def ldap_create_admin_user(self):
if self.is_enabled:
try:
dn = str("cn=root,ou=users," + self.domain)
attrs = {}
attrs['cn'] = 'root'
attrs['gidNumber'] = '501'
attrs['givenName'] = ''
attrs['homeDirectory'] = '/home/users/root'
attrs['objectclass'] = [
'top', 'posixAccount', 'inetOrgPerson', 'extensibleObject'
]
attrs['userPassword'] = self.password
attrs['oclExtraAttrs'] = 'CAT_ALL_Administrator'
attrs['uidNumber'] = '1000'
attrs['sn'] = 'root'
attrs['uid'] = 'root'
ldif = modlist.addModlist(attrs)
self.ldap.add_s(dn, ldif)
except ldap.LDAPError, e:
pass
try:
# ensure the user exists both on django and ldap
if not User.objects.filter(username="******").exists():
admin_user = User.objects.create_superuser(
username='******',
password=self.password,
email='*****@*****.**')
admin_user.is_superuser = True
admin_user.is_staff = True
admin_group = UserGroup.objects.get(name__exact='root')
usergroup_user = UserGroupUser(user=admin_user,
user_group=admin_group)
usergroup_user.save()
self.ldap_add_default_group_member(admin_user)
self.ldap_add_admin_group_member(admin_user)
except Exception as exc:
pass
def user_update(request, uid):
if request.method == 'POST':
user = User.objects.get(id=int(uid))
assigned_groups = []
for key in request.POST:
if 'group-' in key:
assigned_groups.append(int(key.split('-')[1]))
is_staff = False
if 'is_staff' in request.POST:
is_staff = True
is_superuser = False
if 'is_superuser' in request.POST:
is_superuser = True
is_staff = True
user.first_name = request.POST.get('first_name')
user.last_name = request.POST.get('last_name')
user.email = request.POST.get('email')
user.is_staff = is_staff
user.save()
if user.is_superuser and is_superuser:
admin_group = UserGroup.objects.get(name__exact='admin')
assigned_groups.append(admin_group.id)
if not user.is_superuser and is_superuser:
user.is_superuser = True
user.save()
admin_group = UserGroup.objects.get(name__exact='admin')
core_services.ldap_add_group_member(user, admin_group)
assigned_groups.append(admin_group.id)
if user.is_superuser and not is_superuser:
user.is_superuser = False
user.save()
admin_group = UserGroup.objects.get(name__exact='admin')
core_services.ldap_delete_group_member(user, admin_group)
groups_by_user = UserGroupUser.objects.filter(user_id=user.id)
for ugu in groups_by_user:
user_group = UserGroup.objects.get(id=ugu.user_group.id)
core_services.ldap_delete_group_member(user, user_group)
ugu.delete()
for ag in assigned_groups:
user_group = UserGroup.objects.get(id=ag)
usergroup_user = UserGroupUser(user=user, user_group=user_group)
usergroup_user.save()
core_services.ldap_add_group_member(user, user_group)
return redirect('user_list')
else:
selected_user = User.objects.get(id=int(uid))
groups = auth_utils.get_all_groups_checked_by_user(selected_user)
return render_to_response('user_update.html', {
'uid': uid,
'selected_user': selected_user,
'user': request.user,
'groups': groups
},
context_instance=RequestContext(request))
def user_add(request):
ad_suffix = GVSIGOL_LDAP['AD']
if not ad_suffix:
show_pass_form = True
else:
show_pass_form = False
if request.method == 'POST':
form = UserCreateForm(request.POST)
if form.is_valid():
assigned_groups = []
is_staff = False
if 'is_staff' in form.data:
is_staff = True
is_superuser = False
if 'is_superuser' in form.data:
is_superuser = True
is_staff = True
assigned_groups = []
for key in form.data:
if 'group-' in key:
assigned_groups.append(int(key.split('-')[1]))
try:
if form.data['password1'] == form.data['password2']:
user = User(username=form.data['username'].lower(),
first_name=u''.join(
form.data['first_name']).encode('utf-8'),
last_name=u''.join(
form.data['last_name']).encode('utf-8'),
email=form.data['email'].lower(),
is_superuser=is_superuser,
is_staff=is_staff)
user.set_password(form.data['password1'])
user.save()
#admin_group = UserGroup.objects.get(name__exact='admin')
aux = UserGroup.objects.filter(name="admin")
if aux.count() > 1:
print "WARNING: table gvsigol_auth_usergroup inconsistent !!!!!!!!!!!"
admin_group = aux[0]
if user.is_superuser:
core_services.ldap_add_user(user,
form.data['password1'],
True)
core_services.ldap_add_group_member(user, admin_group)
usergroup_user = UserGroupUser(user=user,
user_group=admin_group)
usergroup_user.save()
else:
core_services.ldap_add_user(user,
form.data['password1'],
False)
#core_services.ldap_add_group_member(user, admin_group)
for ag in assigned_groups:
user_group = UserGroup.objects.get(id=ag)
usergroup_user = UserGroupUser(user=user,
user_group=user_group)
usergroup_user.save()
core_services.ldap_add_group_member(user, user_group)
#User backend
if is_superuser or is_staff:
ugroup = UserGroup(
name='ug_' + form.data['username'].lower(),
description=_(u'User group for') + ': ' +
form.data['username'].lower())
ugroup.save()
ugroup_user = UserGroupUser(user=user,
user_group=ugroup)
ugroup_user.save()
core_services.ldap_add_group(ugroup)
core_services.add_data_directory(ugroup)
core_services.ldap_add_group_member(user, ugroup)
url = mapservice_backend.getBaseUrl() + '/'
ws_name = 'ws_' + form.data['username'].lower()
if mapservice_backend.createWorkspace(
ws_name, url + ws_name, '',
url + ws_name + '/wms', url + ws_name + '/wfs',
url + ws_name + '/wcs',
url + 'gwc/service/wms'):
# save it on DB if successfully created
newWs = Workspace(
name=ws_name,
description='',
uri=url + ws_name,
wms_endpoint=url + ws_name + '/wms',
wfs_endpoint=url + ws_name + '/wfs',
wcs_endpoint=url + ws_name + '/wcs',
cache_endpoint=url + 'gwc/service/wms',
created_by=user.username,
is_public=False)
newWs.save()
ds_name = 'ds_' + form.data['username'].lower()
services_utils.create_datastore(
request, user.username, ds_name, newWs)
mapservice_backend.reload_nodes()
auth_utils.sendMail(user, form.data['password1'])
return redirect('user_list')
except Exception as e:
print "ERROR: Problem creating user " + str(e)
errors = []
#errors.append({'message': _("The username already exists")})
groups = auth_utils.get_all_groups()
return render_to_response(
'user_add.html', {
'form': form,
'groups': groups,
'errors': errors,
'show_pass_form': show_pass_form
},
context_instance=RequestContext(request))
else:
groups = auth_utils.get_all_groups()
return render_to_response('user_add.html', {
'form': form,
'groups': groups,
'show_pass_form': show_pass_form
},
context_instance=RequestContext(request))
else:
form = UserCreateForm()
groups = auth_utils.get_all_groups()
return render_to_response('user_add.html', {
'form': form,
'groups': groups,
'show_pass_form': show_pass_form
},
context_instance=RequestContext(request))