def save_group_permissions(self, **kw): try: permission_name = kw['permissions']['text'] except KeyError: log.exception('Permission not submitted correctly') response.status = 403 return ['Permission not submitted correctly'] try: permission = Permission.by_name(permission_name) except NoResultFound: log.exception('Invalid permission: %s' % permission_name) response.status = 403 return ['Invalid permission value'] try: group_id = kw['group_id'] except KeyError: log.exception('Group id not submitted') response.status = 403 return ['No group id given'] try: group = Group.by_id(group_id) except NoResultFound: log.exception('Group id %s is not a valid group id' % group_id) response.status = 403 return ['Invalid Group Id'] group = Group.by_id(group_id) if permission not in group.permissions: group.permissions.append(permission) else: response.status = 403 return ['%s already exists in group %s' % (permission.permission_name, group.group_name)] return {'name':permission_name, 'id':permission.permission_id}
def revoke_owner(self, group_id=None, id=None, **kw): if group_id is not None and id is not None: group = Group.by_id(group_id) user = User.by_id(id) service = 'WEBUI' else: group = Group.by_name(kw['group_name']) user = User.by_user_name(kw['member_name']) service = 'XMLRPC' if group.membership_type == GroupMembershipType.ldap: raise GroupOwnerModificationForbidden('An LDAP group does not have an owner') if not group.can_edit(identity.current.user): raise GroupOwnerModificationForbidden('You are not an owner of group %s' % group) if user not in group.users: raise GroupOwnerModificationForbidden('User is not a group member') if len(group.owners())==1 and not identity.current.user.is_admin(): raise GroupOwnerModificationForbidden('Cannot remove the only owner') else: group.revoke_ownership(user=user, agent=identity.current.user, service=service) # hack to return the user removing this owner # so that if the user was logged in as a group # owner, he/she can be redirected appropriately return str(identity.current.user.user_id)
def grant_owner(self, group_id=None, id=None, **kw): if group_id is not None and id is not None: group = Group.by_id(group_id) user = User.by_id(id) service = 'WEBUI' else: group = Group.by_name(kw['group_name']) user = User.by_user_name(kw['member_name']) service = 'XMLRPC' if group.ldap: raise GroupOwnerModificationForbidden('An LDAP group does not have an owner') if not group.can_edit(identity.current.user): raise GroupOwnerModificationForbidden('You are not an owner of the group %s' % group) if user not in group.users: raise GroupOwnerModificationForbidden('User is not a group member') else: for assoc in group.user_group_assocs: if assoc.user == user: if not assoc.is_owner: assoc.is_owner = True group.record_activity(user=identity.current.user, service=service, field=u'Owner', action='Added', old=u'', new=user.user_name) return ''
def revoke_owner(self, group_id=None, id=None, **kw): if group_id is not None and id is not None: group = Group.by_id(group_id) user = User.by_id(id) service = 'WEBUI' else: group = Group.by_name(kw['group_name']) user = User.by_user_name(kw['member_name']) service = 'XMLRPC' if group.ldap: raise GroupOwnerModificationForbidden('An LDAP group does not have an owner') if not group.can_edit(identity.current.user): raise GroupOwnerModificationForbidden('You are not an owner of group %s' % group) if user not in group.users: raise GroupOwnerModificationForbidden('User is not a group member') if len(group.owners())==1 and not identity.current.user.is_admin(): raise GroupOwnerModificationForbidden('Cannot remove the only owner') else: for assoc in group.user_group_assocs: if assoc.user == user: if assoc.is_owner: assoc.is_owner = False group.record_activity(user=identity.current.user, service=service, field=u'Owner', action='Removed', old=user.user_name, new=u'') # hack to return the user removing this owner # so that if the user was logged in as a group # owner, he/she can be redirected appropriately return str(identity.current.user.user_id)
def grant_owner(self, group_id=None, id=None, **kw): if group_id is not None and id is not None: group = Group.by_id(group_id) user = User.by_id(id) service = 'WEBUI' else: group = Group.by_name(kw['group_name']) user = User.by_user_name(kw['member_name']) service = 'XMLRPC' if group.ldap: raise GroupOwnerModificationForbidden( 'An LDAP group does not have an owner') if not group.can_edit(identity.current.user): raise GroupOwnerModificationForbidden( 'You are not an owner of the group %s' % group) if user not in group.users: raise GroupOwnerModificationForbidden('User is not a group member') else: for assoc in group.user_group_assocs: if assoc.user == user: if not assoc.is_owner: assoc.is_owner = True group.record_activity(user=identity.current.user, service=service, field=u'Owner', action='Added', old=u'', new=user.user_name) return ''
def revoke_owner(self, group_id=None, id=None, **kw): if group_id is not None and id is not None: group = Group.by_id(group_id) user = User.by_id(id) service = 'WEBUI' else: group = Group.by_name(kw['group_name']) user = User.by_user_name(kw['member_name']) service = 'XMLRPC' if group.membership_type == GroupMembershipType.ldap: raise GroupOwnerModificationForbidden( 'An LDAP group does not have an owner') if not group.can_edit(identity.current.user): raise GroupOwnerModificationForbidden( 'You are not an owner of group %s' % group) if user not in group.users: raise GroupOwnerModificationForbidden('User is not a group member') if len(group.owners()) == 1 and not identity.current.user.is_admin(): raise GroupOwnerModificationForbidden( 'Cannot remove the only owner') else: group.revoke_ownership(user=user, agent=identity.current.user, service=service) # hack to return the user removing this owner # so that if the user was logged in as a group # owner, he/she can be redirected appropriately return str(identity.current.user.user_id)
def grant_owner(self, group_id=None, id=None, **kw): if group_id is not None and id is not None: group = Group.by_id(group_id) user = User.by_id(id) service = 'WEBUI' else: group = Group.by_name(kw['group_name']) user = User.by_user_name(kw['member_name']) service = 'XMLRPC' if group.membership_type == GroupMembershipType.ldap: raise GroupOwnerModificationForbidden( 'An LDAP group does not have an owner') if not group.can_edit(identity.current.user): raise GroupOwnerModificationForbidden( 'You are not an owner of the group %s' % group) if user not in group.users: raise GroupOwnerModificationForbidden('User is not a group member') else: group.grant_ownership(user=user, agent=identity.current.user, service=service) return ''
def setUp(self): self.selenium = self.get_selenium() self.password = '******' # create users self.user_1 = data_setup.create_user(password=self.password) self.user_2 = data_setup.create_user(password=self.password) self.user_3 = data_setup.create_user(password=self.password) # create admin users self.admin_1 = data_setup.create_user(password=self.password) self.admin_1.groups.append(Group.by_name(u'admin')) self.admin_2 = data_setup.create_user(password=self.password) self.admin_2.groups.append(Group.by_name(u'admin')) # create systems self.system_1 = data_setup.create_system(shared=True) self.system_2 = data_setup.create_system(shared=True) self.system_3 = data_setup.create_system(shared=False, owner=self.user_3) # create group and add users/systems to it self.group_1 = data_setup.create_group() self.user_3.groups.append(self.group_1) self.admin_2.groups.append(self.group_1) self.system_2.groups.append(self.group_1) lc = data_setup.create_labcontroller() self.system_1.lab_controller = lc self.system_2.lab_controller = lc self.system_3.lab_controller = lc self.selenium.start()
