def post(self, user_id=None, name=None): user = User.get(self.session, user_id, name) if not user: return self.notfound() if not self.check_access(self.session, self.current_user, user): return self.forbidden() form = UserEnableForm(self.request.arguments) if not form.validate(): # TODO: add error message return self.redirect("/users/{}?refresh=yes".format(user.name)) if user.role_user: enable_role_user(self.session, actor=self.current_user, preserve_membership=form.preserve_membership.data, user=user) else: enable_user(self.session, user, self.current_user, preserve_membership=form.preserve_membership.data) self.session.commit() AuditLog.log(self.session, self.current_user.id, 'enable_user', 'Enabled user.', on_user_id=user.id) return self.redirect("/users/{}?refresh=yes".format(user.name))
def post(self, *args: Any, **kwargs: Any) -> None: name = self.get_path_argument("name") user = User.get(self.session, name=name) if not user: return self.notfound() form = UserEnableForm(self.request.arguments) if not form.validate(): # TODO: add error message return self.redirect("/users/{}?refresh=yes".format(user.name)) if form.preserve_membership.data: if not self.check_access(self.session, self.current_user, user): return self.forbidden() else: if not self.check_access_without_membership( self.session, self.current_user, user): return self.forbidden() if user.role_user: enable_role_user( self.session, actor=self.current_user, preserve_membership=form.preserve_membership.data, user=user, ) else: enable_user( self.session, user, self.current_user, preserve_membership=form.preserve_membership.data, ) self.session.commit() AuditLog.log(self.session, self.current_user.id, "enable_user", "Enabled user.", on_user_id=user.id) return self.redirect("/users/{}?refresh=yes".format(user.name))
def post(self, user_id=None, name=None): user = User.get(self.session, user_id, name) if not user: return self.notfound() form = UserEnableForm(self.request.arguments) if not form.validate(): # TODO: add error message return self.redirect("/users/{}?refresh=yes".format(user.name)) if form.preserve_membership.data: if not self.check_access(self.session, self.current_user, user): return self.forbidden() else: if not self.check_access_without_membership(self.session, self.current_user, user): return self.forbidden() if user.role_user: enable_role_user( self.session, actor=self.current_user, preserve_membership=form.preserve_membership.data, user=user, ) else: enable_user( self.session, user, self.current_user, preserve_membership=form.preserve_membership.data, ) self.session.commit() AuditLog.log( self.session, self.current_user.id, "enable_user", "Enabled user.", on_user_id=user.id ) return self.redirect("/users/{}?refresh=yes".format(user.name))
def user_command(args, settings, session_factory): # type: (Namespace, CtlSettings, SessionFactory) -> None session = session_factory.create_session() if args.subcommand == "create": for username in args.username: user = User.get(session, name=username) if not user: logging.info("{}: No such user, creating...".format(username)) user = User.get_or_create(session, username=username, role_user=args.role_user) session.commit() else: logging.info( "{}: Already exists. Doing nothing.".format(username)) return elif args.subcommand == "disable": for username in args.username: user = User.get(session, name=username) if not user: logging.info( "{}: No such user. Doing nothing.".format(username)) elif not user.enabled: logging.info( "{}: User already disabled. Doing nothing.".format( username)) else: logging.info("{}: User found, disabling...".format(username)) try: if user.role_user: disable_role_user(session, user) else: disable_user(session, user) AuditLog.log( session, user.id, "disable_user", "(Administrative) User disabled via grouper-ctl", on_user_id=user.id, ) session.commit() except PluginRejectedDisablingUser as e: logging.error("%s", e) return elif args.subcommand == "enable": for username in args.username: user = User.get(session, name=username) if not user: logging.info( "{}: No such user. Doing nothing.".format(username)) elif user.enabled: logging.info( "{}: User not disabled. Doing nothing.".format(username)) else: logging.info("{}: User found, enabling...".format(username)) if user.role_user: enable_role_user( session, user, preserve_membership=args.preserve_membership, user=user) else: enable_user(session, user, user, preserve_membership=args.preserve_membership) AuditLog.log( session, user.id, "enable_user", "(Administrative) User enabled via grouper-ctl", on_user_id=user.id, ) session.commit() return # "add_public_key" and "set_metadata" user = User.get(session, name=args.username) if not user: logging.error("{}: No such user. Doing nothing.".format(args.username)) return # User must exist at this point. if args.subcommand == "set_metadata": logging.info("Setting %s metadata: %s=%s", args.username, args.metadata_key, args.metadata_value) if args.metadata_value == "": args.metadata_value = None set_user_metadata(session, user.id, args.metadata_key, args.metadata_value) session.commit() elif args.subcommand == "add_public_key": logging.info("Adding public key for user") try: pubkey = public_key.add_public_key(session, user, args.public_key) except public_key.DuplicateKey: logging.error("Key already in use") return except public_key.PublicKeyParseError: logging.error("Public key appears to be invalid") return AuditLog.log( session, user.id, "add_public_key", "(Administrative) Added public key: {}".format( pubkey.fingerprint_sha256), on_user_id=user.id, )
