def import_users(self):
"""Imports users from all the configured LDAP plugins into OGDS.
"""
session = create_session()
# Set all SQL users inactive first - the ones still contained in the LDAP
# will be set active again below (in the same transaction).
for user in session.query(User):
user.active = 0
for plugin in self._ldap_plugins():
ldap_userfolder = plugin._getLDAPUserFolder()
uid_attr = self._get_uid_attr(ldap_userfolder)
ldap_util = ILDAPSearch(ldap_userfolder)
ldap_users = ldap_util.get_users()
for ldap_user in ldap_users:
dn, info = ldap_user
# Ignore users without an UID in LDAP
if not uid_attr in info:
continue
userid = info[uid_attr]
# Skip users with uid longer than SQL 'userid' column
# FIXME: Increase size of SQL column to 64
if len(userid) > 30:
continue
if not self.user_exists(userid):
# Create the new user
user = User(userid)
session.add(user)
else:
# Get the existing user
user = session.query(User).filter_by(userid=userid).first()
# Iterate over all SQL columns and update their values
columns = User.__table__.columns
for col in columns:
if col.name == 'userid':
# We already set the userid when creating the user
# object, and it may not be called the same in LDAP as
# in our SQL model
continue
value = info.get(col.name)
# We can't store sequences in SQL columns. So if we do get a multi-valued field
# to be stored directly in OGDS, we treat it as a multi-line string and join it.
if isinstance(value, list) or isinstance(value, tuple):
value = ' '.join([str(v) for v in value])
setattr(user, col.name, value)
# Set the user active
user.active = 1
logger.info("Imported user '%s'..." % userid)
session.flush()
def import_users(self):
"""Imports users from all the configured LDAP plugins into OGDS.
"""
session = create_session()
# Set all SQL users inactive first - the ones still contained in the LDAP
# will be set active again below (in the same transaction).
for user in session.query(User):
user.active = 0
for plugin in self._ldap_plugins():
ldap_userfolder = plugin._getLDAPUserFolder()
uid_attr = self._get_uid_attr(ldap_userfolder)
ldap_util = ILDAPSearch(ldap_userfolder)
ldap_users = ldap_util.get_users()
for ldap_user in ldap_users:
dn, info = ldap_user
# Ignore users without an UID in LDAP
if not uid_attr in info:
continue
userid = info[uid_attr]
# Skip users with uid longer than SQL 'userid' column
# FIXME: Increase size of SQL column to 64
if len(userid) > 30:
continue
if not self.user_exists(userid):
# Create the new user
user = User(userid)
session.add(user)
else:
# Get the existing user
user = session.query(User).filter_by(userid=userid).first()
# Iterate over all SQL columns and update their values
columns = User.__table__.columns
for col in columns:
if col.name == 'userid':
# We already set the userid when creating the user
# object, and it may not be called the same in LDAP as
# in our SQL model
continue
value = info.get(col.name)
