default_sort_column(self):
"""XXX: not generic, move
"""
settings = ugm_users(self.model)
attrs = self.user_attrs
sort = settings.attrs.users_listing_default_column
if not sort in attrs:
return attrs[0]
return sort
def save(self, widget, data):
settings = ugm_users(self.model)
attrmap = settings.attrs.users_form_attrmap
for key in attrmap:
if key in ['id', 'login', 'userPassword']:
continue
extracted = data.fetch('userform.%s' % key).extracted
if not extracted:
if key in self.model.attrs:
del self.model.attrs[key]
else:
self.model.attrs[key] = extracted
password = data.fetch('userform.userPassword').extracted
self.model.model.context()
if password is not UNSET:
id = self.model.name
self.model.parent.backend.passwd(id, None, password)
def test_utils(self):
server_settings = ugm_server(root)
self.assertTrue(isinstance(server_settings, ServerSettings))
self.assertEqual(server_settings.name, 'ugm_server')
users_settings = ugm_users(root)
self.assertTrue(isinstance(users_settings, UsersSettings))
self.assertEqual(users_settings.name, 'ugm_users')
groups_settings = ugm_groups(root)
self.assertTrue(isinstance(groups_settings, GroupsSettings))
self.assertEqual(groups_settings.name, 'ugm_groups')
self.assertEqual(ugm_backend.name, 'ldap')
backend = ugm_backend.ugm
self.assertTrue(isinstance(backend, Ugm))
self.assertEqual(backend.name, 'ldap_ugm')
self.assertTrue(backend is ugm_backend.ugm)
ugm_backend.initialize()
self.assertFalse(backend is ugm_backend.ugm)
def save(self, widget, data):
settings = ugm_users(self.model)
attrmap = settings.attrs.users_form_attrmap
extracted = dict()
for key, val in attrmap.items():
val = data.fetch('userform.%s' % key).extracted
if not val:
continue
extracted[key] = val
users = self.model.parent.backend
id = extracted.pop('id')
password = extracted.pop('userPassword')
#user = users.create(id, **extracted)
users.create(id, **extracted)
self.request.environ['next_resource'] = id
users()
if password is not UNSET:
users.passwd(id, None, password)
self.model.parent.invalidate()
# XXX: access already added user after invalidation.
# if not done, there's some kind of race condition with ajax
# continuation. figure out why.
self.model.parent[id]
def remote_add_user(model, request):
"""Add user via remote service.
Returns a JSON response containing success state and a message indicating
what happened::
{
success: true, // respective false
message: 'message'
}
Expected request parameters:
id
New user id.
password
User password to be set initially (optional).
roles
Comma seperated role names the user initially has.
groups
Comma seperated groups names the user should initially be member of.
attr.*
User attributes to be set. I.e. ``attr.mail`` would set the mail
attribute for newly created user. All request parameters prefixed with
``attr`` get checked against user attribute attrmap from settings.
Restrictions - All values, whether single or multi valued, are passed
as string or list of strings to the create function.
"""
params = request.params
uid = params.get('id')
if not uid:
return {
'success': False,
'message': u"No user ID given.",
}
users = model.backend
if uid in users:
return {
'success': False,
'message': u"User with given ID already exists.",
}
password = params.get('password')
add_roles = params.get('roles', '')
add_roles = [val.strip() for val in add_roles.split(',') if val]
add_groups = params.get('groups', '')
add_groups = [val.strip() for val in add_groups.split(',') if val]
attrs = dict()
for key, val in params.items():
if not key.startswith('attr.'):
continue
key = key[key.find('.') + 1:]
attrs[key] = val
settings = ugm_users(model)
attrmap = settings.attrs.users_form_attrmap
exposed = settings.attrs.users_exposed_attributes
if not exposed:
exposed = list()
valid_attrs = attrmap.keys() + exposed
checked_attrs = dict()
for key in valid_attrs:
val = attrs.get(key)
if not val:
continue
checked_attrs[key] = val
try:
user = users.create(uid, **checked_attrs)
message = u""
from cone.app.security import DEFAULT_ROLES
available_roles = [role[0] for role in DEFAULT_ROLES]
for role in add_roles:
if role not in available_roles:
message += u"Role '%s' given but inexistent. " % role
continue
user.add_role(role)
groups = users.parent.groups
for group in add_groups:
if group not in groups:
message += u"Group '%s' given but inexistent. " % group
continue
groups[group].add(uid)
users.parent()
if password is not None:
users.passwd(uid, None, password)
message += u"Created user with ID '%s'." % uid
return {
'success': True,
'message': message,
}
except Exception as e:
return {
'success': False,
'message': str(e),
}
finally:
model.invalidate()
def _get_auth_attrs(self):
config = ugm_users(self.model)
aliases = config.attrs.users_aliases_attrmap
return aliases['id'], aliases['login']
def form_attrmap(self):
settings = ugm_users(self.model)
return settings.attrs.users_form_attrmap
def user_list_columns(self):
"""XXX: not generic, move
"""
settings = ugm_users(self.model)
defs = settings.attrs.users_listing_columns
return self.calc_list_columns(defs)
def user_attrs(self):
"""XXX: not generic, move
"""
settings = ugm_users(self.model)
return settings.attrs.users_listing_columns.keys()
