def update_view(self, model, view):
settings = self.request.registry.settings
ldap = False
if 'pyvac.use_ldap' in settings:
ldap = asbool(settings.get('pyvac.use_ldap'))
if view['errors']:
self.request.session.flash('error;%s' % ','.join(view['errors']))
view['groups'] = Group.all(self.session, order_by=Group.name)
view['managers'] = User.by_role(self.session, 'manager')
if ldap:
ldap = LdapCache()
login = self.get_model().login
if login:
view['ldap_user'] = ldap.search_user_by_login(login)
else:
view['ldap_user'] = {}
view['managers'] = ldap.list_manager()
view['units'] = ldap.list_ou()
view['countries'] = Countries.all(self.session,
order_by=Countries.name)
# generate a random password for the user, he must change it later
password = randomstring()
log.info('temporary password generated: %s' % password)
view['password'] = password
view['view_name'] = self.__class__.__name__.lower()
view['myself'] = (self.user.id == self.get_model().id)
def render(self):
settings = self.request.registry.settings
use_ldap = False
if 'pyvac.use_ldap' in settings:
use_ldap = asbool(settings.get('pyvac.use_ldap'))
user_attr = {}
users_teams = {}
active_users = []
if use_ldap:
# synchronise user groups/roles
User.sync_ldap_info(self.session)
ldap = LdapCache()
user_attr = ldap.get_users_units()
users_teams = {}
for team, members in ldap.list_teams().iteritems():
for member in members:
users_teams.setdefault(member, []).append(team)
active_users = ldap.list_active_users()
return {
u'user_count': User.find(self.session, count=True),
u'users': User.find(self.session, order_by=[User.dn]),
'use_ldap': use_ldap,
'ldap_info': user_attr,
'users_teams': users_teams,
'active_users': active_users,
}
def save_model(self, account):
super(Edit, self).update_model(account)
self.set_country(account)
self.append_groups(account)
settings = self.request.registry.settings
ldap = False
if 'pyvac.use_ldap' in settings:
ldap = asbool(settings.get('pyvac.use_ldap'))
if ldap:
# update in ldap
r = self.request
password = None
if 'user.password' in r.params and r.params['user.password']:
password = [hashPassword(r.params['user.password'])]
unit = None
if 'unit' in r.params and r.params['unit']:
unit = r.params['unit']
ldap = LdapCache()
ldap.update_user(account, password=password, unit=unit)
if self.user and not self.user.is_admin:
self.redirect_route = 'list_request'
def render(self):
settings = self.request.registry.settings
use_ldap = False
if 'pyvac.use_ldap' in settings:
use_ldap = asbool(settings.get('pyvac.use_ldap'))
user_attr = {}
users_teams = {}
if use_ldap:
# synchronise user groups/roles
User.sync_ldap_info(self.session)
ldap = LdapCache()
user_attr = ldap.get_users_units()
users_teams = {}
for team, members in ldap.list_teams().iteritems():
for member in members:
users_teams.setdefault(member, []).append(team)
return {u'user_count': User.find(self.session, count=True),
u'users': User.find(self.session, order_by=[User.dn]),
'use_ldap': use_ldap,
'ldap_info': user_attr,
'users_teams': users_teams,
}
def sync_ldap_info(cls, session):
"""
Resynchronize ldap information in database, for changes in role/units
"""
ldap = LdapCache()
managers = ldap.list_manager()
admins = ldap.list_admin()
for user in User.find(session, order_by=[User.dn]):
group = u'user'
# if it's a manager members should have him associated as such
if user.dn in managers:
group = u'manager'
# if it's an admin he should be in admin group
if user.dn in admins:
group = u'admin'
user.role = group
# handle update of groups if it has changed
exists = []
group_ids = [Group.by_name(session, group).id]
for ugroup in user.groups:
exists.append(ugroup.id)
if ugroup.id not in group_ids:
# keep sudoer group info
if ugroup.name != 'sudoer':
user.groups.remove(ugroup)
for group_id in group_ids:
if group_id not in exists:
user.groups.append(Group.by_id(session, group_id))
def delete(self, account):
# cancel all associated requests for this user
requests = account.requests
for req in requests:
req.update_status('CANCELED')
# delete all request history entries for this user
# otherwise it will raise a integrity error
for entry in req.history:
self.session.delete(entry)
self.session.flush()
# cancel all request history entries in case there are entries in
# this table but without an existing request
histo_reqs = RequestHistory.by_user(self.session, account.id)
for entry in histo_reqs:
self.session.delete(entry)
self.session.flush()
# cancel associated password recovery attempts for this user
for item in account.recovery:
self.session.delete(item)
super(Delete, self).delete(account)
if account.ldap_user:
# delete in ldap
ldap = LdapCache()
try:
ldap.delete_user(account.dn)
except IndexError:
log.info('User %s seems already deleted in ldap' % account.dn)
def render(self):
from datetime import datetime
today = datetime.now()
end_date = datetime(today.year, 10, 31)
previsions = Request.get_previsions(self.session, end_date)
users_per_id = dict([(user.id, user)
for user in User.find(self.session)])
settings = self.request.registry.settings
use_ldap = False
if 'pyvac.use_ldap' in settings:
use_ldap = asbool(settings.get('pyvac.use_ldap'))
user_attr = {}
users_teams = {}
if use_ldap:
# synchronise user groups/roles
User.sync_ldap_info(self.session)
ldap = LdapCache()
user_attr = ldap.get_users_units()
users_teams = {}
for team, members in list(ldap.list_teams().items()):
for member in members:
users_teams.setdefault(member, []).append(team)
return {'users_per_id': users_per_id,
'use_ldap': use_ldap,
'ldap_info': user_attr,
'users_teams': users_teams,
'previsions': previsions,
'today': today,
'end_date': end_date,
}
def render(self):
# synchronise user groups/roles
User.sync_ldap_info(self.session)
ldap = LdapCache()
users_entity = {}
for team, members in list(ldap.list_teams().items()):
for member in members:
users_entity.setdefault(member, []).append(team)
# keep only managed users for managers
# use all users for admin
overviews = {}
if self.user.is_admin or self.user.has_feature('squad_overview_full'):
for _, target_squad in list(self.squad_leaders.items()):
squad_stats = self.get_squad_stats(target_squad, users_entity)
overviews.update({target_squad: squad_stats})
elif self.user.is_manager:
# retrieve logged squad leader
target_squad = self.squad_leaders[self.user.login]
squad_stats = self.get_squad_stats(target_squad, users_entity)
overviews = {target_squad: squad_stats}
else:
return HTTPFound(location=route_url('home', self.request))
return {'users_entity': users_entity, 'overviews': overviews}
def get_data(self, session, country):
now = datetime.now()
th_trial, th_good = self.trial_thresholds[country]
ldap = LdapCache()
arrivals = ldap.list_arrivals_country(country)
matched = []
for user_dn, dt in list(arrivals.items()):
if not dt:
continue
dt_trial_threshold = dt + relativedelta(months=th_trial)
dt_good = dt + relativedelta(months=th_good)
if (now > dt_trial_threshold) and not (now > dt_good):
matched.append((user_dn, dt))
datas = []
for user_dn, dt in matched:
user = User.by_dn(session, user_dn)
if not user:
self.log.info('user not found: %s' % user_dn)
continue
if user.country not in self.countries:
continue
data = {'user_id': user.id}
param = json.dumps(OrderedDict(data))
rem = CoreReminder.by_type_param(session, 'trial_threshold', param)
if not rem:
data['duration'] = th_trial
data['subject'] = self.subject
datas.append(data)
return datas
def render(self):
# synchronise user groups/roles
User.sync_ldap_info(self.session)
ldap = LdapCache()
users_entity = {}
for chapter, members in ldap.list_chapters().iteritems():
for member in members:
users_entity.setdefault(member, []).append(chapter)
# keep only managed users for managers
# use all users for admin
overviews = {}
if self.user.is_admin or self.user.has_feature(
'chapter_overview_full'): # noqa
for _, target_chapter in self.chapter_leaders.items():
chapter_stats = self.get_chapter_stats(target_chapter,
users_entity) # noqa
overviews.update({target_chapter: chapter_stats})
elif self.user.is_manager:
# retrieve logged chapter leader
target_chapter = self.chapter_leaders[self.user.login]
chapter_stats = self.get_chapter_stats(target_chapter,
users_entity) # noqa
overviews = {target_chapter: chapter_stats}
else:
return HTTPFound(location=route_url('home', self.request))
return {'users_entity': users_entity, 'overviews': overviews}
def render(self):
from datetime import datetime
today = datetime.now()
end_date = datetime(today.year, 10, 31)
previsions = Request.get_previsions(self.session, end_date)
users_per_id = dict([(user.id, user)
for user in User.find(self.session)])
settings = self.request.registry.settings
use_ldap = False
if 'pyvac.use_ldap' in settings:
use_ldap = asbool(settings.get('pyvac.use_ldap'))
user_attr = {}
users_teams = {}
if use_ldap:
# synchronise user groups/roles
User.sync_ldap_info(self.session)
ldap = LdapCache()
user_attr = ldap.get_users_units()
users_teams = {}
for team, members in ldap.list_teams().iteritems():
for member in members:
users_teams.setdefault(member, []).append(team)
return {'users_per_id': users_per_id,
'use_ldap': use_ldap,
'ldap_info': user_attr,
'users_teams': users_teams,
'previsions': previsions,
'today': today,
'end_date': end_date,
}
def manager_name(self):
""" Get manager name for a user """
if not self.ldap_user:
return self.manager.name
else:
ldap = LdapCache()
user_data = ldap.search_user_by_dn(self.manager_dn)
return user_data['login']
def manager_mail(self):
""" Get manager email for a user """
if not self.ldap_user:
return self.manager.email
else:
ldap = LdapCache()
user_data = ldap.search_user_by_dn(self.manager_dn)
return user_data['email']
def get_admin(self, session):
"""
Get admin for country of user
"""
if not self.ldap_user:
return self.get_admin_by_country(session, self.country)
else:
# retrieve from ldap
ldap = LdapCache()
return ldap.get_hr_by_country(self.country)
def delete(self, account):
# cancel all associated requests for this user
requests = Request.by_user(self.session, account)
for req in requests:
req.update_status('CANCELED')
super(Delete, self).delete(account)
if account.ldap_user:
# delete in ldap
ldap = LdapCache()
ldap.delete_user(account.dn)
def by_ldap_credentials(cls, session, login, password):
"""
Get a user using ldap credentials
"""
ldap = LdapCache()
user_data = ldap.authenticate(login, password)
if user_data is not None:
login = unicode(user_data['login'])
user = User.by_login(session, login)
# check what type of user it is
group = u'user'
# if it's a manager members should have him associated as such
what = '(manager=%s)' % user_data['dn']
if len(ldap._search(what, None)) > 0:
group = u'manager'
# if it's an admin he should be in admin group
what = '(member=%s)' % user_data['dn']
if len(ldap._search_admin(what, None)) > 0:
group = u'admin'
log.info('group found for %s: %s' % (login, group))
# create user if needed
if not user:
user = User.create_from_ldap(session, user_data, group)
else:
# update user with ldap informations in case it changed
user.email = user_data['email'].decode('utf-8')
user.firstname = user_data['firstname'].decode('utf-8')
user.lastname = user_data['lastname'].decode('utf-8')
user.manager_dn = user_data['manager_dn'].decode('utf-8')
user.dn = user_data['dn'].decode('utf-8')
user.role = group
if 'ou' in user_data:
user.ou = user_data['ou'].decode('utf-8')
if 'uid' in user_data:
user.uid = user_data['uid'].decode('utf-8')
# handle update of groups if it has changed
exists = []
group_ids = [Group.by_name(session, group).id]
for ugroup in user.groups:
exists.append(ugroup.id)
if ugroup.id not in group_ids:
# keep sudoer group info
if ugroup.name != 'sudoer':
user.groups.remove(ugroup)
for group_id in group_ids:
if group_id not in exists:
user.groups.append(Group.by_id(session, group_id))
return user
def main(argv=sys.argv):
if len(argv) != 2:
usage(argv)
config_uri = argv[1]
setup_logging(config_uri)
settings = get_appsettings(config_uri)
LdapCache.configure(settings['pyvac.ldap.yaml'])
ldap = LdapCache()
engine = create_engine('pyvac', settings, scoped=False)
populate(engine, ldap)
dispose_engine('pyvac')
def configure_workers(sender=None, conf=None, **kwargs):
# The Worker (child process of the celeryd) must have
# it's own SQL Connection (A unix forking operation preserve fd)
with open(sys.argv[1]) as fdesc:
conf = yaml.load(fdesc, YAMLLoader)
# XXX Register the database
create_engine('pyvac', conf.get('databases').get('pyvac'), scoped=True)