def test_group_create(self): group_name = data_setup.unique_name(u'group%s') display_name = u'My Group' out = run_client([ 'bkr', 'group-create', '--display-name', display_name, group_name ]) self.assert_('Group created' in out, out) with session.begin(): group = Group.by_name(group_name) self.assertEquals(group.display_name, display_name) self.assertEquals(group.activity[-1].action, u'Added') self.assertEquals(group.activity[-1].field_name, u'Owner') self.assertEquals(group.activity[-1].new_value, data_setup.ADMIN_USER) self.assertEquals(group.activity[-1].service, u'HTTP') self.assertEquals(group.activity[-2].action, u'Added') self.assertEquals(group.activity[-2].field_name, u'User') self.assertEquals(group.activity[-2].new_value, data_setup.ADMIN_USER) self.assertEquals(group.activity[-2].service, u'HTTP') self.assertEquals(group.activity[-3].action, u'Created') self.assertEquals(group.activity[-3].service, u'HTTP') group_name = data_setup.unique_name(u'group%s') out = run_client(['bkr', 'group-create', group_name]) self.assert_('Group created' in out, out) with session.begin(): group = Group.by_name(group_name) self.assertEqual(group.group_name, group_name) self.assertEqual(group.display_name, group_name) group_name = data_setup.unique_name(u'group%s') try: _ = run_client(['bkr', 'group-create', group_name, group_name]) self.fail('Must fail or die') except ClientError as e: self.assert_( 'Exactly one group name must be specified' in e.stderr_output, e.stderr_output) try: _ = run_client( ['bkr', 'group-create', 'areallylonggroupname' * 20]) self.fail('Must fail or die') except ClientError as e: self.assertIn( 'Group name must be not more than 255 characters long', e.stderr_output) try: _ = run_client([ 'bkr', 'group-create', '--display-name', 'A really long group display name' * 20, 'agroup' ]) self.fail('Must fail or die') except ClientError as e: self.assertIn( 'Group display name must be not more than 255 characters long', e.stderr_output)
def test_group_modify_add_member(self): with session.begin(): user = data_setup.create_user() mail_capture_thread.start_capturing() out = run_client(['bkr', 'group-modify', '--add-member', user.user_name, self.group.group_name], config = self.client_config) with session.begin(): session.refresh(self.group) group = Group.by_name(self.group.group_name) self.assert_(user.user_name in [u.user_name for u in group.users]) self.check_notification(user, group, action='Added') try: out = run_client(['bkr', 'group-modify', '--add-member', 'idontexist', self.group.group_name], config = self.client_config) self.fail('Must fail or die') except ClientError as e: self.assert_('User idontexist does not exist' in e.stderr_output, e.stderr_output) try: out = run_client(['bkr', 'group-modify', '--add-member', user.user_name, self.group.group_name], config = self.client_config) self.fail('Must fail or die') except ClientError as e: self.assert_('User %s is already a member of group %s' % (user.user_name, self.group.group_name) in e.stderr_output, e.stderr_output) with session.begin(): session.refresh(self.group) group = Group.by_name(self.group.group_name) self.assertEquals(group.activity[-1].action, u'Added') self.assertEquals(group.activity[-1].field_name, u'User') self.assertEquals(group.activity[-1].user.user_id, self.user.user_id) self.assertEquals(group.activity[-1].new_value, user.user_name) self.assertEquals(group.activity[-1].service, u'HTTP') try: out = run_client(['bkr', 'group-modify', '--add-member', user.user_name, self.fake_ldap_group.group_name]) self.fail('Must fail or die') except ClientError as e: self.assert_('Cannot edit membership of group %s' % self.fake_ldap_group.group_name in e.stderr_output,e.stderr_output)
def create_group(): """ Creates a new user group in Beaker. The request must be :mimetype:`application/json`. :jsonparam string group_name: Symbolic name for the group. :jsonparam string display_name: Human-friendly display name for the group. :jsonparam string description: Description of the group. :jsonparam string root_password: Optional root password for group jobs. If this is not set, group jobs will use the root password preferences of the job submitter. :jsonparam string membership_type: Specifies how group membership is populated. Possible values are: * normal: Group is initially empty, members are explicitly added and removed by group owner. * ldap: Membership is populated from the LDAP group with the same group name. * inverted: Group contains all Beaker users *except* users who have been explicitly excluded by the group owner. :status 201: The group was successfully created. """ user = identity.current.user data = read_json_request(request) if 'group_name' not in data: raise BadRequest400('Missing group_name key') if 'display_name' not in data: raise BadRequest400('Missing display_name key') # for backwards compatibility if data.pop('ldap', False): data['membership_type'] = 'ldap' try: Group.by_name(data['group_name']) except NoResultFound: pass else: raise Conflict409("Group '%s' already exists" % data['group_name']) with convert_internal_errors(): group = Group.lazy_create(group_name=data['group_name']) group.display_name = data['display_name'] group.description = data.get('description') group.root_password = data.get('root_password') session.add(group) group.record_activity(user=user, service=u'HTTP', field=u'Group', action=u'Created') if data.get('membership_type'): group.membership_type = GroupMembershipType.from_string( data['membership_type']) if group.membership_type == GroupMembershipType.ldap: group.refresh_ldap_members() else: # LDAP groups don't have any owners group.add_member(user, is_owner=True, agent=identity.current.user) response = jsonify(group.__json__()) response.status_code = 201 response.headers.add('Location', absolute_url(group.href)) return response
def by_name(self, input,*args,**kw): input = input.lower() if 'anywhere' in kw: search = Group.list_by_name(input, find_anywhere=True) else: search = Group.list_by_name(input) groups = [match.group_name for match in search] return dict(matches=groups)
def by_name(self, input, *args, **kw): input = input.lower() if 'anywhere' in kw: search = Group.list_by_name(input, find_anywhere=True) else: search = Group.list_by_name(input) groups = [match.group_name for match in search] return dict(matches=groups)
