def user_update(next_auth, context, data_dict):
'''Ensure LDAP users cannot be edited, and name clash with ldap users
:param next_auth: the next auth function in the chain
:param context:
:param data_dict:
'''
user_obj = None
try:
user_obj = auth.get_user_object(context, data_dict)
except toolkit.ObjectNotFound:
pass
# Prevent edition of LDAP users (if so configured)
if toolkit.config[
u'ckanext.ldap.prevent_edits'] and user_obj and LdapUser.by_user_id(
user_obj.id):
return {
u'success': False,
u'msg': toolkit._(u'Cannot edit LDAP users')
}
# Prevent name clashes!
if u'name' in data_dict and user_obj and user_obj.name != data_dict[
u'name']:
ldap_user_dict = find_ldap_user(data_dict[u'name'])
if ldap_user_dict:
if len(user_obj.ldap_user) == 0 or user_obj.ldap_user[0].ldap_id != \
ldap_user_dict[u'ldap_id']:
return {
u'success': False,
u'msg':
toolkit._(u'An LDAP user by that name already exists')
}
return next_auth(context, data_dict)
def _ckan_user_exists(user_name):
"""Check if a CKAN user name exists, and if that user is an LDAP user.
@param user_name: User name to check
@return: Dictionary defining 'exists' and 'ldap'.
"""
try:
user = p.toolkit.get_action('user_show')(data_dict = {'id': user_name})
except p.toolkit.ObjectNotFound:
return {'exists': False, 'is_ldap': False}
ldap_user = LdapUser.by_user_id(user['id'])
if ldap_user:
return {'exists': True, 'is_ldap': True}
else:
return {'exists': True, 'is_ldap': False}
def _ckan_user_exists(user_name):
"""Check if a CKAN user name exists, and if that user is an LDAP user.
@param user_name: User name to check
@return: Dictionary defining 'exists' and 'ldap'.
"""
try:
user = p.toolkit.get_action('user_show')(data_dict = {'id': user_name})
except p.toolkit.ObjectNotFound:
return {'exists': False, 'is_ldap': False}
ldap_user = LdapUser.by_user_id(user['id'])
if ldap_user:
return {'exists': True, 'is_ldap': True}
else:
return {'exists': True, 'is_ldap': False}
def ckan_user_exists(user_name):
'''Check if a CKAN user name exists, and if that user is an LDAP user.
:param user_name: User name to check
:returns: Dictionary defining 'exists' and 'ldap'.
'''
try:
user = get_user_dict(user_name)
except toolkit.ObjectNotFound:
return {u'exists': False, u'is_ldap': False}
ldap_user = LdapUser.by_user_id(user[u'id'])
if ldap_user:
return {u'exists': True, u'is_ldap': True}
else:
return {u'exists': True, u'is_ldap': False}
def user_update(context, data_dict):
"""Ensure LDAP users cannot be edited, and name clash with ldap users"""
user_obj = None
try:
user_obj = ckan.logic.auth.get_user_object(context, data_dict)
except ckan.logic.NotFound:
pass
# Prevent edition of LDAP users (if so configured)
if config['ldap.prevent_edits'] and user_obj and LdapUser.by_user_id(user_obj.id):
return {'success': False, 'msg': _('Cannot edit LDAP users')}
# Prevent name clashes!
if 'name' in data_dict and user_obj and user_obj.name != data_dict['name']:
ldap_user_dict = _find_ldap_user(data_dict['name'])
if ldap_user_dict:
if len(user_obj.ldap_user) == 0 or user_obj.ldap_user[0].ldap_id != ldap_user_dict['ldap_id']:
return {'success': False, 'msg': _('An LDAP user by that name already exists')}
return ckan_user_update(context, data_dict)