if conf.get('ldap'):
LdapCache.configure(conf.get('ldap').get('conf'))
SmtpCache.configure(conf.get('smtp'))
# initialize configuration singleton
ConfCache.configure(conf)
def main(argv=sys.argv):
if len(argv) != 2:
usage(argv)
config_uri = argv[1]
setup_logging(config_uri)
settings = get_appsettings(config_uri)
LdapCache.configure(settings['pyvac.ldap.yaml'])
ldap = LdapCache()
engine = create_engine('pyvac', settings, scoped=False)
populate(engine, ldap)
dispose_engine('pyvac')
def delete(self, account):
# cancel all associated requests for this user
requests = Request.by_user(self.session, account)
for req in requests:
req.update_status('CANCELED')
super(Delete, self).delete(account)
if account.ldap_user:
# delete in ldap
ldap = LdapCache()
try:
ldap.delete_user(account.dn)
except IndexError:
log.info('User %s seems already deleted in ldap' % account.dn)
def save_model(self, account):
super(Create, self).save_model(account)
self.set_country(account)
self.append_groups(account)
self.assign_pools(account)
if 'disable_rtt' in self.request.params:
account.add_feature('disable_rtt', save=True)
else:
account.del_feature('disable_rtt', save=True)
settings = self.request.registry.settings
ldap = False
if 'pyvac.use_ldap' in settings:
ldap = asbool(settings.get('pyvac.use_ldap'))
if ldap:
# create in ldap
r = self.request
ldap = LdapCache()
if 'ldappassword' not in r.params:
raise MandatoryLdapPassword()
uid = None
if 'user.uid' in r.params and r.params['user.uid']:
uid = r.params['user.uid']
try:
new_dn = ldap.add_user(account,
password=r.params['ldappassword'],
unit=r.params.get('unit'),
uid=uid)
msg = ('User %s created in pyvac and ldap' % account.login)
self.request.session.flash('info;%s' % msg)
except ALREADY_EXISTS:
# already exists in ldap, only retrieve the dn
new_dn = 'cn=%s,c=%s,%s' % (account.login, account.country,
ldap._base)
msg = (
'User %s already exists in ldap, created only in pyvac' %
account.login)
log.info(msg)
self.request.session.flash('info;%s' % msg)
# update dn
account.dn = new_dn
if self.user and not self.user.is_admin:
self.redirect_route = 'list_request'
def save_model(self, account):
super(Edit, self).update_model(account)
self.set_country(account)
self.append_groups(account)
settings = self.request.registry.settings
ldap = False
if 'pyvac.use_ldap' in settings:
ldap = asbool(settings.get('pyvac.use_ldap'))
if ldap:
# update in ldap
r = self.request
password = None
if 'user.password' in r.params and r.params['user.password']:
password = [hashPassword(r.params['user.password'])]
unit = None
if 'unit' in r.params and r.params['unit']:
unit = r.params['unit']
ldap = LdapCache()
ldap.update_user(account, password=password, unit=unit)
# update teams
uteams = {}
for team, members in ldap.list_teams().iteritems():
for member in members:
uteams.setdefault(member, []).append(team)
user_teams = uteams.get(account.dn, [])
# add to new teams
for team in r.params.getall('teams'):
members = ldap.get_team_members(team)
if account.dn not in members:
members.append(account.dn.encode('utf-8'))
ldap.update_team(team, members)
# remove from old teams
for team in user_teams:
if team not in r.params.getall('teams'):
members = ldap.get_team_members(team)
if account.dn in members:
members.remove(account.dn)
ldap.update_team(team, members)
if self.user and not self.user.is_admin:
self.redirect_route = 'list_request'
def render(self):
passhash = self.request.matchdict["passhash"]
entry = PasswordRecovery.by_hash(self.session, passhash)
if not entry:
return HTTPFound(location=route_url("login", self.request))
if entry.expired:
msg = "This password recovery request have expired."
self.request.session.flash("error;%s" % msg)
self.session.delete(entry)
else:
errors = []
if "form.submitted" in self.request.params:
r = self.request
settings = self.request.registry.settings
ldap = False
if "pyvac.use_ldap" in settings:
ldap = asbool(settings.get("pyvac.use_ldap"))
if not len(r.params["user.password"]):
errors.append(_(u"password cannot be empty"))
if r.params["user.password"] != r.params["confirm_password"]:
errors.append(_(u"passwords do not match"))
if errors:
self.request.session.flash("error;%s" % ",".join(errors))
if not errors:
# change user password
if ldap:
# update in ldap
password = [hashPassword(r.params["user.password"])]
ldap = LdapCache()
ldap.update_user(entry.user, password=password)
else:
# update locally
entry.user.password = r.params["user.password"]
msg = "Password successfully changed"
self.request.session.flash("info;%s" % msg)
self.session.delete(entry)
return HTTPFound(location=route_url("login", self.request))
return {"user": entry.user}
def render(self):
passhash = self.request.matchdict['passhash']
entry = PasswordRecovery.by_hash(self.session, passhash)
if not entry:
return HTTPFound(location=route_url('login', self.request))
if entry.expired:
msg = 'This password recovery request have expired.'
self.request.session.flash('error;%s' % msg)
self.session.delete(entry)
else:
errors = []
if 'form.submitted' in self.request.params:
r = self.request
settings = self.request.registry.settings
ldap = False
if 'pyvac.use_ldap' in settings:
ldap = asbool(settings.get('pyvac.use_ldap'))
if not len(r.params['user.password']):
errors.append(_(u'password cannot be empty'))
if r.params['user.password'] != r.params['confirm_password']:
errors.append(_(u'passwords do not match'))
if errors:
self.request.session.flash('error;%s' % ','.join(errors))
if not errors:
# change user password
if ldap:
# update in ldap
password = [hashPassword(r.params['user.password'])]
ldap = LdapCache()
ldap.update_user(entry.user, password=password)
else:
# update locally
entry.user.password = r.params['user.password']
msg = 'Password successfully changed'
self.request.session.flash('info;%s' % msg)
self.session.delete(entry)
return HTTPFound(location=route_url('login', self.request))
return {'user': entry.user}
def render(self):
passhash = self.request.matchdict['passhash']
entry = PasswordRecovery.by_hash(self.session, passhash)
if not entry:
return HTTPFound(location=route_url('login', self.request))
if entry.expired:
msg = 'This password recovery request have expired.'
