def render(self): # synchronise user groups/roles User.sync_ldap_info(self.session) ldap = LdapCache() users_entity = {} for chapter, members in ldap.list_chapters().iteritems(): for member in members: users_entity.setdefault(member, []).append(chapter) # keep only managed users for managers # use all users for admin overviews = {} if self.user.is_admin or self.user.has_feature( 'chapter_overview_full'): # noqa for _, target_chapter in self.chapter_leaders.items(): chapter_stats = self.get_chapter_stats(target_chapter, users_entity) # noqa overviews.update({target_chapter: chapter_stats}) elif self.user.is_manager: # retrieve logged chapter leader target_chapter = self.chapter_leaders[self.user.login] chapter_stats = self.get_chapter_stats(target_chapter, users_entity) # noqa overviews = {target_chapter: chapter_stats} else: return HTTPFound(location=route_url('home', self.request)) return {'users_entity': users_entity, 'overviews': overviews}
def render(self): settings = self.request.registry.settings use_ldap = False if 'pyvac.use_ldap' in settings: use_ldap = asbool(settings.get('pyvac.use_ldap')) user_attr = {} users_teams = {} active_users = [] if use_ldap: # synchronise user groups/roles User.sync_ldap_info(self.session) ldap = LdapCache() user_attr = ldap.get_users_units() users_teams = {} for team, members in ldap.list_teams().iteritems(): for member in members: users_teams.setdefault(member, []).append(team) active_users = ldap.list_active_users() return { u'user_count': User.find(self.session, count=True), u'users': User.find(self.session, order_by=[User.dn]), 'use_ldap': use_ldap, 'ldap_info': user_attr, 'users_teams': users_teams, 'active_users': active_users, }
def delete(self, account): # cancel all associated requests for this user requests = account.requests for req in requests: req.update_status('CANCELED') # delete all request history entries for this user # otherwise it will raise a integrity error for entry in req.history: self.session.delete(entry) self.session.flush() # cancel all request history entries in case there are entries in # this table but without an existing request histo_reqs = RequestHistory.by_user(self.session, account.id) for entry in histo_reqs: self.session.delete(entry) self.session.flush() # cancel associated password recovery attempts for this user for item in account.recovery: self.session.delete(item) super(Delete, self).delete(account) if account.ldap_user: # delete in ldap ldap = LdapCache() try: ldap.delete_user(account.dn) except IndexError: log.info('User %s seems already deleted in ldap' % account.dn)
def render(self): from datetime import datetime today = datetime.now() end_date = datetime(today.year, 10, 31) previsions = Request.get_previsions(self.session, end_date) users_per_id = dict([(user.id, user) for user in User.find(self.session)]) settings = self.request.registry.settings use_ldap = False if 'pyvac.use_ldap' in settings: use_ldap = asbool(settings.get('pyvac.use_ldap')) user_attr = {} users_teams = {} if use_ldap: # synchronise user groups/roles User.sync_ldap_info(self.session) ldap = LdapCache() user_attr = ldap.get_users_units() users_teams = {} for team, members in list(ldap.list_teams().items()): for member in members: users_teams.setdefault(member, []).append(team) return {'users_per_id': users_per_id, 'use_ldap': use_ldap, 'ldap_info': user_attr, 'users_teams': users_teams, 'previsions': previsions, 'today': today, 'end_date': end_date, }
def render(self): # synchronise user groups/roles User.sync_ldap_info(self.session) ldap = LdapCache() users_entity = {} for team, members in list(ldap.list_teams().items()): for member in members: users_entity.setdefault(member, []).append(team) # keep only managed users for managers # use all users for admin overviews = {} if self.user.is_admin or self.user.has_feature('squad_overview_full'): for _, target_squad in list(self.squad_leaders.items()): squad_stats = self.get_squad_stats(target_squad, users_entity) overviews.update({target_squad: squad_stats}) elif self.user.is_manager: # retrieve logged squad leader target_squad = self.squad_leaders[self.user.login] squad_stats = self.get_squad_stats(target_squad, users_entity) overviews = {target_squad: squad_stats} else: return HTTPFound(location=route_url('home', self.request)) return {'users_entity': users_entity, 'overviews': overviews}