def test_disable_role_user(session, users, http_client, base_url): user = users['*****@*****.**'] # Add account create_role_user(session, user, '*****@*****.**', 'Hi', 'canjoin') u = User.get(session, name="*****@*****.**") g = Group.get(session, name="*****@*****.**") assert u is not None assert g is not None assert is_role_user(session, user=u) assert is_role_user(session, group=g) assert get_role_user(session, user=u).group.id == g.id assert get_role_user(session, group=g).user.id == u.id assert not is_role_user(session, user=user) assert not is_role_user(session, group=Group.get(session, name="team-sre")) disable_role_user(session, user=u) u = User.get(session, name="*****@*****.**") assert not u.enabled, "The SA User should be disabled" g = Group.get(session, name="*****@*****.**") assert not g.enabled, "The SA Group should be disabled" enable_role_user(session, actor=user, group=g, preserve_membership=True) u = User.get(session, name="*****@*****.**") assert u.enabled, "The SA User should be enabled" g = Group.get(session, name="*****@*****.**") assert g.enabled, "The SA Group should be enabled" with pytest.raises(HTTPError): fe_url = url(base_url, '/groups/{}/disable'.format("*****@*****.**")) resp = yield http_client.fetch( fe_url, method="POST", body="", headers={'X-Grouper-User': user.username}) u = User.get(session, name="*****@*****.**") assert u.enabled, "Attempting to disable SAs through groups/disable should not work" g = Group.get(session, name="*****@*****.**") assert g.enabled, "Attempting to disable SAs through groups/disable should not work" fe_url = url(base_url, '/users/{}/disable'.format("*****@*****.**")) resp = yield http_client.fetch(fe_url, method="POST", body="", headers={'X-Grouper-User': user.username}) u = User.get(session, name="*****@*****.**") assert not u.enabled, "The SA User should be disabled" g = Group.get(session, name="*****@*****.**") assert not g.enabled, "The SA Group should be disabled" with pytest.raises(HTTPError): fe_url = url(base_url, '/groups/{}/enable'.format("*****@*****.**")) resp = yield http_client.fetch( fe_url, method="POST", body="", headers={'X-Grouper-User': user.username}) u = User.get(session, name="*****@*****.**") assert not u.enabled, "Attempting to enable SAs through groups/enable should not work" g = Group.get(session, name="*****@*****.**") assert not g.enabled, "Attempting to enable SAs through groups/enable should not work"
def user_command(args): session = make_session() if args.subcommand == "create": for username in args.username: user = User.get(session, name=username) if not user: logging.info("{}: No such user, creating...".format(username)) user = User.get_or_create(session, username=username, role_user=args.role_user) session.commit() else: logging.info( "{}: Already exists. Doing nothing.".format(username)) return elif args.subcommand == "disable": for username in args.username: user = User.get(session, name=username) if not user: logging.info( "{}: No such user. Doing nothing.".format(username)) elif not user.enabled: logging.info( "{}: User already disabled. Doing nothing.".format( username)) else: logging.info("{}: User found, disabling...".format(username)) try: if user.role_user: disable_role_user(session, user) else: disable_user(session, user) AuditLog.log( session, user.id, 'disable_user', '(Administrative) User disabled via grouper-ctl', on_user_id=user.id) session.commit() except PluginRejectedDisablingUser as e: logging.error(e.message) return elif args.subcommand == "enable": for username in args.username: user = User.get(session, name=username) if not user: logging.info( "{}: No such user. Doing nothing.".format(username)) elif user.enabled: logging.info( "{}: User not disabled. Doing nothing.".format(username)) else: logging.info("{}: User found, enabling...".format(username)) if user.role_user: enable_role_user( session, user, preserve_membership=args.preserve_membership, user=user) else: enable_user(session, user, user, preserve_membership=args.preserve_membership) AuditLog.log(session, user.id, 'enable_user', '(Administrative) User enabled via grouper-ctl', on_user_id=user.id) session.commit() return # "add_public_key" and "set_metadata" user = User.get(session, name=args.username) if not user: logging.error("{}: No such user. Doing nothing.".format(args.username)) return # User must exist at this point. if args.subcommand == "set_metadata": print "Setting %s metadata: %s=%s" % (args.username, args.metadata_key, args.metadata_value) if args.metadata_value == "": args.metadata_value = None set_user_metadata(session, user.id, args.metadata_key, args.metadata_value) session.commit() elif args.subcommand == "add_public_key": print "Adding public key for user..." try: pubkey = public_key.add_public_key(session, user, args.public_key) except public_key.DuplicateKey: print "Key already in use." return except public_key.PublicKeyParseError: print "Public key appears to be invalid." return AuditLog.log(session, user.id, 'add_public_key', '(Administrative) Added public key: {}'.format( pubkey.fingerprint), on_user_id=user.id)