def create(self, kw): """ Creates a new group. The *kw* argument must be an XML-RPC structure (dict) specifying the following keys: 'group_name' Group name (maximum 16 characters) 'display_name' Group display name 'ldap' Populate users from LDAP (True/False) Returns a message whether the group was successfully created or raises an exception on failure. """ display_name = kw.get('display_name') group_name = kw.get('group_name') ldap = kw.get('ldap') password = kw.get('root_password') if ldap and not identity.current.user.is_admin(): raise BX(_(u'Only admins can create LDAP groups')) try: group = Group.by_name(group_name) except NoResultFound: #validate GroupFormSchema.fields['group_name'].to_python(group_name) GroupFormSchema.fields['display_name'].to_python(display_name) group = Group() session.add(group) group.record_activity(user=identity.current.user, service=u'XMLRPC', field=u'Group', action=u'Created') group.display_name = display_name group.group_name = group_name group.ldap = ldap group.root_password = password user = identity.current.user if not ldap: group.user_group_assocs.append(UserGroup(user=user, is_owner=True)) group.activity.append(GroupActivity(user, service=u'XMLRPC', action=u'Added', field_name=u'User', old_value=None, new_value=user.user_name)) group.activity.append(GroupActivity(user, service=u'XMLRPC', action=u'Added', field_name=u'Owner', old_value=None, new_value=user.user_name)) if group.ldap: group.refresh_ldap_members() return 'Group created: %s.' % group_name else: raise BX(_(u'Group already exists: %s.' % group_name))
def test_remove_user_from_owning_group(self): with session.begin(): user = data_setup.create_user(password='******') group_name = data_setup.unique_name('AAAAAA%s') display_name = data_setup.unique_name('Group Display Name %s') b = self.browser login(b, user=self.user.user_name, password='******') b.get(get_server_base() + 'groups/mine') b.find_element_by_link_text('Add').click() b.find_element_by_xpath('//input[@id="Group_display_name"]').send_keys( display_name) b.find_element_by_xpath('//input[@id="Group_group_name"]').send_keys( group_name) b.find_element_by_id('Group').submit() b.find_element_by_xpath('//title[text()="My Groups"]') b.find_element_by_link_text(group_name).click() # add an user b.find_element_by_xpath( '//input[@id="GroupUser_user_text"]').send_keys(user.user_name) b.find_element_by_id('GroupUser').submit() self.mail_capture.captured_mails[:] = [] group_id = Group.by_name(group_name).group_id username = user.user_name user_id = user.user_id b.find_element_by_xpath('//td[preceding-sibling::td[2]/text()="%s"]' % username)\ .find_element_by_link_text('Remove').click() self.assertEquals( b.find_element_by_class_name('flash').text, '%s Removed' % username) with session.begin(): group = Group.by_name(group_name) self.check_notification(user, group, action='Removed') # remove self when I am the only owner of the group b.find_element_by_xpath('//td[preceding-sibling::td[2]/text()="%s"]' % self.user.user_name)\ .find_element_by_link_text('Remove').click() self.assert_('Cannot remove member' in b.find_element_by_class_name( 'flash').text) # admin should be able to remove an owner, even if only one logout(b) #login back as admin login(b) b.get(get_server_base() + 'groups/edit?group_id=%s' % group_id) b.find_element_by_xpath('//td[preceding-sibling::td[2]/text()="%s"]' % self.user.user_name)\ .find_element_by_link_text('Remove').click() self.assert_( '%s Removed' % self.user.user_name in b.find_element_by_class_name('flash').text)
def test_group_modify_grant_owner(self): with session.begin(): user1 = data_setup.create_user() self.group.add_member(user1) user2 = data_setup.create_user() self.group.add_member(user2) user3 = data_setup.create_user() out = run_client([ 'bkr', 'group-modify', '--grant-owner', user1.user_name, '--grant-owner', user2.user_name, self.group.group_name ], config=self.client_config) with session.begin(): session.refresh(self.group) group = Group.by_name(self.group.group_name) self.assert_(user1.user_id in [u.user_id for u in group.owners()]) self.assert_(user2.user_id in [u.user_id for u in group.owners()]) self.assertEquals( Activity.query.filter_by(service=u'HTTP', field_name=u'Owner', action=u'Added', new_value=user2.user_name).count(), 1) group = Group.by_name(group.group_name) self.assertEquals(group.activity[-1].action, u'Added') self.assertEquals(group.activity[-1].field_name, u'Owner') self.assertEquals(group.activity[-1].new_value, user2.user_name) self.assertEquals(group.activity[-1].service, u'HTTP') # If the user is not a group member, add the user into the members list # first and then grant the group ownership. out = run_client([ 'bkr', 'group-modify', '--grant-owner', user3.user_name, self.group.group_name ], config=self.client_config) with session.begin(): session.refresh(self.group) group = Group.by_name(self.group.group_name) self.assertIn(user3, group.users) self.assertTrue(group.has_owner(user3)) try: out = run_client([ 'bkr', 'group-modify', '--grant-owner', user3.user_name, self.fake_ldap_group.group_name ], config=self.client_config) self.fail('Must fail or die') except ClientError as e: self.assert_('Cannot edit ownership of group' in e.stderr_output, e.stderr_output)
def test_adds_existing_user_to_admin_group(self): with session.begin(): admin_group = Group.by_name(u'admin') existing_user = data_setup.create_user() self.assertNotIn(admin_group, existing_user.groups) run_command('init.py', 'beaker-init', ['--user', existing_user.user_name]) with session.begin(): admin_group = Group.by_name(u'admin') existing_user = User.query.get(existing_user.user_id) self.assertIn(admin_group, existing_user.groups) # run the same thing again, should have no effect but should not break run_command('init.py', 'beaker-init', ['--user', existing_user.user_name])
def test_adds_existing_user_to_admin_group(self): with session.begin(): admin_group = Group.by_name(u'admin') existing_user = data_setup.create_user() self.assertNotIn(admin_group, existing_user.groups) populate_db(user_name=existing_user.user_name) with session.begin(): admin_group = Group.by_name(u'admin') existing_user = User.query.get(existing_user.user_id) self.assertIn(admin_group, existing_user.groups) # run the same thing again, should have no effect but should not break populate_db(user_name=existing_user.user_name)
def edit(self, group_id=None, group_name=None, **kw): # Not just for editing, also provides a read-only view if group_id is not None: try: group = Group.by_id(group_id) except DatabaseLookupError: log.exception('Group id %s is not a valid group id' % group_id) flash(_(u'Need a valid group to search on')) redirect('../groups/mine') elif group_name is not None: try: group = Group.by_name(group_name) except NoResultFound: log.exception('Group name %s is not a valid group name' % group_name) flash(_(u'Need a valid group to search on')) redirect('../groups/mine') else: redirect('../groups/mine') usergrid = self.show_members(group) can_edit = False if identity.current.user: can_edit = group.can_edit(identity.current.user) permissions_fields = [('Permission', lambda x: x.permission_name)] if can_edit: permissions_fields.append((' ', lambda x: XML( '<a class="btn" href="#" id="remove_permission_%s">' '<i class="fa fa-times"/> Remove</a>' % x.permission_id))) group_permissions_grid = BeakerDataGrid(name='group_permission_grid', fields=permissions_fields) group_permissions = GroupPermissions() return dict( form=self.group_form, user_form=self.group_user_form, group_edit_js=LocalJSLink('bkr', '/static/javascript/group_users_v2.js'), action='./save', user_action='./save_user', options={}, value=group, group_pw=group.root_password, usergrid=usergrid, disabled_fields=[], group_permissions=group_permissions, group_form=self.permissions_form, group_permissions_grid=group_permissions_grid, )
