def post(self, request, format=None):
"""
Create an OU.
ou -- (REQUIRED) The organizational unit to create.
"""
if settings.READ_ONLY:
return Response(error_dict(msg="Read-only service."),
status=status.HTTP_400_BAD_REQUEST)
if settings.CHECK_JWT and settings.CHECK_USER_ADMIN_ROLE and not request.service_admin:
return Response(error_dict(msg="Access denied."),
status=status.HTTP_401_UNAUTHORIZED)
try:
ou.create_ou(request.POST.get('ou'))
if settings.CREATE_NOTIFICATIONS:
ou_uuid = settings.TENANT_UUID + "-" + ou + "-" + settings.BEANSTALK_SRV_CODE
ou_body = {"name": ou, "uuid": ou_uuid}
create_generic_notification(ou_uuid, "CREATED",
request.username, ou_body,
settings.TENANT_ID)
except Exception as e:
return Response(
error_dict(msg="Error trying to create OU: " + str(e)))
finally:
db.close_connection()
return Response(success_dict(msg="OU created successfully."))
def get(self, request, tenant=None, format=None):
"""
List all users.
"""
if settings.MULTI_TENANT:
util.multi_tenant_setup(tenant)
print "DN:", LdapUser.base_dn
filter_dict = util.get_filter(request)
if filter_dict:
users = LdapUser.objects.filter(**filter_dict)
else:
users = LdapUser.objects.all()
limit, offset = util.get_page_parms(request)
if limit > 0:
users = users[offset:offset + limit]
serializer = LdapUserSerializer(users, many=True)
for user in serializer.data:
# remove password from data:
user.pop('password', None)
# remove unused uid field as well:
user.pop('uid', None)
db.close_connection()
return Response(
success_dict(msg="Users retrieved successfully.",
result=serializer.data,
query_dict=request.GET))
def get(self, request, username, tenant=None, format=None):
"""
Retrieve user details
"""
if settings.MULTI_TENANT:
util.multi_tenant_setup(tenant)
if request.username and username == "me":
username = request.username
# LdapUser.base_dn = util.get_base_db(request)
try:
user = LdapUser.objects.get(username=username)
except Exception:
return Response(error_dict(msg="Error retrieving user details.",
query_dict=request.GET),
status=status.HTTP_404_NOT_FOUND)
finally:
db.close_connection()
serializer = LdapUserSerializer(user)
# remove password from data:
serializer.data.pop('password', None)
# remove unused uid field as well
serializer.data.pop('uid', None)
return Response(
success_dict(result=serializer.data,
msg="User details retrieved successfully.",
query_dict=request.GET))
def delete(self, request, username, tenant=None, format="json"):
"""
Delete user
"""
if settings.READ_ONLY:
return Response(error_dict(msg="Read-only service.",
query_dict=request.GET),
status=status.HTTP_400_BAD_REQUEST)
if settings.MULTI_TENANT:
util.multi_tenant_setup(tenant)
if settings.CHECK_JWT and settings.CHECK_USER_ADMIN_ROLE and not request.service_admin:
if not username == request.username:
return Response(error_dict(msg="Access denied.",
query_dict=request.GET),
status=status.HTTP_401_UNAUTHORIZED)
try:
user = LdapUser.objects.get(username=username)
except Exception:
db.close_connection()
return Response(error_dict(
msg="Error deleting user: account not found.",
query_dict=request.GET),
status=status.HTTP_404_NOT_FOUND)
data = {}
if settings.CREATE_NOTIFICATIONS:
serializer = LdapUserSerializer(user)
# remove password from data:
serializer.data.pop('password', None)
# remove unused uid field as well
serializer.data.pop('uid', None)
# add user uuid for use in the notification
serializer.data.push('uuid', build_profile_uuid(username))
data = serializer.data
try:
user.delete()
except Exception:
errorMessage = "Error deleting user: ldap server rejected deleting " + user
logging.error(errorMessage)
return Response(error_dict(msg=errorMessage,
query_dict=request.GET),
status=status.HTTP_500_INTERNAL_SERVER_ERROR)
finally:
db.close_connection()
if settings.CREATE_NOTIFICATIONS:
create_notification(username, "DELETED", request.username,
serializer.data)
return Response(
success_dict(msg="User deleted successfully.",
query_dict=request.GET))
def post(self, request, tenant=None, format=None):
"""
Create a new user.
