def manage_editUserRoles(self, user_dn, role_dns=[], REQUEST=None): """ Edit the roles (groups) of a user """ all_groups = self.getGroups(attr='dn') cur_groups = self.getGroups(dn=user_dn, attr='dn') operations = [] luf = self.getLUF() user = self.getUserByDN(user_dn) if user is None: return for role_dn in role_dns: if role_dn not in all_groups: newgroup_type = 'groupOfUniqueNames' newgroup_member = GROUP_MEMBER_MAP.get(newgroup_type) newgroup_name = luf._delegate.explode_dn(role_dn, 1)[0] connection = luf._connect() attr_list = [ ('objectClass', ['top', newgroup_type]) , ('cn', newgroup_name) , (newgroup_member, [user_dn, luf._binduid]) ] connection.add_s(role_dn, attr_list) for group in all_groups: if group in cur_groups and group not in role_dns: operations.append({ 'op' : luf._delegate.DELETE , 'target' : group , 'type' : luf.getGroupType(group) } ) elif group in role_dns and group not in cur_groups: operations.append({ 'op' : luf._delegate.ADD , 'target' : group , 'type' : luf.getGroupType(group) } ) if operations: connection = luf._connect() for to_do in operations: mod_list = ( ( to_do['op'] , GROUP_MEMBER_MAP.get(to_do['type']) , user_dn ), ) try: connection.modify_s(to_do['target'], mod_list) except Exception, e: msg = str(e) msg = 'Roles changed for %s' % (user_dn)
def manage_editUserRoles(self, user_dn, role_dns=[], REQUEST=None): """ Edit the roles (groups) of a user """ all_groups = self.getGroups(attr='dn') cur_groups = self.getGroups(dn=user_dn, attr='dn') operations = [] luf = self.getLUF() user = self.getUserByDN(user_dn) if user is None: return for role_dn in role_dns: if role_dn not in all_groups: newgroup_type = 'groupOfUniqueNames' newgroup_member = GROUP_MEMBER_MAP.get(newgroup_type) newgroup_name = luf._delegate.explode_dn(role_dn, 1)[0] connection = luf._connect() attr_list = [('objectClass', ['top', newgroup_type]), ('cn', newgroup_name), (newgroup_member, [user_dn, luf._binduid])] connection.add_s(role_dn, attr_list) for group in all_groups: if group in cur_groups and group not in role_dns: operations.append({ 'op': luf._delegate.DELETE, 'target': group, 'type': luf.getGroupType(group) }) elif group in role_dns and group not in cur_groups: operations.append({ 'op': luf._delegate.ADD, 'target': group, 'type': luf.getGroupType(group) }) if operations: connection = luf._connect() for to_do in operations: mod_list = ((to_do['op'], GROUP_MEMBER_MAP.get(to_do['type']), user_dn), ) try: connection.modify_s(to_do['target'], mod_list) except Exception, e: msg = str(e) msg = 'Roles changed for %s' % (user_dn)
def manage_editGroupRoles(self, user_dn, role_dns=[], REQUEST=None): """ Edit the roles (groups) of a group """ from Products.LDAPUserFolder.utils import GROUP_MEMBER_MAP try: from Products.LDAPUserFolder.LDAPDelegate import ADD, DELETE except ImportError: # Support for LDAPUserFolder >= 2.6 ADD = self._delegate.ADD DELETE = self._delegate.DELETE msg = "" ## Log(LOG_DEBUG, "assigning", role_dns, "to", user_dn) all_groups = self.getGroups(attr='dn') cur_groups = self.getGroups(dn=user_dn, attr='dn') group_dns = [] for group in role_dns: if group.find('=') == -1: group_dns.append('cn=%s,%s' % (group, self.groups_base)) else: group_dns.append(group) if self._local_groups: if len(role_dns) == 0: del self._groups_store[user_dn] else: self._groups_store[user_dn] = role_dns else: for group in all_groups: member_attr = GROUP_MEMBER_MAP.get(self.getGroupType(group)) if group in cur_groups and group not in group_dns: action = DELETE elif group in group_dns and group not in cur_groups: action = ADD else: action = None if action is not None: msg = self._delegate.modify( group , action , {member_attr : [user_dn]} ) ## Log(LOG_DEBUG, "group", group, "subgroup", user_dn, "result", msg) if msg: raise RuntimeError, msg
def manage_editGroupRoles(self, user_dn, role_dns=[], REQUEST=None): """ Edit the roles (groups) of a group """ from Products.LDAPUserFolder.utils import GROUP_MEMBER_MAP try: from Products.LDAPUserFolder.LDAPDelegate import ADD, DELETE except ImportError: # Support for LDAPUserFolder >= 2.6 ADD = self._delegate.ADD DELETE = self._delegate.DELETE msg = "" ## Log(LOG_DEBUG, "assigning", role_dns, "to", user_dn) all_groups = self.getGroups(attr='dn') cur_groups = self.getGroups(dn=user_dn, attr='dn') group_dns = [] for group in role_dns: if group.find('=') == -1: group_dns.append('cn=%s,%s' % (group, self.groups_base)) else: group_dns.append(group) if self._local_groups: if len(role_dns) == 0: del self._groups_store[user_dn] else: self._groups_store[user_dn] = role_dns else: for group in all_groups: member_attr = GROUP_MEMBER_MAP.get(self.getGroupType(group)) if group in cur_groups and group not in group_dns: action = DELETE elif group in group_dns and group not in cur_groups: action = ADD else: action = None if action is not None: msg = self._delegate.modify(group, action, {member_attr: [user_dn]}) ## Log(LOG_DEBUG, "group", group, "subgroup", user_dn, "result", msg) if msg: raise RuntimeError, msg