def setup_ldap(self):
if not self.ldap_profile:
return
stool = getToolByName(self.site, 'portal_setup')
stool = getToolByName(self.site, 'portal_setup')
stool.runAllImportStepsFromProfile(
'profile-{0}'.format(self.ldap_profile))
# Configure credentials from JSON file at
# ~/.opengever/ldap/{hostname}.json
configure_ldap_credentials(self.site)
acl_users = getToolByName(self.site, 'acl_users')
plugins = acl_users.plugins
# disable source_groups when using ldap
for ptype in plugins.listPluginTypeInfo():
try:
plugins.deactivatePlugin(ptype['interface'],
'source_groups')
except KeyError:
pass
# deactivate recursive groups
for ptype in plugins.listPluginTypeInfo():
try:
plugins.deactivatePlugin(ptype['interface'],
'recursive_groups')
except KeyError:
pass
# move ldap up
plugins.movePluginsUp(IPropertiesPlugin, ('ldap',))
plugins.movePluginsUp(IPropertiesPlugin, ('ldap',))
plugins.movePluginsUp(IPropertiesPlugin, ('ldap',))
if not self.is_development_setup:
# Deactivate 'Authentication' capability for LDAP plugin
# In production, auth will always be performed by CAS portal
plugins.deactivatePlugin(IAuthenticationPlugin, 'ldap')
def setup_ldap(self):
if not self.ldap_profile:
return
stool = getToolByName(self.site, 'portal_setup')
stool = getToolByName(self.site, 'portal_setup')
stool.runAllImportStepsFromProfile('profile-{0}'.format(
self.ldap_profile))
# Configure credentials from JSON file at
# ~/.opengever/ldap/{hostname}.json
configure_ldap_credentials(self.site)
acl_users = getToolByName(self.site, 'acl_users')
plugins = acl_users.plugins
# disable source_groups when using ldap
for ptype in plugins.listPluginTypeInfo():
try:
plugins.deactivatePlugin(ptype['interface'], 'source_groups')
except KeyError:
pass
# deactivate recursive groups
for ptype in plugins.listPluginTypeInfo():
try:
plugins.deactivatePlugin(ptype['interface'],
'recursive_groups')
except KeyError:
pass
# move ldap up
plugins.movePluginsUp(IPropertiesPlugin, ('ldap', ))
plugins.movePluginsUp(IPropertiesPlugin, ('ldap', ))
plugins.movePluginsUp(IPropertiesPlugin, ('ldap', ))
if not self.is_development_setup:
# Deactivate 'Authentication' capability for LDAP plugin
# In production, auth will always be performed by CAS portal
plugins.deactivatePlugin(IAuthenticationPlugin, 'ldap')
def __call__(self):
form = self.request.form
session = create_session()
policy_id = form['policy']
client_registry = getUtility(IClientConfigurationRegistry)
config = client_registry.get_policy(policy_id)
# drop sql tables
if form.get('first', False) and config.get('purge_sql', False):
self.drop_sql_tables(session)
ext_profiles = list(EXTENSION_PROFILES)
if config.get('base_profile', None):
ext_profiles.append(config.get('base_profile'))
# create plone site
site = addPloneSite(
self.context,
form['client_id'],
title=form['title'],
profile_id=_DEFAULT_PROFILE,
extension_ids=ext_profiles,
setup_content=False,
default_language=config.get('language', 'de-ch'),
)
# ldap
stool = getToolByName(site, 'portal_setup')
if form.get('ldap', False):
stool = getToolByName(site, 'portal_setup')
stool.runAllImportStepsFromProfile('profile-%s' % form.get('ldap'))
# Configure credentials from JSON file at
# ~/.opengever/ldap/{hostname}.json
configure_ldap_credentials(site)
acl_users = getToolByName(site, 'acl_users')
plugins = acl_users.plugins
# disable source_groups when using ldap
for ptype in plugins.listPluginTypeInfo():
try:
plugins.deactivatePlugin(ptype['interface'],
'source_groups')
except KeyError:
pass
# deactivate recursive groups
for ptype in plugins.listPluginTypeInfo():
try:
plugins.deactivatePlugin(ptype['interface'],
'recursive_groups')
except KeyError:
pass
# move ldap up
plugins.movePluginsUp(IPropertiesPlugin, ('ldap',))
plugins.movePluginsUp(IPropertiesPlugin, ('ldap',))
plugins.movePluginsUp(IPropertiesPlugin, ('ldap',))
if form.get('first', False) and form.get('import_users', False):
print '===== SYNC LDAP ===='
class Object(object):
pass
# Import LDAP users and groups
options = Object()
options.site_root = '/' + form['client_id']
options.update_syncstamp = False
sync_ldap.run_import(self.context, options)
if form.get('configsql'):
# register the client in the ogds
# is the client already configured? -> delete it
clients = session.query(Client).filter_by(
client_id=form['client_id']).all()
if clients:
session.delete(clients[0])
# groups must exist
users_groups = session.query(Group).filter_by(
groupid=form['group'])
inbox_groups = session.query(Group).filter_by(
groupid=form['inbox_group'])
try:
users_group = users_groups[0]
except IndexError:
raise SetupError("User group '%s' could not be found." %
form['group'])
try:
inbox_group = inbox_groups[0]
except IndexError:
raise SetupError("Inbox group '%s' could not be found." %
form['inbox_group'])
active = bool(form.get('active', False))
client = Client(form['client_id'],
enabled=active,
title=form['title'],
ip_address=form['ip_address'],
site_url=form['site_url'],
public_url=form['public_url'],
)
client.users_group = users_group
client.inbox_group = inbox_group
session.add(client)
# create the admin user in the ogds if he not exist
# and add it to the specified user_group
# so we avoid a constraintError in the choice fields
if session.query(User).filter_by(userid=ADMIN_USER_ID).count() == 0:
og_admin_user = User(ADMIN_USER_ID, firstname='OG',
lastname='Administrator', active=True)
session.add(og_admin_user)
else:
og_admin_user = session.query(User).filter_by(
userid=ADMIN_USER_ID).first()
og_admin_user.active = True
users_group = session.query(Group).filter_by(
groupid=form['group']).first()
if og_admin_user not in users_group.users:
users_group.users.append(og_admin_user)
# set the client id in the registry
client_id = form['client_id'].decode('utf-8')
registry = getUtility(IRegistry)
proxy = registry.forInterface(IClientConfiguration)
proxy.client_id = form['client_id'].decode('utf-8')
# set the mail domain in the registry
registry = getUtility(IRegistry)
proxy = registry.forInterface(IMailSettings)
proxy.mail_domain = form['mail_domain'].decode('utf-8')
mail_from_address = self.get_mail_from_address()
site.manage_changeProperties({'email_from_address': mail_from_address,
'email_from_name': client_id})
# set global Member role for the client users group
site.acl_users.portal_role_manager.assignRoleToPrincipal(
'Member', form['group'])
# set global Member role for readers group
if form['reader_group']:
site.acl_users.portal_role_manager.assignRoleToPrincipal(
'Member', form['reader_group'])
# set Role Manager role for rolemanager group
if form['rolemanager_group']:
site.acl_users.portal_role_manager.assignRoleToPrincipal(
'Role Manager', form['rolemanager_group'])
# provide the repository root for opengever.setup:default
repository_root = config.get('repository_root', None)
if repository_root:
self.request.set('repository_root', repository_root)
# import the defaul generic setup profiles if needed
stool = getToolByName(site, 'portal_setup')
for profile in config.get('additional_profiles', ()):
stool.runAllImportStepsFromProfile('profile-%s' % profile)
# set the site title
site.manage_changeProperties(title=form['title'])