self.request.session.flash('error;%s' % msg)
self.session.delete(entry)
else:
errors = []
if 'form.submitted' in self.request.params:
r = self.request
settings = self.request.registry.settings
ldap = False
if 'pyvac.use_ldap' in settings:
ldap = asbool(settings.get('pyvac.use_ldap'))
if not len(r.params['user.password']):
errors.append(_(u'password cannot be empty'))
if r.params['user.password'] != r.params['confirm_password']:
errors.append(_(u'passwords do not match'))
if errors:
self.request.session.flash('error;%s' % ','.join(errors))
if not errors:
# change user password
if ldap:
# update in ldap
password = [hashPassword(r.params['user.password'])]
ldap = LdapCache()
ldap.update_user(entry.user, password=password)
else:
# update locally
entry.user.password = r.params['user.password']
msg = 'Password successfully changed'
self.request.session.flash('info;%s' % msg)
self.session.delete(entry)
return HTTPFound(location=route_url('login', self.request))
return {'user': entry.user}
def render(self):
settings = self.request.registry.settings
use_ldap = False
if 'pyvac.use_ldap' in settings:
use_ldap = asbool(settings.get('pyvac.use_ldap'))
user_attr = {}
if use_ldap:
# synchronise user groups/roles
User.sync_ldap_info(self.session)
ldap = LdapCache()
user_attr = ldap.get_users_units()
return {u'user_count': User.find(self.session, count=True),
u'users': User.find(self.session, order_by=[User.dn]),
'use_ldap': use_ldap,
'ldap_info': user_attr,
}
def update_view(self, model, view):
settings = self.request.registry.settings
ldap = False
if 'pyvac.use_ldap' in settings:
ldap = asbool(settings.get('pyvac.use_ldap'))
if view['errors']:
self.request.session.flash('error;%s' % ','.join(view['errors']))
view['groups'] = Group.all(self.session, order_by=Group.name)
view['managers'] = User.by_role(self.session, 'manager')
if ldap:
ldap = LdapCache()
login = self.get_model().login
view['ldap_user'] = {}
if login:
try:
view['ldap_user'] = ldap.search_user_by_login(login)
except UnknownLdapUser:
msg = 'Unknown ldap user %s' % login
self.request.session.flash('error;%s' % msg)
view['managers'] = ldap.list_manager()
view['units'] = ldap.list_ou()
view['teams'] = ldap.list_teams()
uteams = {}
for team, members in view['teams'].iteritems():
for member in members:
uteams.setdefault(member, []).append(team)
view['user_teams'] = uteams.get(view['ldap_user'].get('dn'), [])
view['countries'] = Countries.all(self.session,
order_by=Countries.name)
# generate a random password for the user, he must change it later
password = randomstring()
log.debug('temporary password generated: %s' % password)
view['password'] = password
view['view_name'] = self.__class__.__name__.lower()
view['myself'] = (self.user.id == self.get_model().id)
def save_model(self, account):
super(Create, self).save_model(account)
self.set_country(account)
self.append_groups(account)
settings = self.request.registry.settings
ldap = False
if 'pyvac.use_ldap' in settings:
ldap = asbool(settings.get('pyvac.use_ldap'))
if ldap:
# create in ldap
r = self.request
ldap = LdapCache()
if 'ldappassword' not in r.params:
raise MandatoryLdapPassword()
new_dn = ldap.add_user(account, password=r.params['ldappassword'],
unit=r.params['unit'])
# update dn
account.dn = new_dn
if self.user and not self.user.is_admin:
self.redirect_route = 'list_request'
def update_view(self, model, view):
settings = self.request.registry.settings
ldap = False
if 'pyvac.use_ldap' in settings:
ldap = asbool(settings.get('pyvac.use_ldap'))
if view['errors']:
self.request.session.flash('error;%s' % ','.join(view['errors']))
view['groups'] = Group.all(self.session, order_by=Group.name)
view['managers'] = User.by_role(self.session, 'manager')
view['countries'] = Countries.all(self.session,
order_by=Countries.name)
if ldap:
ldap = LdapCache()
login = self.get_model().login
view['ldap_user'] = {}
if login:
try:
view['ldap_user'] = ldap.search_user_by_login(login)
except UnknownLdapUser:
msg = 'Unknown ldap user %s' % login
self.request.session.flash('error;%s' % msg)
view['managers'] = ldap.list_manager()
view['units'] = ldap.list_ou()
view['teams'] = ldap.list_teams()
uteams = {}
for team, members in view['teams'].iteritems():
for member in members:
uteams.setdefault(member, []).append(team)
view['user_teams'] = uteams.get(view['ldap_user'].get('dn'), [])
# generate a random password for the user, he must change it later
password = randomstring()
log.debug('temporary password generated: %s' % password)
view['password'] = password
view['view_name'] = self.__class__.__name__.lower()
view['myself'] = (self.user.id == self.get_model().id)
jpeg = view['ldap_user'].get('jpegPhoto')
if jpeg:
view['ldap_user']['photo'] = base64.b64encode(jpeg)
partial_time_tooltip = """\
This value will be used to compute how much RTT you will acquire.
Example: If you use 2/5, you will acquire 0.4 RTT instead of 1 RTT.
This has no effect on CP acquisition.