def get_data(self, session, country): now = datetime.now() th_trial, th_good = self.trial_thresholds[country] ldap = LdapCache() arrivals = ldap.list_arrivals_country(country) matched = [] for user_dn, dt in list(arrivals.items()): if not dt: continue dt_trial_threshold = dt + relativedelta(months=th_trial) dt_good = dt + relativedelta(months=th_good) if (now > dt_trial_threshold) and not (now > dt_good): matched.append((user_dn, dt)) datas = [] for user_dn, dt in matched: user = User.by_dn(session, user_dn) if not user: self.log.info('user not found: %s' % user_dn) continue if user.country not in self.countries: continue data = {'user_id': user.id} param = json.dumps(OrderedDict(data)) rem = CoreReminder.by_type_param(session, 'trial_threshold', param) if not rem: data['duration'] = th_trial data['subject'] = self.subject datas.append(data) return datas
def update_view(self, model, view): settings = self.request.registry.settings ldap = False if 'pyvac.use_ldap' in settings: ldap = asbool(settings.get('pyvac.use_ldap')) if view['errors']: self.request.session.flash('error;%s' % ','.join(view['errors'])) view['groups'] = Group.all(self.session, order_by=Group.name) view['managers'] = User.by_role(self.session, 'manager') view['countries'] = Countries.all(self.session, order_by=Countries.name) if ldap: ldap = LdapCache() login = self.get_model().login view['ldap_user'] = {} if login: try: view['ldap_user'] = ldap.search_user_by_login(login) except UnknownLdapUser: msg = 'Unknown ldap user %s' % login self.request.session.flash('error;%s' % msg) view['managers'] = ldap.list_manager() view['units'] = ldap.list_ou() view['teams'] = ldap.list_teams() uteams = {} for team, members in view['teams'].iteritems(): for member in members: uteams.setdefault(member, []).append(team) view['user_teams'] = uteams.get(view['ldap_user'].get('dn'), []) # generate a random password for the user, he must change it later password = randomstring() log.debug('temporary password generated: %s' % password) view['password'] = password view['view_name'] = self.__class__.__name__.lower() view['myself'] = (self.user.id == self.get_model().id) jpeg = view['ldap_user'].get('jpegPhoto') if jpeg: view['ldap_user']['photo'] = base64.b64encode(jpeg) partial_time_tooltip = """\ This value will be used to compute how much RTT you will acquire. Example: If you use 2/5, you will acquire 0.4 RTT instead of 1 RTT. This has no effect on CP acquisition. """ view['partial_time_tooltip'] = partial_time_tooltip
def main(argv=sys.argv): if len(argv) != 2: usage(argv) config_uri = argv[1] setup_logging(config_uri) settings = get_appsettings(config_uri) LdapCache.configure(settings['pyvac.ldap.yaml']) ldap = LdapCache() engine = create_engine('pyvac', settings, scoped=False) populate(engine, ldap) dispose_engine('pyvac')
def save_model(self, account): super(Create, self).save_model(account) self.set_country(account) self.append_groups(account) self.assign_pools(account) if 'disable_rtt' in self.request.params: account.add_feature('disable_rtt', save=True) else: account.del_feature('disable_rtt', save=True) settings = self.request.registry.settings ldap = False if 'pyvac.use_ldap' in settings: ldap = asbool(settings.get('pyvac.use_ldap')) if ldap: # create in ldap r = self.request ldap = LdapCache() if 'ldappassword' not in r.params: raise MandatoryLdapPassword() uid = None if 'user.uid' in r.params and r.params['user.uid']: uid = r.params['user.uid'] try: new_dn = ldap.add_user(account, password=r.params['ldappassword'], unit=r.params.get('unit'), uid=uid) msg = ('User %s created in pyvac and ldap' % account.login) self.request.session.flash('info;%s' % msg) except ALREADY_EXISTS: # already exists in ldap, only retrieve the dn new_dn = 'cn=%s,c=%s,%s' % (account.login, account.country, ldap._base) msg = ( 'User %s already exists in ldap, created only in pyvac' % account.login) log.info(msg) self.request.session.flash('info;%s' % msg) # update dn account.dn = new_dn if self.user and not self.user.is_admin: self.redirect_route = 'list_request'