# We can't store sequences in SQL columns. So if we do get a multi-valued field
# to be stored directly in OGDS, we treat it as a multi-line string and join it.
if isinstance(value, list) or isinstance(value, tuple):
value = ' '.join([str(v) for v in value])
setattr(user, col.name, value)
# Set the user active
user.active = 1
logger.info("Imported user '%s'..." % userid)
session.flush()
def test_equality(self):
self.assertEqual(User('aa'), User('aa'))
self.assertNotEqual(User('aa'), User('bb'))
self.assertNotEqual(User('aa'), User(123))
self.assertNotEqual(User('aa'), User(None))
self.assertNotEqual(User('aa'), object())
self.assertNotEqual(User('aa'), None)
def _create_example_user(session, site, userid, properties, groups):
acl_users = site.acl_users
password = '******'
# add the user to acl_users on site level
if not acl_users.getUserById(userid):
acl_users.source_users.addUser(userid, userid, password)
# create the user object in sql
if session.query(User).filter_by(userid=userid).count() == 0:
user = User(userid, **properties)
session.add(user)
else:
user = session.query(User).filter_by(userid=userid).first()
# append the user to the group
for groupid in groups:
groups = session.query(Group).filter(Group.groupid == groupid).all()
# does the group don't exist create it
if len(groups) == 0:
group = Group(groupid)
group.users.append(user)
session.add(group)
else:
groups[0].users.append(user)
session.add(groups[0])
transaction.commit()
return session.query(User).filter_by(userid=userid).first()
def test_create_sets_attrs(self):
attrs = {
'userid': 'hugo.boss',
'active': True,
'firstname': 'Hugo',
'lastname': 'Boss',
'directorate_abbr': 'FD',
'directorate': 'Finanzdepartement',
'department_abbr': 'FV',
'department': 'Finanzverwaltung',
'email': '*****@*****.**',
'email2': '*****@*****.**',
'url': 'http://example.com',
'phone_office': '012 345 67 89',
'phone_fax': '012 345 67 81',
'phone_mobile': '079 123 45 67',
'salutation': 'Herr',
'description': 'Meister Boss',
'address1': 'Bossstrasse 1',
'address2': 'Oberes Bosshaus',
'zip_code': '1234',
'city': 'Bossingen',
'country': 'Schweiz',
'import_stamp': 'stamp',
}
user = User(**attrs)
for key, value in attrs.items():
self.assertEqual(getattr(user, key), value)
def migrate(self):
# Add a temp secretary id column to meetings
new_secretary_id = Column('new_secretary_id', String(USER_ID_LENGTH), ForeignKey(User.userid))
self.op.add_column('meetings', new_secretary_id)
# Populate temp secretary column - user if match else new inactive user
meetings_table = table(
'meetings',
column('id'),
column('secretary_id'),
column('new_secretary_id'),
)
meetings = self.connection.execute(meetings_table.select()).fetchall()
for meeting in meetings:
if meeting.secretary_id:
member = Member.query.get(meeting.secretary_id)
if member:
user = User.query.filter(User.firstname == member.firstname, User.lastname == member.lastname).first()
if not user:
# We have to create an inactive user for the member
userid = uuid4().hex
user = User(userid)
user.active = False
user.firstname = member.firstname
user.lastname = member.lastname
user.email = member.email
self.session.add(user)
self.session.flush()
self.execute(
meetings_table.update()
.values(new_secretary_id=user.userid)
.where(meetings_table.columns.id == meeting.id)
)
# Drop old secretary column
self.op.drop_column('meetings', 'secretary_id')
# Rename temp secretary column
self.op.alter_column('meetings', 'new_secretary_id', new_column_name='secretary_id')
def test_handles_reassign_to_the_same_user_correctly(self, browser):
# add additional org_unit
org_unit = self.add_additional_org_unit()
org_unit.users_group.users.append(User.get(self.regular_user.id))
self.login(self.regular_user, browser)
# manually register watchers
center = notification_center()
center.add_task_responsible(self.task, self.task.responsible)
center.add_task_issuer(self.task, self.task.issuer)
self.reassign(browser, self.regular_user,
u'Bitte Abkl\xe4rungen erledigen.')