def edit(self, group_id=None, group_name=None, **kw): # Not just for editing, also provides a read-only view if group_id is not None: try: group = Group.by_id(group_id) except DatabaseLookupError: log.exception('Group id %s is not a valid group id' % group_id) flash(_(u'Need a valid group to search on')) redirect('../groups/mine') elif group_name is not None: try: group = Group.by_name(group_name) except NoResultFound: log.exception('Group name %s is not a valid group name' % group_name) flash(_(u'Need a valid group to search on')) redirect('../groups/mine') else: redirect('../groups/mine') usergrid = self.show_members(group) can_edit = False if identity.current.user: can_edit = group.can_edit(identity.current.user) permissions_fields = [('Permission', lambda x: x.permission_name)] if can_edit: permissions_fields.append((' ', lambda x: XML( '<a class="btn" href="#" id="remove_permission_%s">' '<i class="fa fa-times"/> Remove</a>' % x.permission_id))) group_permissions_grid = BeakerDataGrid(name='group_permission_grid', fields=permissions_fields) group_permissions = GroupPermissions() return dict( form = self.group_form, user_form = self.group_user_form, group_edit_js = LocalJSLink('bkr', '/static/javascript/group_users_v2.js'), action = './save', user_action = './save_user', options = {}, value = group, group_pw = group.root_password, usergrid = usergrid, disabled_fields=[], group_permissions = group_permissions, group_form = self.permissions_form, group_permissions_grid = group_permissions_grid, )
def test_group_modify_grant_owner(self): with session.begin(): user1 = data_setup.create_user() self.group.add_member(user1) user2 = data_setup.create_user() self.group.add_member(user2) user3 = data_setup.create_user() out = run_client(['bkr', 'group-modify', '--grant-owner', user1.user_name, '--grant-owner', user2.user_name, self.group.group_name], config = self.client_config) with session.begin(): session.refresh(self.group) group = Group.by_name(self.group.group_name) self.assert_(user1.user_id in [u.user_id for u in group.owners()]) self.assert_(user2.user_id in [u.user_id for u in group.owners()]) self.assertEquals(Activity.query.filter_by(service=u'HTTP', field_name=u'Owner', action=u'Added', new_value=user2.user_name).count(), 1) group = Group.by_name(group.group_name) self.assertEquals(group.activity[-1].action, u'Added') self.assertEquals(group.activity[-1].field_name, u'Owner') self.assertEquals(group.activity[-1].new_value, user2.user_name) self.assertEquals(group.activity[-1].service, u'HTTP') # If the user is not a group member, add the user into the members list # first and then grant the group ownership. out = run_client(['bkr', 'group-modify', '--grant-owner', user3.user_name, self.group.group_name], config = self.client_config) with session.begin(): session.refresh(self.group) group = Group.by_name(self.group.group_name) self.assertIn(user3, group.users) self.assertTrue(group.has_owner(user3)) try: out = run_client(['bkr', 'group-modify', '--grant-owner', user3.user_name, self.fake_ldap_group.group_name], config = self.client_config) self.fail('Must fail or die') except ClientError, e: self.assert_('Cannot modify group ownership')
def test_remove_user_from_owning_group(self): with session.begin(): user = data_setup.create_user(password='******') group_name = data_setup.unique_name('AAAAAA%s') display_name = data_setup.unique_name('Group Display Name %s') b = self.browser login(b, user=self.user.user_name, password='******') b.get(get_server_base() + 'groups/mine') b.find_element_by_link_text('Add').click() b.find_element_by_xpath('//input[@id="Group_display_name"]').send_keys(display_name) b.find_element_by_xpath('//input[@id="Group_group_name"]').send_keys(group_name) b.find_element_by_id('Group').submit() b.find_element_by_xpath('//title[text()="My Groups"]') b.find_element_by_link_text(group_name).click() # add an user b.find_element_by_xpath('//input[@id="GroupUser_user_text"]').send_keys(user.user_name) b.find_element_by_id('GroupUser').submit() self.mail_capture.captured_mails[:] = [] group_id = Group.by_name(group_name).group_id username = user.user_name user_id = user.user_id b.find_element_by_xpath('//td[preceding-sibling::td[2]/text()="%s"]' % username)\ .find_element_by_link_text('Remove').click() self.assertEquals(b.find_element_by_class_name('flash').text, '%s Removed' % username) with session.begin(): group = Group.by_name(group_name) self.check_notification(user, group, action='Removed') # remove self when I am the only owner of the group b.find_element_by_xpath('//td[preceding-sibling::td[2]/text()="%s"]' % self.user.user_name)\ .find_element_by_link_text('Remove').click() self.assert_('Cannot remove member' in b.find_element_by_class_name('flash').text) # admin should be able to remove an owner, even if only one logout(b) #login back as admin login(b) b.get(get_server_base() + 'groups/edit?group_id=%s' % group_id) b.find_element_by_xpath('//td[preceding-sibling::td[2]/text()="%s"]' % self.user.user_name)\ .find_element_by_link_text('Remove').click() self.assert_('%s Removed' % self.user.user_name in b.find_element_by_class_name('flash').text)
def members(self, group_name): """ List the members of an existing group. :param group_name: An existing group name :type group_name: string Returns a list of the members (a dictionary containing each member's username, email, and whether the member is an owner or not). """ try: group = Group.by_name(group_name) except NoResultFound: raise BX(_(u'Group does not exist: %s.' % group_name)) users=[] for u in group.users: user={} user['username']=u.user_name user['email'] = u.email_address if group.has_owner(u): user['owner'] = True else: user['owner'] = False users.append(user) return users
def _from_csv(cls,system,data,csv_type,log): """ Import data from CSV file into system.groups """ if 'group' in data and data['group']: try: group = Group.by_name(data['group']) except InvalidRequestError: group = Group(group_name=data['group'], display_name=data['group']) session.add(group) deleted = False if 'deleted' in data: deleted = smart_bool(data['deleted']) if deleted: if group in system.groups: activity = SystemActivity(identity.current.user, 'CSV', 'Removed', 'group', '%s' % group, '') system.activity.append(activity) system.groups.remove(group) else: if group not in system.groups: system.groups.append(group) activity = SystemActivity(identity.current.user, 'CSV', 'Added', 'group', '', '%s' % group) system.activity.append(activity) else: log.append("%s: group can't be empty!" % system.fqdn) return False return True
def remove(self, **kw): u = identity.current.user try: group = Group.by_id(kw['group_id']) except DatabaseLookupError: flash(unicode('Invalid group or already removed')) redirect('../groups/mine') if not group.can_edit(u): flash(_(u'You are not an owner of group %s' % group)) redirect('../groups/mine') if group.is_protected_group(): flash(_(u'This group %s is predefined and cannot be deleted' % group)) redirect('../groups/mine') if group.jobs: flash(_(u'Cannot delete a group which has associated jobs')) redirect('../groups/mine') # Record the access policy rules that will be removed # before deleting the group for rule in group.system_access_policy_rules: rule.record_deletion() # For any system pool owned by this group, unset owning_group # and set owning_user to the user deleting this group pools = SystemPool.query.filter_by(owning_group_id=group.group_id) for pool in pools: pool.change_owner(user=u, service='WEBUI') session.delete(group) activity = Activity(u, u'WEBUI', u'Removed', u'Group', group.display_name, u"") session.add(activity) flash( _(u"%s deleted") % group.display_name ) raise redirect(".")