def render(self): passhash = self.request.matchdict['passhash'] entry = PasswordRecovery.by_hash(self.session, passhash) if not entry: return HTTPFound(location=route_url('login', self.request)) if entry.expired: msg = 'This password recovery request have expired.' self.request.session.flash('error;%s' % msg) self.session.delete(entry) else: errors = [] if 'form.submitted' in self.request.params: r = self.request settings = self.request.registry.settings ldap = False if 'pyvac.use_ldap' in settings: ldap = asbool(settings.get('pyvac.use_ldap')) if not len(r.params['user.password']): errors.append(_(u'password cannot be empty')) if r.params['user.password'] != r.params['confirm_password']: errors.append(_(u'passwords do not match')) if errors: self.request.session.flash('error;%s' % ','.join(errors)) if not errors: # change user password if ldap: # update in ldap password = [hashPassword(r.params['user.password'])] ldap = LdapCache() ldap.update_user(entry.user, password=password) else: # update locally entry.user.password = r.params['user.password'] msg = 'Password successfully changed' self.request.session.flash('info;%s' % msg) self.session.delete(entry) return HTTPFound(location=route_url('login', self.request)) return {'user': entry.user}
def render(self): req_list = {'requests': [], 'conflicts': {}} requests = [] if self.user.is_admin: country = self.user.country requests = Request.all_for_admin_per_country(self.session, country) # check if admin user is also a manager, in this case merge all # requests requests_manager = Request.by_manager(self.session, self.user) # avoid duplicate entries req_to_add = [ req for req in requests_manager if req not in requests ] requests.extend(req_to_add) elif self.user.is_super: requests = Request.by_manager(self.session, self.user) req_list['requests'] = requests # always add our requests for req in Request.by_user(self.session, self.user): if req not in req_list['requests']: req_list['requests'].append(req) # split requests by past/next today = datetime.now() if self.user.is_admin: # for admin, display request from 1st of month today = today.replace(day=1) past_req = [ req for req in req_list['requests'] if req.date_to < today and req.status not in ['PENDING', 'ACCEPTED_MANAGER'] ] next_req = [req for req in req_list['requests'] if req not in past_req] req_list['past'] = past_req req_list['next'] = next_req # only retrieve conflicts for super users # only retrieve conflicts for next requests, not past ones if req_list['next'] and self.user.is_super: conflicts = {} settings = self.request.registry.settings use_ldap = False if 'pyvac.use_ldap' in settings: use_ldap = asbool(settings.get('pyvac.use_ldap')) if use_ldap: ldap = LdapCache() users_teams = {} for team, members in ldap.list_teams().iteritems(): for member in members: users_teams.setdefault(member, []).append(team) conflicts = self.get_conflict_by_teams(req_list['next'], users_teams) else: conflicts = self.get_conflict(req_list['next']) req_list['conflicts'] = conflicts return req_list
def render(self): duration = 1 def fmt_req_type(req): label = ' %s' % req.label if req.label else '' if duration and req.days > 1: label = '%s (until %s)' % (label, req.date_to.strftime('%d/%m/%Y')) return '%s%s' % (req.type, label) order_by = (User.country_id.asc(), User.id) users = User.find(self.session, order_by=order_by) users = [user for user in users if user.login not in self.ignore_users] requests = Request.get_active(self.session) data_off = dict([(req.user.login, fmt_req_type(req)) for req in requests]) data = { 'users': [], } users_teams = {} settings = self.request.registry.settings use_ldap = False if 'pyvac.use_ldap' in settings: use_ldap = asbool(settings.get('pyvac.use_ldap')) if use_ldap: ldap_users = {} # synchronise user groups/roles # User.sync_ldap_info(self.session) ldap = LdapCache() ldap_users = ldap.list_users() # discard users which should be deleted users = [user for user in users if user.dn in ldap_users] teams = ldap.list_teams() data['teams'] = teams.keys() for team, members in teams.iteritems(): for member in members: users_teams.setdefault(member, []).append(team) for user in users: uteams = users_teams.get(user.dn, []) item = { 'name': user.name, 'email': user.email, 'bu': user.country, 'nickname': user.nickname or '-', 'teams': ', '.join(uteams) if uteams else '-', } item['vacation'] = data_off.get(user.login) item['status'] = 'off' if item['vacation'] else 'on' if use_ldap: ldap_user = ldap_users[user.dn] jpeg = ldap_user.get('jpegPhoto') photo = None if jpeg: photo = base64.b64encode(jpeg) item['photo'] = photo item['mobile'] = ldap_user.get('mobile', '-') data['users'].append(item) return {'data': data}