resource = notification_center().fetch_resource(self.task)
create_session().refresh(resource)
subscriptions = resource.subscriptions
self.assertItemsEqual(
[(self.regular_user.id, TASK_RESPONSIBLE_ROLE),
(self.dossier_responsible.id, TASK_ISSUER_ROLE)],
[(sub.watcher.actorid, sub.role) for sub in subscriptions])
def create_ogds_user(userid,
session=None,
groups=('og_mandant1_users', ),
assigned_client=[],
**properties):
session = session or create_session()
defaults = {
'firstname': 'Hugo',
'lastname': 'Boss',
'email': '*****@*****.**'
}
options = defaults.copy()
options.update(properties)
try:
user = session.query(User).filter_by(userid=userid).one()
except NoResultFound:
user = User(userid, **options)
else:
for key, value in options.items():
setattr(user, key, value)
session.add(user)
for groupid in groups:
ogds_add_user_to_group(user, groupid, session=session)
for client in assigned_client:
assign_user_to_client(user, client, session=session)
reset_ogds_sync_stamp(getSite())
return user
def migrate(self):
# Add a temp secretary id column to meetings
new_secretary_id = Column('new_secretary_id', String(USER_ID_LENGTH),
ForeignKey(User.userid))
self.op.add_column('meetings', new_secretary_id)
# Populate temp secretary column - user if match else new inactive user
meetings_table = table(
'meetings',
column('id'),
column('secretary_id'),
column('new_secretary_id'),
)
meetings = self.connection.execute(meetings_table.select()).fetchall()
for meeting in meetings:
if meeting.secretary_id:
member = Member.query.get(meeting.secretary_id)
if member:
user = User.query.filter(
User.firstname == member.firstname,
User.lastname == member.lastname).first()
if not user:
# We have to create an inactive user for the member
userid = uuid4().hex
user = User(userid)
user.active = False
user.firstname = member.firstname
user.lastname = member.lastname
user.email = member.email
self.session.add(user)
self.session.flush()
self.execute(meetings_table.update().values(
new_secretary_id=user.userid).where(
meetings_table.columns.id == meeting.id))
# Drop old secretary column
self.op.drop_column('meetings', 'secretary_id')
# Rename temp secretary column
self.op.alter_column('meetings',
'new_secretary_id',
new_column_name='secretary_id')
def test_label_is_the_fullname_with_userid_in_braces(self):
sammy = User('sammy', firstname='Samuel', lastname='Jackson')
self.assertEqual('Jackson Samuel (sammy)', sammy.label())
def test_label_is_the_fullname_with_userid_in_braces(self):
sammy = User('sammy', firstname='Samuel', lastname='Jackson')
self.assertEqual('Jackson Samuel (sammy)', sammy.label())
def test_repr(self):
self.assertEqual(str(User('a-user')), '<User a-user>')
def get_user(self):
return User.get(self._user_id)
def import_users(self):
"""Imports users from all the configured LDAP plugins into OGDS.
"""
session = create_session()
# Set all SQL users inactive first - the ones still contained in the
# LDAP will be set active again below (in the same transaction).
for user in session.query(User):
user.active = False
for plugin in self._ldap_plugins():
ldap_userfolder = plugin._getLDAPUserFolder()
uid_attr = self._get_uid_attr(ldap_userfolder)
ldap_util = ILDAPSearch(ldap_userfolder)
logger.info(u'Users base: %s' % ldap_userfolder.users_base)
logger.info(u'User filter: %s' % ldap_util.get_user_filter())
ldap_users = ldap_util.get_users()
for ldap_user in ldap_users:
dn, info = ldap_user
# Ignore users without an UID in LDAP
if uid_attr not in info:
continue
userid = info[uid_attr]
userid = userid.decode('utf-8')
# Skip users with uid longer than SQL 'userid' column
if len(userid) > USER_ID_LENGTH:
logger.warn(u"Skipping user '{}' - "
u"userid too long!".format(userid))
continue
if not self.user_exists(userid):
# Create the new user
user = User(userid)
session.add(user)
else:
# Get the existing user
try:
user = self.get_sql_user(userid)
except MultipleResultsFound:
# Duplicate user with slightly different spelling
# (casing, whitespace, ...) that may not be considered
# different by the SQL backend's unique constraint.
# We therefore enforce uniqueness ourselves.
logger.warn(
u"Skipping duplicate user '{}'!".format(userid))
continue
# Iterate over all SQL columns and update their values
columns = User.__table__.columns
for col in columns:
if col.name == 'userid':
# We already set the userid when creating the user
# object, and it may not be called the same in LDAP as
# in our SQL model
continue
value = info.get(col.name)
# We can't store sequences in SQL columns. So if we do get
# a multi-valued field to be stored directly in OGDS, we
# treat it as a multi-line string and join it.
if isinstance(value, list) or isinstance(value, tuple):
value = ' '.join([str(v) for v in value])
if isinstance(value, str):
value = value.decode('utf-8')
# Truncate purely descriptive user fields if necessary
if isinstance(col.type, String):
if value and len(value) > col.type.length:
logger.warn(u"Truncating value %r for column %r "
u"(user: %r)" %
(value, col.name, userid))
value = value[:col.type.length]
setattr(user, col.name, value)
# Set the user active
user.active = True
logger.info(u"Imported user '{}'".format(userid))
session.flush()
def test_get(self):
self.assertEqual(self.john, User.get('john'))
self.assertIsNone(User.get('asds'))
def test_fullname_is_first_and_lastname(self):
billy = User("billyj", firstname="billy", lastname="johnson")
self.assertEquals('johnson billy', billy.fullname())
def test_get_by(self):
self.assertEqual(self.john, User.get_by(userid='john'))
self.assertIsNone(User.get_by(firstname='blabla'))
def test_get_one(self):
self.assertEqual(self.hugo, User.get_one(userid='hugo'))
with self.assertRaises(NoResultFound):
User.get_one(userid='asd')
def test_fullname_is_userid_if_no_name_given(self):
billyj = User("billyj")
self.assertEquals('billyj', billyj.fullname())
def test_fullname_is_only_first_or_lastname_if_other_is_missing(self):
billy = User("billyj", firstname="billy")
self.assertEquals('billy', billy.fullname())
johnson = User("billyj", lastname="johnson")
self.assertEquals('johnson', johnson.fullname())
def test_label_is_the_fullname_with_userid_in_braces(self):
sammy = User("sammy", firstname="Samuel", lastname="Jackson")
self.assertEquals("Jackson Samuel (sammy)", sammy.label())
def test_get_by(self):
self.assertEqual(self.john, User.get_by(userid='john'))
self.assertIsNone(User.get_by(firstname='blabla'))
def test_count(self):
self.assertEqual(6, User.count())
def __call__(self):
form = self.request.form
session = create_session()
policy_id = form['policy']
client_registry = getUtility(IClientConfigurationRegistry)
config = client_registry.get_policy(policy_id)
# drop sql tables
if form.get('first', False) and config.get('purge_sql', False):
self.drop_sql_tables(session)
ext_profiles = list(EXTENSION_PROFILES)
if config.get('base_profile', None):
ext_profiles.append(config.get('base_profile'))
# create plone site
site = addPloneSite(
self.context,
form['client_id'],
title=form['title'],
profile_id=_DEFAULT_PROFILE,
extension_ids=ext_profiles,
setup_content=False,
default_language=config.get('language', 'de-ch'),
)
# ldap
stool = getToolByName(site, 'portal_setup')
if form.get('ldap', False):
stool = getToolByName(site, 'portal_setup')
stool.runAllImportStepsFromProfile('profile-%s' % form.get('ldap'))
# Configure credentials from JSON file at
# ~/.opengever/ldap/{hostname}.json
configure_ldap_credentials(site)
acl_users = getToolByName(site, 'acl_users')
plugins = acl_users.plugins
# disable source_groups when using ldap
for ptype in plugins.listPluginTypeInfo():
try:
plugins.deactivatePlugin(ptype['interface'],