username -- (REQUIRED) The username for the account
password -- (REQUIRED) The password for the account
email -- (REQUIRED) email address
first_name -- first name
last_name -- last name
phone -- phone number
mobile_phone -- mobile phone number
"""
if settings.READ_ONLY:
return Response(error_dict(msg="Read-only service.",
query_dict=request.GET),
status=status.HTTP_400_BAD_REQUEST)
if settings.MULTI_TENANT:
util.multi_tenant_setup(tenant)
if settings.CHECK_JWT and settings.CHECK_USER_ADMIN_ROLE and not request.service_admin:
return Response(error_dict(msg="Access denied.",
query_dict=request.GET),
status=status.HTTP_401_UNAUTHORIZED)
serializer = LdapUserSerializer(data=request.DATA)
# password only required on POST
if not request.DATA.get("password"):
serializer.errors['password'] = ["This field is required."]
if request.DATA.get('username') == "me":
serializer.errors['username'] = [
"me is a reserved and cannot be used for a username."
]
if serializer.is_valid():
try:
util.save_ldap_user(serializer=serializer)
except Error as e:
return Response(
error_dict(msg=e.message, query_dict=request.GET),
status.HTTP_400_BAD_REQUEST)
finally:
db.close_connection()
serializer.data.pop("create_time", None)
serializer.data.pop('password', None)
# New user is activated right away when created via the API
if settings.CREATE_NOTIFICATIONS:
create_notification(request.DATA.get('username'), "CREATED",
request.username, serializer.data)
create_notification(request.DATA.get('username'), "ACTIVATED",
request.username, serializer.data)
return Response(success_dict(msg="User created successfully.",
result=serializer.data,
query_dict=request.GET),
status=status.HTTP_201_CREATED)
return Response(
error_dict(result=serializer.errors,
msg="Error creating user.",
query_dict=request.GET), status.HTTP_400_BAD_REQUEST)
def get(self, request, format=None):
"""
List OUs in the LDAP db
"""
if settings.CHECK_JWT and settings.CHECK_USER_ADMIN_ROLE and not request.service_admin:
return Response(error_dict(msg="Access denied."),
status=status.HTTP_401_UNAUTHORIZED)
try:
ous = ou.get_ous()
except Exception as e:
return Response(error_dict(msg="Error retrieving OUs: " + str(e)))
finally:
db.close_connection()
return Response(
success_dict(msg="Organizational Units retrieved successfully.",
result=ous.values()))
def put(self, request, username, tenant=None, format=None):
"""
Update user details
email -- (REQUIRED) email address
password -- The password for the account; should only be passed when updating the password.
first_name -- first name
last_name -- last name
phone -- phone number
mobile_phone -- mobile phone number
"""
if settings.READ_ONLY:
return Response(error_dict(msg="Read-only service.",
query_dict=request.GET),
status=status.HTTP_400_BAD_REQUEST)
if settings.MULTI_TENANT:
util.multi_tenant_setup(tenant)
if settings.CHECK_JWT and settings.CHECK_USER_ADMIN_ROLE and not request.service_admin:
if not username == request.username:
return Response(error_dict(msg="Access denied.",
query_dict=request.GET),
status=status.HTTP_401_UNAUTHORIZED)
try:
user = LdapUser.objects.get(username=username)
except Exception:
db.close_connection()
return Response(error_dict(
msg="Error retrieving user details: account not found.",
query_dict=request.GET),
status=status.HTTP_404_NOT_FOUND)
# we need to add username to the dictionary for serialization, but request.DATA is
# immutable for PUT requests from some clients (e.g.curl)
data = request.DATA.copy()
data['username'] = user.username
serializer = LdapUserSerializer(user, data=data)
if serializer.is_valid():
try:
util.save_ldap_user(serializer=serializer)
except Error as e:
return Response(
error_dict(msg=e.message, query_dict=request.GET),
status.HTTP_400_BAD_REQUEST)
finally:
db.close_connection()
#remove password from data:
serializer.data.pop('password', None)
# add user uuid for use in the notification
if settings.CREATE_NOTIFICATIONS:
create_generic_notification(username, "UPDATED",
request.username, serializer.data)
return Response(success_dict(result=serializer.data,
msg="User updated successfully.",
query_dict=request.GET),
status=status.HTTP_201_CREATED)
return Response(error_dict(msg="Error updating user.",
result=serializer.errors,
query_dict=request.GET),
status=status.HTTP_400_BAD_REQUEST)