Beispiel #1
0
    def ldap_create_admin_user(self):
        if self.is_enabled:
            try:

                dn = str("cn=root,ou=users," + self.domain)
                attrs = {}
                attrs['cn'] = 'root'
                attrs['gidNumber'] = '501'
                attrs['givenName'] = ''
                attrs['homeDirectory'] = '/home/users/root'
                attrs['objectclass'] = [
                    'top', 'posixAccount', 'inetOrgPerson', 'extensibleObject'
                ]
                attrs['userPassword'] = self.password
                attrs['oclExtraAttrs'] = 'CAT_ALL_Administrator'
                attrs['uidNumber'] = '1000'
                attrs['sn'] = 'root'
                attrs['uid'] = 'root'

                ldif = modlist.addModlist(attrs)
                self.ldap.add_s(dn, ldif)

            except ldap.LDAPError, e:
                pass
            try:
                # ensure the user exists both on django and ldap
                if not User.objects.filter(username="******").exists():
                    admin_user = User.objects.create_superuser(
                        username='******',
                        password=self.password,
                        email='*****@*****.**')
                    admin_user.is_superuser = True
                    admin_user.is_staff = True
                    admin_group = UserGroup.objects.get(name__exact='root')
                    usergroup_user = UserGroupUser(user=admin_user,
                                                   user_group=admin_group)
                    usergroup_user.save()

                    self.ldap_add_default_group_member(admin_user)
                    self.ldap_add_admin_group_member(admin_user)
            except Exception as exc:
                pass
Beispiel #2
0
def user_update(request, uid):
    if request.method == 'POST':
        user = User.objects.get(id=int(uid))

        assigned_groups = []
        for key in request.POST:
            if 'group-' in key:
                assigned_groups.append(int(key.split('-')[1]))

        is_staff = False
        if 'is_staff' in request.POST:
            is_staff = True

        is_superuser = False
        if 'is_superuser' in request.POST:
            is_superuser = True
            is_staff = True

        user.first_name = request.POST.get('first_name')
        user.last_name = request.POST.get('last_name')
        user.email = request.POST.get('email')
        user.is_staff = is_staff
        user.save()

        if user.is_superuser and is_superuser:
            admin_group = UserGroup.objects.get(name__exact='admin')
            assigned_groups.append(admin_group.id)

        if not user.is_superuser and is_superuser:
            user.is_superuser = True
            user.save()
            admin_group = UserGroup.objects.get(name__exact='admin')
            core_services.ldap_add_group_member(user, admin_group)
            assigned_groups.append(admin_group.id)

        if user.is_superuser and not is_superuser:
            user.is_superuser = False
            user.save()
            admin_group = UserGroup.objects.get(name__exact='admin')
            core_services.ldap_delete_group_member(user, admin_group)

        groups_by_user = UserGroupUser.objects.filter(user_id=user.id)
        for ugu in groups_by_user:
            user_group = UserGroup.objects.get(id=ugu.user_group.id)
            core_services.ldap_delete_group_member(user, user_group)
            ugu.delete()

        for ag in assigned_groups:
            user_group = UserGroup.objects.get(id=ag)
            usergroup_user = UserGroupUser(user=user, user_group=user_group)
            usergroup_user.save()
            core_services.ldap_add_group_member(user, user_group)

        return redirect('user_list')

    else:
        selected_user = User.objects.get(id=int(uid))
        groups = auth_utils.get_all_groups_checked_by_user(selected_user)
        return render_to_response('user_update.html', {
            'uid': uid,
            'selected_user': selected_user,
            'user': request.user,
            'groups': groups
        },
                                  context_instance=RequestContext(request))
Beispiel #3
0
def user_add(request):
    ad_suffix = GVSIGOL_LDAP['AD']
    if not ad_suffix:
        show_pass_form = True
    else:
        show_pass_form = False

    if request.method == 'POST':
        form = UserCreateForm(request.POST)
        if form.is_valid():
            assigned_groups = []

            is_staff = False
            if 'is_staff' in form.data:
                is_staff = True

            is_superuser = False
            if 'is_superuser' in form.data:
                is_superuser = True
                is_staff = True

            assigned_groups = []
            for key in form.data:
                if 'group-' in key:
                    assigned_groups.append(int(key.split('-')[1]))

            try:
                if form.data['password1'] == form.data['password2']:
                    user = User(username=form.data['username'].lower(),
                                first_name=u''.join(
                                    form.data['first_name']).encode('utf-8'),
                                last_name=u''.join(
                                    form.data['last_name']).encode('utf-8'),
                                email=form.data['email'].lower(),
                                is_superuser=is_superuser,
                                is_staff=is_staff)
                    user.set_password(form.data['password1'])
                    user.save()