'source_groups')
except KeyError:
pass
# deactivate recursive groups
for ptype in plugins.listPluginTypeInfo():
try:
plugins.deactivatePlugin(ptype['interface'],
'recursive_groups')
except KeyError:
pass
# move ldap up
plugins.movePluginsUp(IPropertiesPlugin, ('ldap', ))
plugins.movePluginsUp(IPropertiesPlugin, ('ldap', ))
plugins.movePluginsUp(IPropertiesPlugin, ('ldap', ))
if form.get('first', False) and form.get('import_users', False):
print '===== SYNC LDAP ===='
class Object(object):
pass
# Import LDAP users and groups
options = Object()
options.site_root = '/' + form['client_id']
options.update_syncstamp = False
sync_ldap.run_import(self.context, options)
if form.get('configsql'):
# register the client in the ogds
# is the client already configured? -> delete it
clients = session.query(Client).filter_by(
client_id=form['client_id']).all()
if clients:
session.delete(clients[0])
# groups must exist
users_groups = session.query(Group).filter_by(
groupid=form['group'])
inbox_groups = session.query(Group).filter_by(
groupid=form['inbox_group'])
try:
users_group = users_groups[0]
except IndexError:
raise SetupError("User group '%s' could not be found." %
form['group'])
try:
inbox_group = inbox_groups[0]
except IndexError:
raise SetupError("Inbox group '%s' could not be found." %
form['inbox_group'])
active = bool(form.get('active', False))
client = Client(
form['client_id'],
enabled=active,
title=form['title'],
ip_address=form['ip_address'],
site_url=form['site_url'],
public_url=form['public_url'],
)
client.users_group = users_group
client.inbox_group = inbox_group
session.add(client)
# create the admin user in the ogds if he not exist
# and add it to the specified user_group
# so we avoid a constraintError in the choice fields
if session.query(User).filter_by(userid=ADMIN_USER_ID).count() == 0:
og_admin_user = User(ADMIN_USER_ID,
firstname='OG',
lastname='Administrator',
active=True)
session.add(og_admin_user)
else:
og_admin_user = session.query(User).filter_by(
userid=ADMIN_USER_ID).first()
og_admin_user.active = True
users_group = session.query(Group).filter_by(
groupid=form['group']).first()
if og_admin_user not in users_group.users:
users_group.users.append(og_admin_user)
# set the client id in the registry
client_id = form['client_id'].decode('utf-8')
registry = getUtility(IRegistry)
proxy = registry.forInterface(IClientConfiguration)
proxy.client_id = form['client_id'].decode('utf-8')
# set the mail domain in the registry
registry = getUtility(IRegistry)
proxy = registry.forInterface(IMailSettings)
proxy.mail_domain = form['mail_domain'].decode('utf-8')
mail_from_address = self.get_mail_from_address()
site.manage_changeProperties({
'email_from_address': mail_from_address,
'email_from_name': client_id
})
# set global Member role for the client users group
site.acl_users.portal_role_manager.assignRoleToPrincipal(
'Member', form['group'])
# set global Member role for readers group
if form['reader_group']:
site.acl_users.portal_role_manager.assignRoleToPrincipal(
'Member', form['reader_group'])
# set Role Manager role for rolemanager group
if form['rolemanager_group']:
site.acl_users.portal_role_manager.assignRoleToPrincipal(
'Role Manager', form['rolemanager_group'])
# provide the repository root for opengever.setup:default
repository_root = config.get('repository_root', None)
if repository_root:
self.request.set('repository_root', repository_root)
# import the defaul generic setup profiles if needed
stool = getToolByName(site, 'portal_setup')
for profile in config.get('additional_profiles', ()):
stool.runAllImportStepsFromProfile('profile-%s' % profile)
# set the site title
site.manage_changeProperties(title=form['title'])