def user_command(args, settings, session_factory): # type: (Namespace, CtlSettings, SessionFactory) -> None session = session_factory.create_session() if args.subcommand == "create": for username in args.username: user = User.get(session, name=username) if not user: logging.info("{}: No such user, creating...".format(username)) user = User.get_or_create(session, username=username, role_user=args.role_user) session.commit() else: logging.info("{}: Already exists. Doing nothing.".format(username)) return elif args.subcommand == "disable": for username in args.username: user = User.get(session, name=username) if not user: logging.info("{}: No such user. Doing nothing.".format(username)) elif not user.enabled: logging.info("{}: User already disabled. Doing nothing.".format(username)) else: logging.info("{}: User found, disabling...".format(username)) try: if user.role_user: disable_role_user(session, user) else: disable_user(session, user) AuditLog.log( session, user.id, "disable_user", "(Administrative) User disabled via grouper-ctl", on_user_id=user.id, ) session.commit() except PluginRejectedDisablingUser as e: logging.error("%s", e) return elif args.subcommand == "enable": for username in args.username: user = User.get(session, name=username) if not user: logging.info("{}: No such user. Doing nothing.".format(username)) elif user.enabled: logging.info("{}: User not disabled. Doing nothing.".format(username)) else: logging.info("{}: User found, enabling...".format(username)) if user.role_user: enable_role_user( session, user, preserve_membership=args.preserve_membership, user=user ) else: enable_user(session, user, user, preserve_membership=args.preserve_membership) AuditLog.log( session, user.id, "enable_user", "(Administrative) User enabled via grouper-ctl", on_user_id=user.id, ) session.commit() return # "add_public_key" and "set_metadata" user = User.get(session, name=args.username) if not user: logging.error("{}: No such user. Doing nothing.".format(args.username)) return # User must exist at this point. if args.subcommand == "set_metadata": logging.info( "Setting %s metadata: %s=%s", args.username, args.metadata_key, args.metadata_value ) if args.metadata_value == "": args.metadata_value = None set_user_metadata(session, user.id, args.metadata_key, args.metadata_value) session.commit() elif args.subcommand == "add_public_key": logging.info("Adding public key for user") try: pubkey = public_key.add_public_key(session, user, args.public_key) except public_key.DuplicateKey: logging.error("Key already in use") return except public_key.PublicKeyParseError: logging.error("Public key appears to be invalid") return AuditLog.log( session, user.id, "add_public_key", "(Administrative) Added public key: {}".format(pubkey.fingerprint_sha256), on_user_id=user.id, )
def test_disable_role_user(session, users, http_client, base_url): # noqa: F811 user = users["*****@*****.**"] # Add account create_role_user(session, user, "*****@*****.**", "Hi", "canjoin") u = User.get(session, name="*****@*****.**") g = Group.get(session, name="*****@*****.**") assert u is not None assert g is not None assert is_role_user(session, user=u) assert is_role_user(session, group=g) assert get_role_user(session, user=u).group.id == g.id assert get_role_user(session, group=g).user.id == u.id assert not is_role_user(session, user=user) assert not is_role_user(session, group=Group.get(session, name="team-sre")) disable_role_user(session, user=u) u = User.get(session, name="*****@*****.**") assert not u.enabled, "The SA User should be disabled" g = Group.get(session, name="*****@*****.**") assert not g.enabled, "The SA Group should be disabled" enable_role_user(session, actor=user, group=g, preserve_membership=True) u = User.get(session, name="*****@*****.**") assert u.enabled, "The SA User should be enabled" g = Group.get(session, name="*****@*****.**") assert g.enabled, "The SA Group should be enabled" with pytest.raises(HTTPError): fe_url = url(base_url, "/groups/{}/disable".format("*****@*****.**")) yield http_client.fetch( fe_url, method="POST", body="", headers={"X-Grouper-User": user.username} ) u = User.get(session, name="*****@*****.**") assert u.enabled, "Attempting to disable SAs through groups/disable should not work" g = Group.get(session, name="*****@*****.**") assert g.enabled, "Attempting to disable SAs through groups/disable should not work" fe_url = url(base_url, "/users/{}/disable".format("*****@*****.**")) yield http_client.fetch( fe_url, method="POST", body="", headers={"X-Grouper-User": user.username} ) u = User.get(session, name="*****@*****.**") assert not u.enabled, "The SA User should be disabled" g = Group.get(session, name="*****@*****.**") assert not g.enabled, "The SA Group should be disabled" with pytest.raises(HTTPError): fe_url = url(base_url, "/groups/{}/enable".format("*****@*****.**")) yield http_client.fetch( fe_url, method="POST", body="", headers={"X-Grouper-User": user.username} ) u = User.get(session, name="*****@*****.**") assert not u.enabled, "Attempting to enable SAs through groups/enable should not work" g = Group.get(session, name="*****@*****.**") assert not g.enabled, "Attempting to enable SAs through groups/enable should not work"