Exemple #1
0
 def get_data(self):
     users = []
     domain_context = self.request.session.get('domain_context', None)
     if policy.check((("identity", "identity:list_users"),),
                     self.request):
         try:
             if is_m1_user_admin(self.request):
                 ksclient = get_admin_ksclient()
                 users = ksclient.users.list()
             else:
                 users = api.keystone.user_list(self.request,
                                                domain=domain_context)
         except Exception:
             exceptions.handle(self.request,
                               _('Unable to retrieve user list.'))
     elif policy.check((("identity", "identity:get_user"),),
                       self.request):
         try:
             if is_m1_user_admin(self.request):
                 ksclient = get_admin_ksclient()
                 user = ksclient.users.get(self.request.user.id)
                 user = api.keystone.VERSIONS.upgrade_v2_user(user)
                 
             else:
                 user = api.keystone.user_get(self.request,
                                              self.request.user.id)
             users.append(user)
         except Exception:
             exceptions.handle(self.request,
                               _('Unable to retrieve user information.'))
     else:
         msg = _("Insufficient privilege level to view user information.")
         messages.info(self.request, msg)
     return users
Exemple #2
0
 def action(self, request, obj_id):
     if obj_id == request.user.id:
         messages.info(request, _('You cannot disable the user you are '
                                  'currently logged in as.'))
         return
     if self.enabled:
         if is_m1_user_admin(request):
             ksclient = get_admin_ksclient()
             if api.keystone.VERSIONS.active < 3:
                 ksclient.users.update_enabled(obj_id, False)
             else:
                 ksclient.users.update(obj_id, enabled=False)
         else:
             api.keystone.user_update_enabled(request, obj_id, False)
     
         self.current_past_action = DISABLE
     else:
         if is_m1_user_admin(request):
             ksclient = get_admin_ksclient()
             if api.keystone.VERSIONS.active < 3:
                 ksclient.users.update_enabled(obj_id, True)
             else:
                 ksclient.users.update(obj_id, enabled=True)
         else:
             api.keystone.user_update_enabled(request, obj_id, True)
             
         self.current_past_action = ENABLE
Exemple #3
0
    def get_context_data(self, **kwargs):
        context = super(DetailView, self).get_context_data(**kwargs)
        user = self.get_data()
        tenant = self.get_tenant(user.project_id)
        table = project_tables.UsersTable(self.request)
        domain_id = getattr(user, "domain_id", None)
        domain_name = ''
        if api.keystone.VERSIONS.active >= 3:
            try:
                if is_m1_user_admin(self.request):
                    ksclient = get_admin_ksclient()
                    domain = ksclient.domains.get(domain_id)
                else:
                    domain = api.keystone.domain_get(self.request, domain_id)
                    
                domain_name = domain.name
            except Exception:
                exceptions.handle(self.request,
                                  _('Unable to retrieve project domain.'))

        context["user"] = user
        if tenant:
            context["tenant_name"] = tenant.name
        context["domain_id"] = domain_id
        context["domain_name"] = domain_name
        context["url"] = self.get_redirect_url()
        context["actions"] = table.render_row_actions(user)
        return context
Exemple #4
0
 def get_initial(self):
     try:
         user = self.get_object()
         domain_id = getattr(user, "domain_id", None)
         domain_name = ''
     except Exception as e:
         print '********'
         print e
         print '********'
         
     # Retrieve the domain name where the project belong
     if api.keystone.VERSIONS.active >= 3:
         try:
             if is_m1_user_admin(self.request):
                 ksclient = get_admin_ksclient()
                 domain = ksclient.domains.get(domain_id)
             else:
                 domain = api.keystone.domain_get(self.request,
                                                  domain_id)
             domain_name = domain.name
         except Exception:
             exceptions.handle(self.request,
                               _('Unable to retrieve project domain.'))
     return {'domain_id': domain_id,
             'domain_name': domain_name,
             'id': user.id,
             'name': user.name,
             'project': user.project_id,
             'email': getattr(user, 'email', None),
             'first_name': getattr(user, 'first_name', None),
             'last_name': getattr(user, 'last_name', None),
             'phone': getattr(user, 'phone', None)}
Exemple #5
0
 def get_data(self, request, user_id):
     if is_m1_user_admin(request):
         ksclient = get_admin_ksclient()
         user = ksclient.users.get(user_id)
         user_info = api.keystone.VERSIONS.upgrade_v2_user(user)
     else:
         user_info = api.keystone.user_get(request, user_id, admin=True)
     return user_info
Exemple #6
0
    def __init__(self, request, *args, **kwargs):
        super(BaseUserForm, self).__init__(request, *args, **kwargs)