# REALLY set the language - the plone4 addPloneSite is really
# buggy with languages.
langCP = getAdapter(site, ILanguageSelectionSchema)
langCP.default_language = 'de-ch'
# the og_admin_user is not longer used so we set him to inactive
og_admin_user.active = False
return 'ok'
def test_get(self):
self.assertEqual(self.john, User.get('john'))
self.assertIsNone(User.get('asds'))
def test_create_userid_required(self):
with self.assertRaises(TypeError):
User()
def test_get_one(self):
self.assertEqual(self.hugo, User.get_one(userid='hugo'))
with self.assertRaises(NoResultFound):
User.get_one(userid='asd')
def get_user(self):
return User.get(self._user_id)
def test_count(self):
self.assertEqual(2, User.count())
def __call__(self):
form = self.request.form
session = create_session()
policy_id = form['policy']
client_registry = getUtility(IClientConfigurationRegistry)
config = client_registry.get_policy(policy_id)
# drop sql tables
if form.get('first', False) and config.get('purge_sql', False):
self.drop_sql_tables(session)
ext_profiles = list(EXTENSION_PROFILES)
if config.get('base_profile', None):
ext_profiles.append(config.get('base_profile'))
# create plone site
site = addPloneSite(
self.context,
form['client_id'],
title=form['title'],
profile_id=_DEFAULT_PROFILE,
extension_ids=ext_profiles,
setup_content=False,
default_language=config.get('language', 'de-ch'),
)
# ldap
stool = getToolByName(site, 'portal_setup')
if form.get('ldap', False):
stool = getToolByName(site, 'portal_setup')
stool.runAllImportStepsFromProfile('profile-%s' % form.get('ldap'))
# Configure credentials from JSON file at
# ~/.opengever/ldap/{hostname}.json
configure_ldap_credentials(site)
acl_users = getToolByName(site, 'acl_users')
plugins = acl_users.plugins
# disable source_groups when using ldap
for ptype in plugins.listPluginTypeInfo():
try:
plugins.deactivatePlugin(ptype['interface'],
'source_groups')
except KeyError:
pass
# deactivate recursive groups
for ptype in plugins.listPluginTypeInfo():
try:
plugins.deactivatePlugin(ptype['interface'],
'recursive_groups')
except KeyError:
pass
# move ldap up
plugins.movePluginsUp(IPropertiesPlugin, ('ldap',))
plugins.movePluginsUp(IPropertiesPlugin, ('ldap',))
plugins.movePluginsUp(IPropertiesPlugin, ('ldap',))
if form.get('first', False) and form.get('import_users', False):
print '===== SYNC LDAP ===='
class Object(object):
pass
# Import LDAP users and groups
options = Object()
options.site_root = '/' + form['client_id']
options.update_syncstamp = False
sync_ldap.run_import(self.context, options)
if form.get('configsql'):
# register the client in the ogds
# is the client already configured? -> delete it
clients = session.query(Client).filter_by(
client_id=form['client_id']).all()
if clients:
session.delete(clients[0])
# groups must exist
users_groups = session.query(Group).filter_by(
groupid=form['group'])
inbox_groups = session.query(Group).filter_by(
groupid=form['inbox_group'])
try:
users_group = users_groups[0]
except IndexError:
raise SetupError("User group '%s' could not be found." %
form['group'])
try:
inbox_group = inbox_groups[0]
except IndexError:
raise SetupError("Inbox group '%s' could not be found." %
form['inbox_group'])
active = bool(form.get('active', False))
client = Client(form['client_id'],
enabled=active,
title=form['title'],
ip_address=form['ip_address'],
site_url=form['site_url'],
public_url=form['public_url'],
)
client.users_group = users_group
client.inbox_group = inbox_group
session.add(client)
# create the admin user in the ogds if he not exist
# and add it to the specified user_group
# so we avoid a constraintError in the choice fields
if session.query(User).filter_by(userid=ADMIN_USER_ID).count() == 0:
og_admin_user = User(ADMIN_USER_ID, firstname='OG',
lastname='Administrator', active=True)
session.add(og_admin_user)
else:
og_admin_user = session.query(User).filter_by(
userid=ADMIN_USER_ID).first()
og_admin_user.active = True
users_group = session.query(Group).filter_by(
groupid=form['group']).first()