def test_create_new_group(self): b = self.browser login(b, user=self.user.user_name, password='******') b.get(get_server_base() + 'groups/mine') b.find_element_by_link_text('Add ( + )').click() b.find_element_by_xpath('//input[@id="Group_display_name"]'). \ send_keys('Group FBZ') b.find_element_by_xpath('//input[@id="Group_group_name"]'). \ send_keys('FBZ') b.find_element_by_xpath('//input[@id="Group_root_password"]'). \ send_keys('blapppy7') b.find_element_by_xpath('//input[@value="Save"]').click() b.find_element_by_xpath('//title[text()="My Groups"]') b.find_element_by_link_text('FBZ').click() with session.begin(): self.assertEquals(Activity.query.filter_by(service=u'WEBUI', field_name=u'Group', action=u'Added', new_value=u'Group FBZ').count(), 1) group = Group.by_name(u'FBZ') self.assertEquals(group.display_name, u'Group FBZ') self.assert_(group.has_owner(self.user)) self.assertEquals(group.activity[-1].action, u'Added') self.assertEquals(group.activity[-1].field_name, u'Owner') self.assertEquals(group.activity[-1].new_value, self.user.user_name) self.assertEquals(group.activity[-1].service, u'WEBUI') self.assertEquals(group.activity[-2].action, u'Added') self.assertEquals(group.activity[-2].field_name, u'User') self.assertEquals(group.activity[-2].new_value, self.user.user_name) self.assertEquals(group.activity[-2].service, u'WEBUI') self.failUnless(crypt.crypt('blapppy7', group.root_password) == group.root_password, group.root_password)
def removeUser(self, group_id=None, id=None, **kw): group = Group.by_id(group_id) if not group.can_modify_membership(identity.current.user): flash(_(u'You are not an owner of group %s' % group)) redirect('../groups/mine') if not group.can_remove_member(identity.current.user, id): flash(_(u'Cannot remove member')) redirect('../groups/edit?group_id=%s' % group_id) groupUsers = group.users for user in groupUsers: if user.user_id == int(id): group.users.remove(user) removed = user activity = GroupActivity(identity.current.user, u'WEBUI', u'Removed', u'User', removed.user_name, u"") group.activity.append(activity) mail.group_membership_notify(user, group, agent=identity.current.user, action='Removed') flash(_(u"%s Removed" % removed.display_name)) redirect("../groups/edit?group_id=%s" % group_id) flash( _(u"No user %s in group %s" % (id, removed.display_name))) raise redirect("../groups/edit?group_id=%s" % group_id)
def test_group_modify_group_name(self): group_name = 'mynewgroup' out = run_client([ 'bkr', 'group-modify', '--group-name', group_name, self.group.group_name ], config=self.client_config) with session.begin(): session.refresh(self.group) group = Group.by_name(group_name) self.assertEquals(group.group_name, group_name) self.assertEquals(group.activity[-1].action, u'Changed') self.assertEquals(group.activity[-1].field_name, u'Name') self.assertEquals(group.activity[-1].user.user_id, self.user.user_id) self.assertEquals(group.activity[-1].new_value, group_name) self.assertEquals(group.activity[-1].service, u'XMLRPC') try: out = run_client([ 'bkr', 'group-modify', '--group-name', 'areallylonggroupname' * 20, self.group.group_name ], config=self.client_config) self.fail('Must fail or die') except ClientError, e: max_length = Group.group_name.property.columns[0].type.length self.assertRegexpMatches( e.stderr_output, 'Enter a value (less|not more) than %r characters long' % max_length)
def save_system_access_policy(fqdn): system = _get_system_by_FQDN(fqdn) if not system.can_edit_policy(identity.current.user): raise Forbidden403('Cannot edit system policy') if system.custom_access_policy: policy = system.custom_access_policy else: policy = system.custom_access_policy = SystemAccessPolicy() data = read_json_request(request) # Figure out what is added, what is removed. # Rules are immutable, so if it has an id it is unchanged, # if it has no id it is new. kept_rule_ids = frozenset(r['id'] for r in data['rules'] if 'id' in r) removed = [] for old_rule in policy.rules: if old_rule.id not in kept_rule_ids: removed.append(old_rule) for old_rule in removed: system.record_activity(user=identity.current.user, service=u'HTTP', field=u'Access Policy Rule', action=u'Removed', old=repr(old_rule)) policy.rules.remove(old_rule) for rule in data['rules']: if 'id' not in rule: user = User.by_user_name(rule['user']) if rule['user'] else None group = Group.by_name(rule['group']) if rule['group'] else None permission = SystemPermission.from_string(rule['permission']) new_rule = policy.add_rule(user=user, group=group, everybody=rule['everybody'], permission=permission) system.record_activity(user=identity.current.user, service=u'HTTP', field=u'Access Policy Rule', action=u'Added', new=repr(new_rule)) return '', 204
def test_ldap_group(self): group_name = u'wyfp' display_name = u'My LDAP Group' out = run_client([ 'bkr', 'group-create', '--ldap', '--display-name', display_name, group_name ]) group = Group.by_name(group_name) self.assertEquals(group.membership_type, GroupMembershipType.ldap) self.assertEquals(group.users, [User.by_user_name(u'asaha')]) with session.begin(): rand_user = data_setup.create_user(password='******') rand_client_config = create_client_config(username=rand_user.user_name, password='******') group_name = u'alp' display_name = u'ALP' try: out = run_client([ 'bkr', 'group-create', '--ldap', '--display-name', display_name, group_name ], config=rand_client_config) self.fail('Must fail or die') except ClientError, e: self.assert_( 'Only admins can create LDAP groups' in e.stderr_output)
def removeUser(self, group_id=None, id=None, **kw): group = Group.by_id(group_id) if not group.can_modify_membership(identity.current.user): flash(_(u'You are not an owner of group %s' % group)) redirect('../groups/mine') if not group.can_remove_member(identity.current.user, id): flash(_(u'Cannot remove member')) redirect('../groups/edit?group_id=%s' % group_id) groupUsers = group.users for user in groupUsers: if user.user_id == int(id): group.users.remove(user) removed = user activity = GroupActivity(identity.current.user, u'WEBUI', u'Removed', u'User', removed.user_name, u"") group.activity.append(activity) mail.group_membership_notify(user, group, agent=identity.current.user, action='Removed') flash(_(u"%s Removed" % removed.display_name)) redirect("../groups/edit?group_id=%s" % group_id) flash(_(u"No user %s in group %s" % (id, removed.display_name))) raise redirect("../groups/edit?group_id=%s" % group_id)