                    #admin_group = UserGroup.objects.get(name__exact='admin')
                    aux = UserGroup.objects.filter(name="admin")
                    if aux.count() > 1:
                        print "WARNING: table gvsigol_auth_usergroup inconsistent !!!!!!!!!!!"

                    admin_group = aux[0]

                    if user.is_superuser:
                        core_services.ldap_add_user(user,
                                                    form.data['password1'],
                                                    True)
                        core_services.ldap_add_group_member(user, admin_group)
                        usergroup_user = UserGroupUser(user=user,
                                                       user_group=admin_group)
                        usergroup_user.save()

                    else:
                        core_services.ldap_add_user(user,
                                                    form.data['password1'],
                                                    False)
                        #core_services.ldap_add_group_member(user, admin_group)

                    for ag in assigned_groups:
                        user_group = UserGroup.objects.get(id=ag)
                        usergroup_user = UserGroupUser(user=user,
                                                       user_group=user_group)
                        usergroup_user.save()
                        core_services.ldap_add_group_member(user, user_group)

                    #User backend
                    if is_superuser or is_staff:
                        ugroup = UserGroup(
                            name='ug_' + form.data['username'].lower(),
                            description=_(u'User group for') + ': ' +
                            form.data['username'].lower())
                        ugroup.save()

                        ugroup_user = UserGroupUser(user=user,
                                                    user_group=ugroup)
                        ugroup_user.save()

                        core_services.ldap_add_group(ugroup)
                        core_services.add_data_directory(ugroup)
                        core_services.ldap_add_group_member(user, ugroup)

                        url = mapservice_backend.getBaseUrl() + '/'
                        ws_name = 'ws_' + form.data['username'].lower()

                        if mapservice_backend.createWorkspace(
                                ws_name, url + ws_name, '',
                                url + ws_name + '/wms', url + ws_name + '/wfs',
                                url + ws_name + '/wcs',
                                url + 'gwc/service/wms'):

                            # save it on DB if successfully created
                            newWs = Workspace(
                                name=ws_name,
                                description='',
                                uri=url + ws_name,
                                wms_endpoint=url + ws_name + '/wms',
                                wfs_endpoint=url + ws_name + '/wfs',
                                wcs_endpoint=url + ws_name + '/wcs',
                                cache_endpoint=url + 'gwc/service/wms',
                                created_by=user.username,
                                is_public=False)
                            newWs.save()

                            ds_name = 'ds_' + form.data['username'].lower()
                            services_utils.create_datastore(
                                request, user.username, ds_name, newWs)

                            mapservice_backend.reload_nodes()

                    auth_utils.sendMail(user, form.data['password1'])

                    return redirect('user_list')

            except Exception as e:
                print "ERROR: Problem creating user " + str(e)
                errors = []
                #errors.append({'message': _("The username already exists")})
                groups = auth_utils.get_all_groups()
                return render_to_response(
                    'user_add.html', {
                        'form': form,
                        'groups': groups,
                        'errors': errors,
                        'show_pass_form': show_pass_form
                    },
                    context_instance=RequestContext(request))

        else:
            groups = auth_utils.get_all_groups()
            return render_to_response('user_add.html', {
                'form': form,
                'groups': groups,
                'show_pass_form': show_pass_form
            },
                                      context_instance=RequestContext(request))

    else:

        form = UserCreateForm()
        groups = auth_utils.get_all_groups()
        return render_to_response('user_add.html', {
            'form': form,
            'groups': groups,
            'show_pass_form': show_pass_form
        },
                                  context_instance=RequestContext(request))