"""
view['partial_time_tooltip'] = partial_time_tooltip
def render(self):
req_list = {'requests': [], 'conflicts': {}}
requests = []
if self.user.is_admin:
country = self.user.country
requests = Request.all_for_admin_per_country(self.session, country)
# check if admin user is also a manager, in this case merge all
# requests
requests_manager = Request.by_manager(self.session, self.user)
# avoid duplicate entries
req_to_add = [
req for req in requests_manager if req not in requests
]
requests.extend(req_to_add)
elif self.user.is_super:
requests = Request.by_manager(self.session, self.user)
req_list['requests'] = requests
# always add our requests
for req in Request.by_user(self.session, self.user):
if req not in req_list['requests']:
req_list['requests'].append(req)
# split requests by past/next
today = datetime.now()
if self.user.is_admin:
# for admin, display request from 1st of month
today = today.replace(day=1)
past_req = [
req for req in req_list['requests'] if req.date_to < today
and req.status not in ['PENDING', 'ACCEPTED_MANAGER']
]
next_req = [req for req in req_list['requests'] if req not in past_req]
req_list['past'] = past_req
req_list['next'] = next_req
# only retrieve conflicts for super users
# only retrieve conflicts for next requests, not past ones
if req_list['next'] and self.user.is_super:
conflicts = {}
settings = self.request.registry.settings
use_ldap = False
if 'pyvac.use_ldap' in settings:
use_ldap = asbool(settings.get('pyvac.use_ldap'))
if use_ldap:
ldap = LdapCache()
users_teams = {}
for team, members in ldap.list_teams().iteritems():
for member in members:
users_teams.setdefault(member, []).append(team)
conflicts = self.get_conflict_by_teams(req_list['next'],
users_teams)
else:
conflicts = self.get_conflict(req_list['next'])
req_list['conflicts'] = conflicts
return req_list
def render(self):
duration = 1
def fmt_req_type(req):
label = ' %s' % req.label if req.label else ''
if duration and req.days > 1:
label = '%s (until %s)' % (label,
req.date_to.strftime('%d/%m/%Y'))
return '%s%s' % (req.type, label)
order_by = (User.country_id.asc(), User.id)
users = User.find(self.session, order_by=order_by)
users = [user for user in users if user.login not in self.ignore_users]
requests = Request.get_active(self.session)
data_off = dict([(req.user.login, fmt_req_type(req))
for req in requests])
data = {
'users': [],
}
users_teams = {}
settings = self.request.registry.settings
use_ldap = False
if 'pyvac.use_ldap' in settings:
use_ldap = asbool(settings.get('pyvac.use_ldap'))
if use_ldap:
ldap_users = {}
# synchronise user groups/roles
# User.sync_ldap_info(self.session)
ldap = LdapCache()
ldap_users = ldap.list_users()
# discard users which should be deleted
users = [user for user in users if user.dn in ldap_users]
teams = ldap.list_teams()
data['teams'] = teams.keys()
for team, members in teams.iteritems():
for member in members:
users_teams.setdefault(member, []).append(team)
for user in users:
uteams = users_teams.get(user.dn, [])
item = {
'name': user.name,
'email': user.email,
'bu': user.country,
'nickname': user.nickname or '-',
'teams': ', '.join(uteams) if uteams else '-',
}
item['vacation'] = data_off.get(user.login)
item['status'] = 'off' if item['vacation'] else 'on'
if use_ldap:
ldap_user = ldap_users[user.dn]
jpeg = ldap_user.get('jpegPhoto')
photo = None
if jpeg:
photo = base64.b64encode(jpeg)
item['photo'] = photo
item['mobile'] = ldap_user.get('mobile', '-')
data['users'].append(item)
return {'data': data}
def save_model(self, account):
super(Edit, self).update_model(account)
self.set_country(account)
self.append_groups(account)
if 'disable_rtt' in self.request.params:
account.add_feature('disable_rtt', save=True)
else:
account.del_feature('disable_rtt', save=True)
settings = self.request.registry.settings
ldap = False
if 'pyvac.use_ldap' in settings:
ldap = asbool(settings.get('pyvac.use_ldap'))
if ldap:
# update in ldap
r = self.request
password = None
if 'user.password' in r.params and r.params['user.password']:
password = [hashPassword(r.params['user.password'])]
unit = None
if 'unit' in r.params and r.params['unit']:
unit = r.params['unit']
arrival_date = None
if 'arrival_date' in r.params and r.params['arrival_date']:
# cast to datetime
arrival_date = datetime.strptime(r.params['arrival_date'],
'%d/%m/%Y')
uid = None
if 'user.uid' in r.params and r.params['user.uid']:
uid = r.params['user.uid']
if (r.params.get('remove_photo', 'no') == 'yes'):
photo = ''
else:
try:
r.params['photofile'].file.seek(0)
photo = r.params['photofile'].file.read()
except:
photo = None
if photo:
log.info('uploading photo size: %d' % len(photo))
mobile = None
if 'mobile' in r.params:
mobile = r.params['mobile']
ldap = LdapCache()
ldap.update_user(account,
password=password,
unit=unit,
arrival_date=arrival_date,
uid=uid,
photo=photo,
mobile=mobile)
# only for admins
if self.user.is_admin:
# update teams
uteams = {}
for team, members in ldap.list_teams().iteritems():
for member in members:
uteams.setdefault(member, []).append(team)
user_teams = uteams.get(account.dn, [])
# add to new teams
for team in r.params.getall('teams'):
members = ldap.get_team_members(team)
if account.dn not in members:
members.append(account.dn.encode('utf-8'))
ldap.update_team(team, members)
# remove from old teams
for team in user_teams:
if team not in r.params.getall('teams'):
members = ldap.get_team_members(team)
if account.dn in members:
members.remove(account.dn)
ldap.update_team(team, members)
# update role for user in LDAP
old_role = account.role
if 'ldap_role' in r.params:
new_role = r.params['ldap_role']
if old_role != new_role:
log.info('LDAP role changed: %s -> %s' %
(old_role, new_role))
if new_role == 'manager':
ldap.add_manager(account.dn)
elif old_role == 'manager':
ldap.remove_manager(account.dn)
if new_role == 'admin':
ldap.add_admin(account.dn)
elif old_role == 'admin':
ldap.remove_admin(account.dn)
if self.user and not self.user.is_admin:
self.redirect_route = 'list_request'
def includeme(config):
"""
Pyramid includeme file for the :class:`pyramid.config.Configurator`
"""