def test_group_modify_add_member(self): with session.begin(): user = data_setup.create_user() out = run_client([ 'bkr', 'group-modify', '--add-member', user.user_name, self.group.group_name ], config=self.client_config) with session.begin(): session.refresh(self.group) group = Group.by_name(self.group.group_name) self.assert_(user.user_name in [u.user_name for u in group.users]) self.check_notification(user, group, action='Added') try: out = run_client([ 'bkr', 'group-modify', '--add-member', 'idontexist', self.group.group_name ], config=self.client_config) self.fail('Must fail or die') except ClientError, e: self.assert_('User idontexist does not exist' in e.stderr_output, e.stderr_output)
def process_xmljob(self, xmljob, user, ignore_missing_tasks=False): # We start with the assumption that the owner == 'submitting user', until # we see otherwise. submitter = user if user.rootpw_expired: raise BX(_('Your root password has expired, please change or clear it in order to submit jobs.')) owner_name = xmljob.get_xml_attr('user', unicode, None) if owner_name: owner = User.by_user_name(owner_name) if owner is None: raise ValueError('%s is not a valid user name' % owner_name) if not submitter.is_delegate_for(owner): raise ValueError('%s is not a valid submission delegate for %s' % (submitter, owner)) else: owner = user group_name = xmljob.get_xml_attr('group', unicode, None) group = None if group_name: try: group = Group.by_name(group_name) except NoResultFound, e: raise ValueError('%s is not a valid group' % group_name) if group not in owner.groups: raise BX(_(u'User %s is not a member of group %s' % (owner.user_name, group.group_name)))
def create_group(permissions=None, group_name=None, display_name=None, owner=None, membership_type=GroupMembershipType.normal, root_password=None): if group_name is None: group_name = unique_name(u'group%s') group = Group.lazy_create(group_name=group_name) group.root_password = root_password if display_name is None: group.display_name = u'Group %s display name' % group_name else: group.display_name = display_name group.membership_type = membership_type if group.membership_type == GroupMembershipType.ldap: assert owner is None, 'LDAP groups cannot have owners' if not owner: owner = create_user(user_name=unique_name(u'group_owner_%s')) group.add_member(owner, is_owner=True, service=u'testdata') if permissions: group.permissions.extend( Permission.by_name(name) for name in permissions) return group
def members(self, group_name): """ List the members of an existing group. :param group_name: An existing group name :type group_name: string Returns a list of the members (a dictionary containing each member's username, email, and whether the member is an owner or not). """ try: group = Group.by_name(group_name) except NoResultFound: raise BX(_(u'Group does not exist: %s.' % group_name)) users = [] for u in group.users: user = {} user['username'] = u.user_name user['email'] = u.email_address if group.has_owner(u): user['owner'] = True else: user['owner'] = False users.append(user) return users
def test_admin_cannot_rename_protected_group(self): # See https://bugzilla.redhat.com/show_bug.cgi?id=961206 protected_group_name = u'admin' with session.begin(): group = Group.by_name(protected_group_name) expected_display_name = group.display_name # Run command as the default admin user try: out = run_client(['bkr', 'group-modify', '--group-name', 'new_admin', '--display-name', 'this is also unchanged', protected_group_name]) self.fail('Must fail or die') except ClientError as e: self.assert_('Cannot rename protected group' in e.stderr_output, e.stderr_output) # Check the whole request is ignored if the name change is rejected with session.begin(): session.refresh(group) self.assertEquals(group.group_name, protected_group_name) self.assertEquals(group.display_name, expected_display_name) # However, changing just the display name is fine new_display_name = 'Tested admin group' out = run_client(['bkr', 'group-modify', '--display-name', new_display_name, protected_group_name]) with session.begin(): session.refresh(group) self.assertEquals(group.group_name, protected_group_name) self.assertEquals(group.display_name, new_display_name)
def test_ldap_group(self): group_name = 'wyfp' display_name = 'My LDAP Group' out = run_client(['bkr', 'group-create', '--ldap', '--display-name', display_name, group_name]) group = Group.by_name(group_name) self.assertEquals(group.ldap, True) self.assertEquals(group.users, [User.by_user_name(u'asaha')]) with session.begin(): rand_user = data_setup.create_user(password = '******') rand_client_config = create_client_config(username=rand_user.user_name, password='******') group_name = 'alp' display_name = 'ALP' try: out = run_client(['bkr', 'group-create', '--ldap', '--display-name', display_name, group_name], config = rand_client_config) self.fail('Must fail or die') except ClientError, e: self.assert_('Only admins can create LDAP groups' in e.stderr_output)
def add_system_access_policy_rule(fqdn): system = _get_system_by_FQDN(fqdn) if not system.can_edit_policy(identity.current.user): raise Forbidden403('Cannot edit system policy') if system.custom_access_policy: policy = system.custom_access_policy else: policy = system.custom_access_policy = SystemAccessPolicy() rule = read_json_request(request) if rule['user']: user = User.by_user_name(rule['user']) if not user: raise BadRequest400("User '%s' does not exist" % rule['user']) else: user = None if rule['group']: try: group = Group.by_name(rule['group']) except NoResultFound: raise BadRequest400("Group '%s' does not exist" % rule['group']) else: group = None try: permission = SystemPermission.from_string(rule['permission']) except ValueError: raise BadRequest400 new_rule = policy.add_rule(user=user, group=group, everybody=rule['everybody'], permission=permission) system.record_activity(user=identity.current.user, service=u'HTTP', field=u'Access Policy Rule', action=u'Added', new=repr(new_rule)) return '', 204
def create_group(permissions=None, group_name=None, display_name=None, owner=None, ldap=False, root_password=None): # tg_group.group_name column is VARCHAR(16) if group_name is None: group_name = unique_name(u'group%s') assert len(group_name) <= 16 group = Group.lazy_create(group_name=group_name) group.root_password = root_password if display_name is None: group.display_name = u'Group %s' % group_name else: group.display_name = display_name group.ldap = ldap if ldap: assert owner is None, 'LDAP groups cannot have owners' if owner: add_owner_to_group(owner, group) else: group_owner = create_user(user_name=unique_name(u'group_owner_%s')) add_owner_to_group(group_owner, group) if permissions: group.permissions.extend( Permission.by_name(name) for name in permissions) return group