if og_admin_user not in users_group.users:
users_group.users.append(og_admin_user)
# set the client id in the registry
client_id = form['client_id'].decode('utf-8')
registry = getUtility(IRegistry)
proxy = registry.forInterface(IClientConfiguration)
proxy.client_id = form['client_id'].decode('utf-8')
# set the mail domain in the registry
registry = getUtility(IRegistry)
proxy = registry.forInterface(IMailSettings)
proxy.mail_domain = form['mail_domain'].decode('utf-8')
mail_from_address = self.get_mail_from_address()
site.manage_changeProperties({'email_from_address': mail_from_address,
'email_from_name': client_id})
# set global Member role for the client users group
site.acl_users.portal_role_manager.assignRoleToPrincipal(
'Member', form['group'])
# set global Member role for readers group
if form['reader_group']:
site.acl_users.portal_role_manager.assignRoleToPrincipal(
'Member', form['reader_group'])
# set Role Manager role for rolemanager group
if form['rolemanager_group']:
site.acl_users.portal_role_manager.assignRoleToPrincipal(
'Role Manager', form['rolemanager_group'])
# provide the repository root for opengever.setup:default
repository_root = config.get('repository_root', None)
if repository_root:
self.request.set('repository_root', repository_root)
# import the defaul generic setup profiles if needed
stool = getToolByName(site, 'portal_setup')
for profile in config.get('additional_profiles', ()):
stool.runAllImportStepsFromProfile('profile-%s' % profile)
# set the site title
site.manage_changeProperties(title=form['title'])
# REALLY set the language - the plone4 addPloneSite is really
# buggy with languages.
langCP = getAdapter(site, ILanguageSelectionSchema)
langCP.default_language = 'de-ch'
# the og_admin_user is not longer used so we set him to inactive
og_admin_user.active = False
return 'ok'
def import_users(self):
"""Imports users from all the configured LDAP plugins into OGDS.
"""
session = create_session()
# Set all SQL users inactive first - the ones still contained in the
# LDAP will be set active again below (in the same transaction).
for user in session.query(User):
user.active = False
for plugin in self._ldap_plugins():
ldap_userfolder = plugin._getLDAPUserFolder()
uid_attr = self._get_uid_attr(ldap_userfolder)
ldap_util = ILDAPSearch(ldap_userfolder)
logger.info(u"Users base: %s" % ldap_userfolder.users_base)
logger.info(u"User filter: %s" % ldap_util.get_user_filter())
ldap_users = ldap_util.get_users()
for ldap_user in ldap_users:
dn, info = ldap_user
# Ignore users without an UID in LDAP
if uid_attr not in info:
continue
userid = info[uid_attr]
userid = userid.decode("utf-8")
# Skip users with uid longer than SQL 'userid' column
if len(userid) > USER_ID_LENGTH:
logger.warn(u"Skipping user '{}' - " u"userid too long!".format(userid))
continue
if not self.user_exists(userid):
# Create the new user
user = User(userid)
session.add(user)
else:
# Get the existing user
try:
user = self.get_sql_user(userid)
except MultipleResultsFound:
# Duplicate user with slightly different spelling
# (casing, whitespace, ...) that may not be considered
# different by the SQL backend's unique constraint.
# We therefore enforce uniqueness ourselves.
logger.warn(u"Skipping duplicate user '{}'!".format(userid))
continue
# Iterate over all SQL columns and update their values
columns = User.__table__.columns
for col in columns:
if col.name == "userid":
# We already set the userid when creating the user
# object, and it may not be called the same in LDAP as
# in our SQL model
continue
value = info.get(col.name)
# We can't store sequences in SQL columns. So if we do get
# a multi-valued field to be stored directly in OGDS, we
# treat it as a multi-line string and join it.
if isinstance(value, list) or isinstance(value, tuple):
value = " ".join([str(v) for v in value])
if isinstance(value, str):
value = value.decode("utf-8")
setattr(user, col.name, value)
# Set the user active
user.active = True
logger.info(u"Imported user '{}'".format(userid))
session.flush()