ldap = False
settings = config.registry.settings
if 'pyvac.celery.yaml' in settings:
configure(settings['pyvac.celery.yaml'])
if 'pyvac.use_ldap' in settings:
ldap = asbool(settings['pyvac.use_ldap'])
if ldap:
LdapCache.configure(settings['pyvac.ldap.yaml'])
# call includeme for models configuration
config.include('pyvac.models')
# call includeme for request views configuration
config.include('pyvac.views.request')
# call includeme for account views configuration
config.include('pyvac.views.account')
# call includeme for credentials views configuration
config.include('pyvac.views.credentials')
# Jinja configuration
# We don't use jinja2 filename, .html instead
config.add_renderer('.html', renderer_factory)
# helpers
config.add_subscriber(add_urlhelpers, IBeforeRender)
# i18n
config.add_translation_dirs('locale/')
config.set_locale_negotiator(locale_negotiator)
# Javascript + Media
config.add_static_view('static', 'static', cache_max_age=3600)
config.add_route(
u'login',
u'/login',
)
config.add_view(u'pyvac.views.credentials.Login',
route_name=u'login',
renderer=u'templates/login.html')
config.add_route(u'logout', u'/logout')
config.add_view(u'pyvac.views.credentials.Logout',
route_name=u'logout',
permission=u'user_view')
config.add_route('sudo', '/sudo')
config.add_view(u'pyvac.views.credentials.Sudo',
route_name=u'sudo',
permission=u'sudo_view',
renderer='templates/sudo.html')
# Home page
config.add_route(u'index', u'/')
config.add_view(u'pyvac.views.Index', route_name=u'index')
config.add_route('home', '/home')
config.add_view(u'pyvac.views.Home',
route_name=u'home',
renderer='templates/home.html',
permission=u'user_view')
# Forbidden
config.add_view(u'pyvac.views.base.forbidden_view', context=Forbidden)
# Internal error
config.add_view(u'pyvac.views.base.exception_view', context=Exception)
# Forgot password
config.add_route(
u'reset_password',
u'/reset',
)
config.add_view(u'pyvac.views.credentials.ResetPassword',
route_name=u'reset_password',
renderer=u'templates/password/reset.html')
# Change password
config.add_route(u'change_password', u'/password/{passhash}')
config.add_view(u'pyvac.views.credentials.ChangePassword',
route_name=u'change_password',
renderer=u'templates/password/change.html')
# Request submit
config.add_route('request_send',
u'/pyvac/request_send',
request_method=u'POST')
config.add_view(u'pyvac.views.request.Send',
route_name=u'request_send',
renderer='json',
permission=u'user_view')
# Manager view
config.add_route(u'list_request', u'/pyvac/request')
config.add_view(u'pyvac.views.request.List',
route_name=u'list_request',
renderer=u'templates/request/list.html',
permission=u'user_view')
config.add_route('request_accept',
u'/pyvac/request_accept',
request_method=u'POST')
config.add_view(u'pyvac.views.request.Accept',
route_name=u'request_accept',
renderer='json',
permission=u'manager_view')
config.add_route('request_refuse',
u'/pyvac/request_refuse',
request_method=u'POST')
config.add_view(u'pyvac.views.request.Refuse',
route_name=u'request_refuse',
renderer='json',
permission=u'manager_view')
config.add_route('request_cancel',
u'/pyvac/request_cancel',
request_method=u'POST')
config.add_view(u'pyvac.views.request.Cancel',
route_name=u'request_cancel',
renderer='json',
permission=u'user_view')
# Pool history
config.add_route('pool_history',
u'/pyvac/pool_history/{user_id}',
request_method=u'GET')
config.add_view(u'pyvac.views.request.PoolHistory',
route_name=u'pool_history',
renderer=u'templates/request/pool_history.html',
permission=u'user_view')
config.add_route('request_history',
u'/pyvac/request_history/{req_id}',
request_method=u'GET')
config.add_view(u'pyvac.views.request.History',
route_name=u'request_history',
renderer=u'templates/request/history.html',
permission=u'user_view')
# Admin view
config.add_route(u'list_account', u'/pyvac/account')
config.add_view(u'pyvac.views.account.List',
route_name=u'list_account',
renderer=u'templates/account/list.html',
permission=u'admin_view')
config.add_route(u'list_user_pool', u'/pyvac/pool_users')
config.add_view(u'pyvac.views.account.ListPool',
route_name=u'list_user_pool',
renderer=u'templates/account/pool.html',
permission=u'admin_view')
config.add_route(u'create_account', u'/pyvac/account/new')
config.add_view(u'pyvac.views.account.Create',
route_name=u'create_account',
renderer=u'templates/account/create.html',
permission=u'admin_view')
config.add_route(u'edit_account', u'/pyvac/account/{user_id}')
config.add_view(u'pyvac.views.account.Edit',
route_name=u'edit_account',
renderer=u'templates/account/edit.html',
permission=u'user_view')
config.add_route(u'delete_account', u'/pyvac/delete/account/{user_id}')
config.add_view(u'pyvac.views.account.Delete',
route_name=u'delete_account',
renderer=u'templates/account/delete.html',
permission=u'admin_view')
# who's who
config.add_route(
u'whoswho',
u'/who',
)
config.add_view(u'pyvac.views.account.Whoswho',
route_name=u'whoswho',
renderer=u'templates/whoswho.html')
config.add_route(u'export_request', u'/pyvac/export')
config.add_view(u'pyvac.views.request.Export',
route_name=u'export_request',
renderer=u'templates/request/export.html',
permission=u'admin_view')
config.add_route(u'request_export',
u'/pyvac/exported',
request_method=u'POST')
config.add_view(u'pyvac.views.request.Exported',
route_name=u'request_export',
renderer=u'templates/request/exported.html',
permission=u'admin_view')
config.add_route(u'prevision_request', u'/pyvac/prevision')
config.add_view(u'pyvac.views.request.Prevision',
route_name=u'prevision_request',
renderer=u'templates/request/prevision.html',
permission=u'admin_view')
if ldap:
config.add_route(u'squad_overview', u'/pyvac/squad_overview')
config.add_view(u'pyvac.views.request.SquadOverview',
route_name=u'squad_overview',
renderer=u'templates/request/squad_overview.html',
permission=u'manager_view')
config.add_route(u'chapter_overview', u'/pyvac/chapter_overview')
config.add_view(u'pyvac.views.request.ChapterOverview',
route_name=u'chapter_overview',
renderer=u'templates/request/chapter_overview.html',
permission=u'manager_view')