        # Populate project choices
        project_choices = []

        # If the user is already set (update action), list only projects which
        # the user has access to.
        user_id = kwargs['initial'].get('id', None)
        domain_id = kwargs['initial'].get('domain_id', None)

        if is_m1_user_admin(request):
            ksclient = get_admin_ksclient()

            page_size = utils.get_page_size(request)
            limit = None
            marker = None
            filters = None
            paginate = False

            if paginate:
                limit = page_size + 1

            has_more = False

            # if requesting the projects for the current user,
            # return the list from the cache
            if user_id == request.user.id:
                projects = request.user.authorized_tenants
            elif api.keystone.VERSIONS.active < 3:
                projects = ksclient.tenants.list(limit, marker)
                if paginate and len(projects) > page_size:
                    projects.pop(-1)
                    has_more = True
            else:
                kwargs = {"domain": domain_id, "user": user_id}
                if filters is not None:
                    kwargs.update(filters)
                projects = ksclient.projects.list(**kwargs)
        else:
            projects, has_more = api.keystone.tenant_list(request,
                                                          domain=domain_id,
                                                          user=user_id)
        for project in projects:
            if project.enabled:
                project_choices.append((project.id, project.name))
        if not project_choices:
            project_choices.insert(0, ('', _("No available projects")))
        elif len(project_choices) > 1:
            project_choices.insert(0, ('', _("Select a project")))
        self.fields['project'].choices = project_choices
Exemple #7
0
 def get_object(self):
     try:
         if is_m1_user_admin(self.request):
             ksclient = get_admin_ksclient()
             user = ksclient.users.get(self.kwargs['user_id'])
             return api.keystone.VERSIONS.upgrade_v2_user(user)
         else:
             return api.keystone.user_get(self.request, self.kwargs['user_id'],
                                      admin=True)
     except Exception:
         redirect = reverse("horizon:identity:xusers:index")
         exceptions.handle(self.request,
                           _('Unable to retrieve user information.'),
                           redirect=redirect)
Exemple #8
0
 def get_tenant(self, project_id):
     tenant = None
     if project_id:
         try:
             if is_m1_user_admin(self.request):
                 ksclient = get_admin_ksclient()
                 #FIXME: Need to add Keystone V3 code also
                 tenant = ksclient.tenants.get(project_id)
             else:
                 tenant = api.keystone.tenant_get(self.request, project_id)
         except Exception as e:
             msg = ('Failed to get tenant %(project_id)s: %(reason)s' %
                    {'project_id': project_id, 'reason': e})
             LOG.error(msg)
     return tenant
Exemple #9
0
 def get_data(self):
     try:
         user_id = self.kwargs['user_id']
         #user = api.keystone.user_get(self.request, user_id)
         if is_m1_user_admin(self.request):
             ksclient = get_admin_ksclient()
             user = ksclient.users.get(user_id)
             user = api.keystone.VERSIONS.upgrade_v2_user(user)
         else:
             user = api.keystone.user_get(self.request, user_id)
         
     except Exception:
         redirect = self.get_redirect_url()
         exceptions.handle(self.request,
                           _('Unable to retrieve user details.'),
                           redirect=redirect)
     return user
Exemple #10
0
    def handle(self, request, data):
        user_id = data.pop('id')
        password = data.pop('password')
        admin_password = None