def save_model(self, account): super(Edit, self).update_model(account) self.set_country(account) self.append_groups(account) if 'disable_rtt' in self.request.params: account.add_feature('disable_rtt', save=True) else: account.del_feature('disable_rtt', save=True) settings = self.request.registry.settings ldap = False if 'pyvac.use_ldap' in settings: ldap = asbool(settings.get('pyvac.use_ldap')) if ldap: # update in ldap r = self.request password = None if 'user.password' in r.params and r.params['user.password']: password = [hashPassword(r.params['user.password'])] unit = None if 'unit' in r.params and r.params['unit']: unit = r.params['unit'] arrival_date = None if 'arrival_date' in r.params and r.params['arrival_date']: # cast to datetime arrival_date = datetime.strptime(r.params['arrival_date'], '%d/%m/%Y') uid = None if 'user.uid' in r.params and r.params['user.uid']: uid = r.params['user.uid'] if (r.params.get('remove_photo', 'no') == 'yes'): photo = '' else: try: r.params['photofile'].file.seek(0) photo = r.params['photofile'].file.read() except: photo = None if photo: log.info('uploading photo size: %d' % len(photo)) mobile = None if 'mobile' in r.params: mobile = r.params['mobile'] ldap = LdapCache() ldap.update_user(account, password=password, unit=unit, arrival_date=arrival_date, uid=uid, photo=photo, mobile=mobile) # only for admins if self.user.is_admin: # update teams uteams = {} for team, members in ldap.list_teams().iteritems(): for member in members: uteams.setdefault(member, []).append(team) user_teams = uteams.get(account.dn, []) # add to new teams for team in r.params.getall('teams'): members = ldap.get_team_members(team) if account.dn not in members: members.append(account.dn.encode('utf-8')) ldap.update_team(team, members) # remove from old teams for team in user_teams: if team not in r.params.getall('teams'): members = ldap.get_team_members(team) if account.dn in members: members.remove(account.dn) ldap.update_team(team, members) # update role for user in LDAP old_role = account.role if 'ldap_role' in r.params: new_role = r.params['ldap_role'] if old_role != new_role: log.info('LDAP role changed: %s -> %s' % (old_role, new_role)) if new_role == 'manager': ldap.add_manager(account.dn) elif old_role == 'manager': ldap.remove_manager(account.dn) if new_role == 'admin': ldap.add_admin(account.dn) elif old_role == 'admin': ldap.remove_admin(account.dn) if self.user and not self.user.is_admin: self.redirect_route = 'list_request'
def save_model(self, account): super(Edit, self).update_model(account) self.set_country(account) self.append_groups(account) if 'disable_rtt' in self.request.params: account.add_feature('disable_rtt', save=True) else: account.del_feature('disable_rtt', save=True) settings = self.request.registry.settings ldap = False if 'pyvac.use_ldap' in settings: ldap = asbool(settings.get('pyvac.use_ldap')) if ldap: # update in ldap r = self.request password = None if 'user.password' in r.params and r.params['user.password']: password = [hashPassword(r.params['user.password'])] unit = None if 'unit' in r.params and r.params['unit']: unit = r.params['unit'] arrival_date = None if 'arrival_date' in r.params and r.params['arrival_date']: # cast to datetime arrival_date = datetime.strptime(r.params['arrival_date'], '%d/%m/%Y') uid = None if 'user.uid' in r.params and r.params['user.uid']: uid = r.params['user.uid'] if (r.params.get('remove_photo', 'no') == 'yes'): photo = '' else: try: photo = r.POST['photofile'].file.read() except: photo = None ldap = LdapCache() ldap.update_user(account, password=password, unit=unit, arrival_date=arrival_date, uid=uid, photo=photo) # update teams uteams = {} for team, members in ldap.list_teams().iteritems(): for member in members: uteams.setdefault(member, []).append(team) user_teams = uteams.get(account.dn, []) # add to new teams for team in r.params.getall('teams'): members = ldap.get_team_members(team) if account.dn not in members: members.append(account.dn.encode('utf-8')) ldap.update_team(team, members) # remove from old teams for team in user_teams: if team not in r.params.getall('teams'): members = ldap.get_team_members(team) if account.dn in members: members.remove(account.dn) ldap.update_team(team, members) if self.user and not self.user.is_admin: self.redirect_route = 'list_request'