config.add_route(u'manager_overview', u'/pyvac/manager_overview')
config.add_view(u'pyvac.views.request.ManagerOverview',
route_name=u'manager_overview',
renderer=u'templates/request/manager_overview.html',
permission=u'manager_view')
# Pool managment
config.add_route(u'list_pools', u'/pyvac/pool')
config.add_view(u'pyvac.views.pool.List',
route_name=u'list_pools',
renderer=u'templates/pool/list.html',
permission=u'admin_view')
config.add_route(u'create_pool', u'/pyvac/pool/new')
config.add_view(u'pyvac.views.pool.Create',
route_name=u'create_pool',
renderer=u'templates/pool/create.html',
permission=u'admin_view')
config.add_route(u'edit_pool', u'/pyvac/pool/{pool_id}')
config.add_view(u'pyvac.views.pool.Edit',
route_name=u'edit_pool',
renderer=u'templates/pool/edit.html',
permission=u'user_view')
config.add_route(u'delete_pool', u'/pyvac/delete/pool/{pool_id}')
config.add_view(u'pyvac.views.pool.Delete',
route_name=u'delete_pool',
renderer=u'templates/pool/delete.html',
permission=u'admin_view')
# Holiday request
config.add_route('list_holiday',
u'/pyvac/list_holiday',
request_method=u'POST')
config.add_view(u'pyvac.views.holiday.List',
route_name=u'list_holiday',
renderer='json',
permission=u'user_view')
# Retrieve today vacations
config.add_route('request_off', u'/pyvac/off', request_method=u'GET')
config.add_view(u'pyvac.views.request.Off',
route_name=u'request_off',
renderer='json')
# Retrieve today vacations (HTML)
config.add_route(u'request_off_html', u'/pyvac/off.html')
config.add_view(u'pyvac.views.base.ViewBase',
route_name=u'request_off_html',
renderer=u'templates/off.html')
def save_model(self, account):
super(Edit, self).update_model(account)
self.set_country(account)
self.append_groups(account)
if 'disable_rtt' in self.request.params:
account.add_feature('disable_rtt', save=True)
else:
account.del_feature('disable_rtt', save=True)
settings = self.request.registry.settings
ldap = False
if 'pyvac.use_ldap' in settings:
ldap = asbool(settings.get('pyvac.use_ldap'))
if ldap:
# update in ldap
r = self.request
password = None
if 'user.password' in r.params and r.params['user.password']:
password = [hashPassword(r.params['user.password'])]
unit = None
if 'unit' in r.params and r.params['unit']:
unit = r.params['unit']
arrival_date = None
if 'arrival_date' in r.params and r.params['arrival_date']:
# cast to datetime
arrival_date = datetime.strptime(r.params['arrival_date'],
'%d/%m/%Y')
uid = None
if 'user.uid' in r.params and r.params['user.uid']:
uid = r.params['user.uid']
if (r.params.get('remove_photo', 'no') == 'yes'):
photo = ''
else:
try:
photo = r.POST['photofile'].file.read()
except:
photo = None
ldap = LdapCache()
ldap.update_user(account,
password=password,
unit=unit,
arrival_date=arrival_date,
uid=uid,
photo=photo)
# update teams
uteams = {}
for team, members in ldap.list_teams().iteritems():
for member in members:
uteams.setdefault(member, []).append(team)
user_teams = uteams.get(account.dn, [])
# add to new teams
for team in r.params.getall('teams'):
members = ldap.get_team_members(team)
if account.dn not in members:
members.append(account.dn.encode('utf-8'))
ldap.update_team(team, members)
# remove from old teams
for team in user_teams:
if team not in r.params.getall('teams'):
members = ldap.get_team_members(team)
if account.dn in members:
members.remove(account.dn)
ldap.update_team(team, members)
if self.user and not self.user.is_admin:
self.redirect_route = 'list_request'
def render(self):
req_list = {'requests': [], 'conflicts': {}}
requests = []
if self.user.is_admin:
country = self.user.country
requests = Request.all_for_admin_per_country(self.session,
country)
# check if admin user is also a manager, in this case merge all
# requests
requests_manager = Request.by_manager(self.session, self.user)
# avoid duplicate entries
req_to_add = [req for req in requests_manager
if req not in requests]
requests.extend(req_to_add)
elif self.user.is_super:
requests = Request.by_manager(self.session, self.user)
req_list['requests'] = requests
# always add our requests
for req in Request.by_user(self.session, self.user):
if req not in req_list['requests']:
req_list['requests'].append(req)
# split requests by past/next
today = datetime.now()
past_req = [req for req in req_list['requests']
if req.date_to < today
and req.status != 'PENDING']
next_req = [req for req in req_list['requests']
if req not in past_req]
req_list['past'] = past_req
req_list['next'] = next_req
# only retrieve conflicts for super users
# only retrieve conflicts for next requests, not past ones
if req_list['next'] and self.user.is_super:
conflicts = {}
settings = self.request.registry.settings
use_ldap = False
if 'pyvac.use_ldap' in settings:
use_ldap = asbool(settings.get('pyvac.use_ldap'))
if use_ldap:
ldap = LdapCache()
users_teams = {}
for team, members in ldap.list_teams().iteritems():
for member in members:
users_teams.setdefault(member, []).append(team)
conflicts = self.get_conflict_by_teams(req_list['next'],
users_teams)
else:
conflicts = self.get_conflict(req_list['next'])
req_list['conflicts'] = conflicts
return req_list
def render(self):
req_list = {'requests': [], 'conflicts': {}}
requests = []
if self.user.is_admin:
country = self.user.country
requests = Request.all_for_admin_per_country(self.session,
country)
# check if admin user is also a manager, in this case merge all
# requests
requests_manager = Request.by_manager(self.session, self.user)
# avoid duplicate entries
req_to_add = [req for req in requests_manager
if req not in requests]
requests.extend(req_to_add)
elif self.user.is_super:
requests = Request.by_manager(self.session, self.user)
if requests:
conflicts = {}
settings = self.request.registry.settings
use_ldap = False
if 'pyvac.use_ldap' in settings:
use_ldap = asbool(settings.get('pyvac.use_ldap'))
if use_ldap:
ldap = LdapCache()
users_teams = {}
for team, members in ldap.list_teams().iteritems():
for member in members:
users_teams.setdefault(member, []).append(team)
for req in requests:
user_teams = users_teams.get(req.user.dn, [])
matched = {}