        # Throw away the password confirmation, we're done with it.
        data.pop('confirm_password', None)

        # Verify admin password before changing user password
        if getattr(settings, 'ENFORCE_PASSWORD_CHECK', False):
            admin_password = data.pop('admin_password')
            if not api.keystone.user_verify_admin_password(
                    request, admin_password):
                self.api_error(_('The admin password is incorrect.'))
                return False

        try:
            if is_m1_user_admin(request):
                ksclient = get_admin_ksclient()

                if api.keystone.VERSIONS.active < 3:
                    response = ksclient.users.update_password(
                        user_id, password)
                else:
                    response = ksclient.users.update(user_id,
                                                     password=password)
            else:
                response = api.keystone.user_update_password(
                    request, user_id, password)

            if user_id == request.user.id:
                return utils.logout_with_message(
                    request,
                    _('Password changed. Please log in to continue.'),
                    redirect=False)
            messages.success(request,
                             _('User password has been updated successfully.'))
        except Exception:
            response = exceptions.handle(request, ignore=True)
            messages.error(request, _('Unable to update the user password.'))

        if isinstance(response, http.HttpResponse):
            return response
        else:
            return True
Exemple #11
0
    def get_form_kwargs(self):
        kwargs = super(CreateView, self).get_form_kwargs()
        
        try:

            if is_m1_user_admin(self.request):
                ksclient = get_admin_ksclient()
                roles = ksclient.roles.list()
            else:
                roles = api.keystone.role_list(self.request)
        except Exception:
            redirect = reverse("horizon:identity:xusers:index")
            exceptions.handle(self.request,
                              _("Unable to retrieve user roles."),
                              redirect=redirect)
        roles.sort(key=operator.attrgetter("id"))
        kwargs['roles'] = roles
        return kwargs
Exemple #12
0
    def update_cell(self, request, datum, user_id,
                    cell_name, new_cell_value):
        try:
            user_obj = datum
            setattr(user_obj, cell_name, new_cell_value)
            kwargs = {}
            attr_to_keyword_map = {
                'name': 'name',
                'description': 'description',
                'email': 'email',
                'enabled': 'enabled',
                'project_id': 'project'
            }
            for key in attr_to_keyword_map:
                value = getattr(user_obj, key, None)
                keyword_name = attr_to_keyword_map[key]
                if value is not None:
                    kwargs[keyword_name] = value
                    
            if is_m1_user_admin(request):
                ksclient = get_admin_ksclient()
                if api.keystone.VERSIONS.active < 3:
                    project = kwargs.pop('project')
                    user = ksclient.users.update(user_obj, **kwargs)
                    ksclient.users.update_tenant(user, project)
                    user.tenantId = project
                    user_roles =  ksclient.roles.roles_for_user(user, project)
                    if not user_roles:
                        messages.warning(request, _('User %s has no role defined for '
                                                    'that project.')
                                                   % kwargs.get('name', None))
                else:
                    ksclient.users.update(user_obj, **kwargs)
            else:        
                api.keystone.user_update(request, user_obj, **kwargs)

        except horizon_exceptions.Conflict:
            message = _("This name is already taken.")
            messages.warning(request, message)
            raise django_exceptions.ValidationError(message)
        except Exception:
            horizon_exceptions.handle(request, ignore=True)
            return False
        return True
Exemple #13
0
    def handle(self, request, data):
        user = data.pop('id')

        data.pop('domain_id')
        data.pop('domain_name')
        try:
            if "email" in data:
                data['email'] = data['email'] or None

            if is_m1_user_admin(request):
                ksclient = get_admin_ksclient()
                ksclient.users.update(user, **data)
                if api.keystone.VERSIONS.active < 3:
                    project = data.pop('project')
                    user = ksclient.users.update(user, **data)
                    response = ksclient.users.update_tenant(user, project)
                    user.tenantId = project
                    user_roles = ksclient.roles.roles_for_user(user, project)
                    if not user_roles:
                        messages.warning(
                            request,
                            _('User %s has no role defined for '
                              'that project.') % data.get('name', None))
                else:
                    response = ksclient.users.update(user, **data)
            else:
                response = api.keystone.user_update(request, user, **data)

            messages.success(request, _('User has been updated successfully.'))
        except exceptions.Conflict:
            msg = _('User name "%s" is already used.') % data['name']
            messages.error(request, msg)
            return False
        except Exception:
            response = exceptions.handle(request, ignore=True)
            messages.error(request, _('Unable to update the user.'))