def test_refresh_ldap_group_membership(self): with session.begin(): group = Group(group_name=u'alp', display_name=u'Australian Labor Party', membership_type=GroupMembershipType.ldap) old_member = data_setup.create_user(user_name=u'krudd') group.add_member(old_member) run_command('refresh_ldap.py', 'beaker-refresh-ldap') with session.begin(): session.expire_all() self.assertEquals(group.users, [User.by_user_name(u'jgillard')]) # second time is a no-op run_command('refresh_ldap.py', 'beaker-refresh-ldap') with session.begin(): session.expire_all() self.assertEquals(group.users, [User.by_user_name(u'jgillard')])
def process_xmljob(self, xmljob, user, ignore_missing_tasks=False): # We start with the assumption that the owner == 'submitting user', until # we see otherwise. submitter = user if user.rootpw_expired: raise BX( _('Your root password has expired, please change or clear it in order to submit jobs.' )) owner_name = xmljob.get_xml_attr('user', unicode, None) if owner_name: owner = User.by_user_name(owner_name) if owner is None: raise ValueError('%s is not a valid user name' % owner_name) if not submitter.is_delegate_for(owner): raise ValueError( '%s is not a valid submission delegate for %s' % (submitter, owner)) else: owner = user group_name = xmljob.get_xml_attr('group', unicode, None) group = None if group_name: try: group = Group.by_name(group_name) except NoResultFound, e: raise ValueError('%s is not a valid group' % group_name) if group not in owner.groups: raise BX( _(u'User %s is not a member of group %s' % (owner.user_name, group.group_name)))
def create_group(permissions=None, group_name=None, display_name=None, owner=None, ldap=False, root_password=None): # tg_group.group_name column is VARCHAR(16) if group_name is None: group_name = unique_name(u'group%s') assert len(group_name) <= 16 group = Group.lazy_create(group_name=group_name) group.root_password = root_password if display_name is None: group.display_name = u'Group %s' % group_name else: group.display_name = display_name group.ldap = ldap if ldap: assert owner is None, 'LDAP groups cannot have owners' if owner: add_owner_to_group(owner, group) else: group_owner = create_user(user_name=unique_name(u'group_owner_%s')) add_owner_to_group(group_owner, group) if permissions: group.permissions.extend(Permission.by_name(name) for name in permissions) return group
def create_admin(user_name=None, **kwargs): if user_name is None: user_name = unique_name(u'admin%s') user = create_user(user_name=user_name, **kwargs) group = Group.by_name(u'admin') group.add_member(user, service=u'testdata') return user
def test_remove_self_admin_group(self): with session.begin(): user = data_setup.create_admin(password='******') b = self.browser login(b, user=user.user_name, password='******') # admin should be in groups/mine b.get(get_server_base() + 'groups/mine') b.find_element_by_link_text('admin').click() # remove self b.find_element_by_xpath('//td/a[text()="Remove (-)" and ../preceding-sibling::td[2]/text()="%s"]' % user.user_name).click() # admin should not be in groups/mine b.get(get_server_base() + 'groups/mine') self.assertTrue(not is_text_present(b, 'admin')) logout(b) # login as admin login(b) group = Group.by_name('admin') group_users = group.users # remove all other users from 'admin' b.get(get_server_base() + 'groups/edit?group_id=1') for usr in group_users: if usr.user_id != 1: b.find_element_by_xpath('//td/a[text()="Remove (-)" and ../preceding-sibling::td[2]/text()="%s"]' % usr.user_name).click() # attempt to remove admin user b.find_element_by_xpath('//a[@href="removeUser?group_id=1&id=1"]').click() self.assert_('Cannot remove member' in b.find_element_by_class_name('flash').text)
def test_group_modify_group_name(self): group_name = 'mynewgroup' out = run_client(['bkr', 'group-modify', '--group-name', group_name, self.group.group_name], config = self.client_config) with session.begin(): session.refresh(self.group) group = Group.by_name(group_name) self.assertEquals(group.group_name, group_name) self.assertEquals(group.activity[-1].action, u'Changed') self.assertEquals(group.activity[-1].field_name, u'Name') self.assertEquals(group.activity[-1].user.user_id, self.user.user_id) self.assertEquals(group.activity[-1].new_value, group_name) self.assertEquals(group.activity[-1].service, u'XMLRPC') try: out = run_client(['bkr', 'group-modify', '--group-name', 'areallylonggroupname'*20, self.group.group_name], config = self.client_config) self.fail('Must fail or die') except ClientError,e: max_length = Group.group_name.property.columns[0].type.length self.assertRegexpMatches(e.stderr_output, 'Enter a value (less|not more) than %r characters long' % max_length)
def test_group_modify_add_member(self): with session.begin(): user = data_setup.create_user() out = run_client(['bkr', 'group-modify', '--add-member', user.user_name, self.group.group_name], config = self.client_config) with session.begin(): session.refresh(self.group) group = Group.by_name(self.group.group_name) self.assert_(user.user_name in [u.user_name for u in group.users]) self.check_notification(user, group, action='Added') try: out = run_client(['bkr', 'group-modify', '--add-member', 'idontexist', self.group.group_name], config = self.client_config) self.fail('Must fail or die') except ClientError, e: self.assert_('User does not exist' in e.stderr_output, e.stderr_output)
def test_group_modify_group_name(self): group_name = u'mynewgroup' out = run_client(['bkr', 'group-modify', '--group-name', group_name, self.group.group_name], config = self.client_config) with session.begin(): session.refresh(self.group) group = Group.by_name(group_name) self.assertEquals(group.group_name, group_name) self.assertEquals(group.activity[-1].action, u'Changed') self.assertEquals(group.activity[-1].field_name, u'Name') self.assertEquals(group.activity[-1].user.user_id, self.user.user_id) self.assertEquals(group.activity[-1].new_value, group_name) self.assertEquals(group.activity[-1].service, u'HTTP') try: out = run_client(['bkr', 'group-modify', '--group-name', 'areallylonggroupname'*20, self.group.group_name], config = self.client_config) self.fail('Must fail or die') except ClientError,e: self.assertIn( 'Group name must be not more than 255 characters long', e.stderr_output)