# for all requests in conflict with current req
for req2 in Request.in_conflict(self.session, req):
# if we have some match between request teams
# and conflicting request teams
conflict_teams = users_teams.get(req2.user.dn, [])
common_set = set(conflict_teams) & set(user_teams)
if common_set:
for team in common_set:
if team not in matched:
matched[team] = []
matched[team].append(req2.summary)
req.conflict = matched
if req.conflict:
for team in req.conflict:
if req.id not in conflicts:
conflicts[req.id] = {}
conflicts[req.id][team] = ('\n'.join([team] +
req.conflict[team]))
else:
for req in requests:
req.conflict = [req2.summary for req2 in
Request.in_conflict_ou(self.session, req)]
if req.conflict:
conflicts[req.id] = '\n'.join(req.conflict)
req_list['requests'] = requests
req_list['conflicts'] = conflicts
# always add our requests
for req in Request.by_user(self.session, self.user):
if req not in req_list['requests']:
req_list['requests'].append(req)
return req_list
def includeme(config):
"""
Pyramid includeme file for the :class:`pyramid.config.Configurator`
"""
settings = config.registry.settings
if 'pyvac.celery.yaml' in settings:
configure(settings['pyvac.celery.yaml'])
if 'pyvac.use_ldap' in settings:
ldap = asbool(settings['pyvac.use_ldap'])
if ldap:
LdapCache.configure(settings['pyvac.ldap.yaml'])
# Jinja configuration
# We don't use jinja2 filename, .html instead
config.add_renderer('.html', renderer_factory)
# helpers
config.add_subscriber(add_urlhelpers, IBeforeRender)
# i18n
config.add_translation_dirs('locale/')
config.set_locale_negotiator(locale_negotiator)
# Javascript + Media
config.add_static_view('static', 'static', cache_max_age=3600)
config.add_route(u'login', u'/login',)
config.add_view(u'pyvac.views.credentials.Login',
route_name=u'login',
renderer=u'templates/login.html')
config.add_route(u'logout', u'/logout')
config.add_view(u'pyvac.views.credentials.Logout',
route_name=u'logout',
permission=u'user_view')
config.add_route('sudo', '/sudo')
config.add_view(u'pyvac.views.credentials.Sudo',
route_name=u'sudo',
permission=u'sudo_view',
renderer='templates/sudo.html')
# Home page
config.add_route(u'index', u'/')
config.add_view(u'pyvac.views.Index',
route_name=u'index')
config.add_route('home', '/home')
config.add_view(u'pyvac.views.Home',
route_name=u'home',
renderer='templates/home.html',
permission=u'user_view')
# Forbidden
config.add_view(u'pyvac.views.base.forbidden_view',
context=Forbidden)
# Internal error
config.add_view(u'pyvac.views.base.exception_view',
context=Exception)
# Forgot password
config.add_route(u'reset_password', u'/reset',)
config.add_view(u'pyvac.views.credentials.ResetPassword',
route_name=u'reset_password',
renderer=u'templates/password/reset.html')
# Change password
config.add_route(u'change_password', u'/password/{passhash}')
config.add_view(u'pyvac.views.credentials.ChangePassword',
route_name=u'change_password',
renderer=u'templates/password/change.html')
# Request submit
config.add_route('request_send', u'/pyvac/request_send',
request_method=u'POST')
config.add_view(u'pyvac.views.request.Send',
route_name=u'request_send',
renderer='json',
permission=u'user_view')
# Manager view
config.add_route(u'list_request', u'/pyvac/request')
config.add_view(u'pyvac.views.request.List',
route_name=u'list_request',
renderer=u'templates/request/list.html',
permission=u'user_view')
config.add_route('request_accept', u'/pyvac/request_accept',
request_method=u'POST')
config.add_view(u'pyvac.views.request.Accept',
route_name=u'request_accept',
renderer='json',
permission=u'manager_view')
config.add_route('request_refuse', u'/pyvac/request_refuse',
request_method=u'POST')
config.add_view(u'pyvac.views.request.Refuse',
route_name=u'request_refuse',
renderer='json',
permission=u'manager_view')
config.add_route('request_cancel', u'/pyvac/request_cancel',
request_method=u'POST')
config.add_view(u'pyvac.views.request.Cancel',
route_name=u'request_cancel',
renderer='json',
permission=u'user_view')
# Pool history
config.add_route('pool_history', u'/pyvac/pool_history/{user_id}',
request_method=u'GET')
config.add_view(u'pyvac.views.request.PoolHistory',
route_name=u'pool_history',
renderer=u'templates/request/pool_history.html',
permission=u'user_view')
# Admin view
config.add_route(u'list_account', u'/pyvac/account')
config.add_view(u'pyvac.views.account.List',
route_name=u'list_account',
renderer=u'templates/account/list.html',
permission=u'admin_view')
config.add_route(u'create_account', u'/pyvac/account/new')
config.add_view(u'pyvac.views.account.Create',
route_name=u'create_account',
renderer=u'templates/account/create.html',
permission=u'admin_view')
config.add_route(u'edit_account', u'/pyvac/account/{user_id}')
config.add_view(u'pyvac.views.account.Edit',
route_name=u'edit_account',
renderer=u'templates/account/edit.html',
permission=u'user_view')
config.add_route(u'delete_account', u'/pyvac/delete/account/{user_id}')
config.add_view(u'pyvac.views.account.Delete',
route_name=u'delete_account',
renderer=u'templates/account/delete.html',
permission=u'admin_view')
config.add_route(u'export_request', u'/pyvac/export')
config.add_view(u'pyvac.views.request.Export',
route_name=u'export_request',
renderer=u'templates/request/export.html',
permission=u'admin_view')
config.add_route(u'request_export', u'/pyvac/exported',
request_method=u'POST')
config.add_view(u'pyvac.views.request.Exported',
route_name=u'request_export',
renderer=u'templates/request/exported.html',
permission=u'admin_view')
config.add_route(u'prevision_request', u'/pyvac/prevision')
config.add_view(u'pyvac.views.request.Prevision',
route_name=u'prevision_request',
renderer=u'templates/request/prevision.html',
permission=u'admin_view')
# Holiday request
config.add_route('list_holiday', u'/pyvac/list_holiday',
request_method=u'POST')
config.add_view(u'pyvac.views.holiday.List',
route_name=u'list_holiday',
renderer='json',
permission=u'user_view')
# Retrieve today vacations
config.add_route('request_off', u'/pyvac/off',
request_method=u'GET')
config.add_view(u'pyvac.views.request.Off',
route_name=u'request_off',
renderer='json')