        if isinstance(response, http.HttpResponse):
            return response
        else:
            return True
Exemple #14
0
 def get_initial(self):
     # Set the domain of the user
     #Haven't replaced the below line as keystonelcient call wasn't 
     #seen inside get_default_domain method() within keystone.py file
     domain = api.keystone.get_default_domain(self.request)
     
     if is_m1_user_admin(self.request):
         default = None
         default_role = None
         ksclient = get_admin_ksclient()
         default = getattr(settings, "OPENSTACK_KEYSTONE_DEFAULT_ROLE", None)
         roles = ksclient.roles.list()
         
         for role in roles:
             if role.id == default or role.name == default:
                 default_role = role
                 break
     else:
         default_role = api.keystone.get_default_role(self.request)
     return {'domain_id': domain.id,
             'domain_name': domain.name,
             'role_id': getattr(default_role, "id", None)}
Exemple #15
0
 def delete(self, request, obj_id):
     if is_m1_user_admin(request):
         ksclient = get_admin_ksclient()
         ksclient.users.delete(obj_id)
     else:
         api.keystone.user_delete(request, obj_id)
Exemple #16
0
    def handle(self, request, data):
        domain = api.keystone.get_default_domain(self.request)
        try:
            LOG.info('Creating user with name "%s"' % data['name'])
            desc = data["description"]
            if "email" in data:
                data['email'] = data['email'] or None

            if is_m1_user_admin(request):
                ksclient = get_admin_ksclient()
                if api.keystone.VERSIONS.active < 3:
                    new_user = ksclient.users.create(name=data['name'], \
                                                     password=data['password'], \
                                                     tenant_id=data['project'], \
                                                     email=data['email'], \
                                                     enabled=data['enabled'])
                else:
                    new_user = ksclient.users.create(name=data['name'], \
                                                     password=data['password'], \
                                                     project=data['project'], \
                                                     email=data['email'], \
                                                     enabled=data['enabled'], \
                                                     domain=domain.id, \
                                                     description=desc)

            else:
                new_user = \
                    api.keystone.user_create(request,
                                             name=data['name'],
                                             email=data['email'],
                                             description=desc,
                                             password=data['password'],
                                             project=data['project'] or None,
                                             enabled=data['enabled'],
                                             domain=domain.id)

            messages.success(
                request,
                _('User "%s" was successfully created.') % data['name'])
            if data['project'] and data['role_id']:
                if is_m1_user_admin(request):
                    ksclient = get_admin_ksclient()
                    roles = []
                    if api.keystone.VERSIONS.active < 3:
                        roles = ksclient.roles.roles_for_user(
                            new_user.id, data['project'])
                    else:
                        roles = ksclient.roles.list(user=new_user.id, \
                                                    domain=domain.id, \
                                                    project = data['project'])
                else:
                    roles = api.keystone.roles_for_user(
                        request, new_user.id, data['project']) or []

                assigned = [
                    role for role in roles if role.id == str(data['role_id'])
                ]
                if not assigned:
                    try:
                        if is_m1_user_admin(request):
                            ksclient = get_admin_ksclient()
                            if api.keystone.VERSIONS.active < 3:
                                ksclient.roles.add_user_role(
                                    new_user.id, data['role_id'],
                                    data['project'])
                            else:
                                ksclient.roles.grant(data['role_id'],
                                                     user=new_user.id,
                                                     project=data['project'],
                                                     domain=domain.id)
                        else:
                            api.keystone.add_tenant_user_role(
                                request, data['project'], new_user.id,
                                data['role_id'])
                    except Exception:
                        exceptions.handle(
                            request,
                            _('Unable to add user '
                              'to primary project.'))
            return new_user
        except exceptions.Conflict:
            msg = _('User name "%s" is already used.') % data['name']
            messages.error(request, msg)
        except Exception:
            exceptions.handle(request, _('Unable to create user.'))