def test_group_modify_group_name(self): group_name = u'mynewgroup' out = run_client([ 'bkr', 'group-modify', '--group-name', group_name, self.group.group_name ], config=self.client_config) with session.begin(): session.refresh(self.group) group = Group.by_name(group_name) self.assertEquals(group.group_name, group_name) self.assertEquals(group.activity[-1].action, u'Changed') self.assertEquals(group.activity[-1].field_name, u'Name') self.assertEquals(group.activity[-1].user.user_id, self.user.user_id) self.assertEquals(group.activity[-1].new_value, group_name) self.assertEquals(group.activity[-1].service, u'HTTP') try: out = run_client([ 'bkr', 'group-modify', '--group-name', 'areallylonggroupname' * 20, self.group.group_name ], config=self.client_config) self.fail('Must fail or die') except ClientError, e: self.assertIn( 'Group name must be not more than 255 characters long', e.stderr_output)
def test_create_new_group(self): b = self.browser login(b, user=self.user.user_name, password='******') b.get(get_server_base() + 'groups/mine') b.find_element_by_link_text('Add').click() b.find_element_by_xpath('//input[@id="Group_display_name"]'). \ send_keys('Group FBZ') b.find_element_by_xpath('//input[@id="Group_group_name"]'). \ send_keys('FBZ') b.find_element_by_xpath('//input[@id="Group_root_password"]'). \ send_keys('blapppy7') b.find_element_by_id('Group').submit() b.find_element_by_xpath('//title[text()="My Groups"]') b.find_element_by_link_text('FBZ').click() with session.begin(): group = Group.by_name(u'FBZ') self.assertEquals(group.display_name, u'Group FBZ') self.assert_(group.has_owner(self.user)) self.assertEquals(group.activity[-1].action, u'Added') self.assertEquals(group.activity[-1].field_name, u'Owner') self.assertEquals(group.activity[-1].new_value, self.user.user_name) self.assertEquals(group.activity[-1].service, u'WEBUI') self.assertEquals(group.activity[-2].action, u'Added') self.assertEquals(group.activity[-2].field_name, u'User') self.assertEquals(group.activity[-2].new_value, self.user.user_name) self.assertEquals(group.activity[-2].service, u'WEBUI') self.assertEquals(group.activity[-3].action, u'Created') self.assertEquals(group.activity[-3].service, u'WEBUI') self.assertEquals('blapppy7', group.root_password)
def save_user(self, **kw): user = User.by_user_name(kw['user']['text']) if user is None: flash(_(u"Invalid user %s" % kw['user']['text'])) redirect("./edit?group_id=%s" % kw['group_id']) group = Group.by_id(kw['group_id']) if not group.can_modify_membership(identity.current.user): flash(_(u'You are not an owner of group %s' % group)) redirect('../groups/mine') if user not in group.users: group.users.append(user) activity = GroupActivity(identity.current.user, u'WEBUI', u'Added', u'User', u"", user.user_name) group.activity.append(activity) mail.group_membership_notify(user, group, agent=identity.current.user, action='Added') flash(_(u"OK")) redirect("./edit?group_id=%s" % kw['group_id']) else: flash( _(u"User %s is already in Group %s" % (user.user_name, group.group_name))) redirect("./edit?group_id=%s" % kw['group_id'])
def test_refresh_ldap_group_membership(self): with session.begin(): group = Group(group_name=u'alp', display_name=u'Australian Labor Party', membership_type=GroupMembershipType.ldap) old_member = data_setup.create_user(user_name=u'krudd') group.add_member(old_member) from bkr.server.tools.refresh_ldap import refresh_ldap refresh_ldap() with session.begin(): session.expire_all() self.assertEquals(group.users, [User.by_user_name(u'jgillard')]) # second time is a no-op refresh_ldap() with session.begin(): session.expire_all() self.assertEquals(group.users, [User.by_user_name(u'jgillard')])
def get_groups(): """ Returns a pageable JSON collection of Beaker groups. The following fields are supported for filtering and sorting: ``id`` ID of the group. ``group_name`` Symbolic name of the group. ``display_name`` Human-friendly display name of the group. ``created`` Timestamp at which the group was created. """ query = Group.query.order_by(Group.group_name) # Eager load all group members as an optimisation to avoid N database roundtrips query = query.options(joinedload('user_group_assocs'), joinedload('user_group_assocs.user')) json_result = json_collection( query, columns={ 'id': Group.id, 'group_name': Group.group_name, 'display_name': Group.display_name, 'created': Group.created, 'member.user_name': (Group.dyn_users, User.user_name), 'member.display_name': (Group.dyn_users, User.display_name), 'member.email_address': (Group.dyn_users, User.email_address), 'owner.user_name': (Group.dyn_owners, User.user_name), 'owner.display_name': (Group.dyn_owners, User.display_name), 'owner.email_address': (Group.dyn_owners, User.email_address), }) # Need to call .to_json() on the groups because the default __json__ # representation is the minimal cut-down one, we want the complete # representation here (including members and owners etc). json_result['entries'] = [g.to_json() for g in json_result['entries']] if request_wants_json(): return jsonify(json_result) if identity.current.user: grid_add_view_type = 'GroupCreateModal', grid_add_view_options = { 'can_create_ldap': Group.can_create_ldap(identity.current.user), } else: grid_add_view_type = 'null' grid_add_view_options = {} return render_tg_template( 'bkr.server.templates.backgrid', { 'title': u'Groups', 'grid_collection_type': 'Groups', 'grid_collection_data': json_result, 'grid_collection_url': request.path, 'grid_view_type': 'GroupsView', 'grid_add_label': 'Create', 'grid_add_view_type': grid_add_view_type, 'grid_add_view_options': grid_add_view_options, })
def from_csv(cls, user, data, log): """ Import data from CSV file into user.groups """ if 'group' in data and data['group']: try: group = Group.by_name(data['group']) except InvalidRequestError: group = Group(group_name=data['group'], display_name=data['group']) session.add(group) deleted = False if 'deleted' in data: deleted = smart_bool(data['deleted']) if deleted: if group in user.groups: group.remove_member(user, service=u'CSV', agent=identity.current.user) else: if group not in user.groups: group.add_member(user, service=u'CSV', agent=identity.current.user) else: log.append("%s: group can't be empty!" % user) return False return True
def from_csv(cls,user,data,log): """ Import data from CSV file into user.groups """ if 'group' in data and data['group']: try: group = Group.by_name(data['group']) except InvalidRequestError: group = Group(group_name=data['group'], display_name=data['group']) session.add(group) deleted = False if 'deleted' in data: deleted = smart_bool(data['deleted']) if deleted: if group in user.groups: group.record_activity(user=identity.current.user, service=u'CSV', field=u'User', action=u'Removed', old=user) user.groups.remove(group) else: if group not in user.groups: group.record_activity(user=identity.current.user, service=u'CSV', field=u'User', action=u'Added', new=user) user.groups.append(group) else: log.append("%s: group can't be empty!" % user) return False return True