# REALLY set the language - the plone4 addPloneSite is really
# buggy with languages.
langCP = getAdapter(site, ILanguageSelectionSchema)
langCP.default_language = 'de-ch'
# the og_admin_user is not longer used so we set him to inactive
og_admin_user.active = False
return 'ok'
def __call__(self):
form = self.request.form
session = create_session()
policy_id = form['policy']
client_registry = getUtility(IClientConfigurationRegistry)
config = client_registry.get_policy(policy_id)
# drop sql tables
if form.get('first', False) and config.get('purge_sql', False):
self.drop_sql_tables(session)
ext_profiles = list(EXTENSION_PROFILES)
if config.get('base_profile', None):
ext_profiles.append(config.get('base_profile'))
# create plone site
site = addPloneSite(
self.context,
form['client_id'],
title=form['title'],
profile_id=_DEFAULT_PROFILE,
extension_ids=ext_profiles,
setup_content=False,
default_language=config.get('language', 'de-ch'),
)
# ldap
stool = getToolByName(site, 'portal_setup')
if form.get('ldap', False):
stool = getToolByName(site, 'portal_setup')
stool.runAllImportStepsFromProfile('profile-%s' % form.get('ldap'))
# Configure credentials from JSON file at
# ~/.opengever/ldap/{hostname}.json
configure_ldap_credentials(site)
acl_users = getToolByName(site, 'acl_users')
plugins = acl_users.plugins
# disable source_groups when using ldap
for ptype in plugins.listPluginTypeInfo():
try:
plugins.deactivatePlugin(ptype['interface'],
'source_groups')
except KeyError:
pass
# deactivate recursive groups
for ptype in plugins.listPluginTypeInfo():
try:
plugins.deactivatePlugin(ptype['interface'],
'recursive_groups')
except KeyError:
pass
# move ldap up
plugins.movePluginsUp(IPropertiesPlugin, ('ldap', ))
plugins.movePluginsUp(IPropertiesPlugin, ('ldap', ))
plugins.movePluginsUp(IPropertiesPlugin, ('ldap', ))
if form.get('first', False) and form.get('import_users', False):
print '===== SYNC LDAP ===='
class Object(object):
pass
# Import LDAP users and groups
options = Object()
options.site_root = '/' + form['client_id']
options.update_syncstamp = False
sync_ldap.run_import(self.context, options)
if form.get('configsql'):
# register the client in the ogds
# is the client already configured? -> delete it
clients = session.query(Client).filter_by(
client_id=form['client_id']).all()
if clients:
session.delete(clients[0])
# groups must exist
users_groups = session.query(Group).filter_by(
groupid=form['group'])
inbox_groups = session.query(Group).filter_by(
groupid=form['inbox_group'])
try:
users_group = users_groups[0]
except IndexError:
raise SetupError("User group '%s' could not be found." %
form['group'])
try:
inbox_group = inbox_groups[0]
except IndexError:
raise SetupError("Inbox group '%s' could not be found." %
form['inbox_group'])
active = bool(form.get('active', False))
client = Client(
form['client_id'],
enabled=active,
title=form['title'],
ip_address=form['ip_address'],
site_url=form['site_url'],
public_url=form['public_url'],
)
client.users_group = users_group
client.inbox_group = inbox_group
session.add(client)
# create the admin user in the ogds if he not exist
# and add it to the specified user_group
# so we avoid a constraintError in the choice fields
if session.query(User).filter_by(userid=ADMIN_USER_ID).count() == 0:
og_admin_user = User(ADMIN_USER_ID,
firstname='OG',
lastname='Administrator',
active=True)
session.add(og_admin_user)
else:
og_admin_user = session.query(User).filter_by(
userid=ADMIN_USER_ID).first()
og_admin_user.active = True
users_group = session.query(Group).filter_by(
groupid=form['group']).first()
if og_admin_user not in users_group.users:
users_group.users.append(og_admin_user)
# set the client id in the registry
client_id = form['client_id'].decode('utf-8')
registry = getUtility(IRegistry)
proxy = registry.forInterface(IClientConfiguration)
proxy.client_id = form['client_id'].decode('utf-8')
# set the mail domain in the registry
registry = getUtility(IRegistry)
proxy = registry.forInterface(IMailSettings)
proxy.mail_domain = form['mail_domain'].decode('utf-8')
mail_from_address = self.get_mail_from_address()
site.manage_changeProperties({
'email_from_address': mail_from_address,
'email_from_name': client_id
})
# set global Member role for the client users group
site.acl_users.portal_role_manager.assignRoleToPrincipal(
'Member', form['group'])
# set global Member role for readers group
if form['reader_group']:
site.acl_users.portal_role_manager.assignRoleToPrincipal(
'Member', form['reader_group'])
# set Role Manager role for rolemanager group
if form['rolemanager_group']:
site.acl_users.portal_role_manager.assignRoleToPrincipal(
'Role Manager', form['rolemanager_group'])
# provide the repository root for opengever.setup:default
repository_root = config.get('repository_root', None)
if repository_root:
self.request.set('repository_root', repository_root)
# import the defaul generic setup profiles if needed
stool = getToolByName(site, 'portal_setup')
for profile in config.get('additional_profiles', ()):
stool.runAllImportStepsFromProfile('profile-%s' % profile)
# set the site title
site.manage_changeProperties(title=form['title'])
# REALLY set the language - the plone4 addPloneSite is really
# buggy with languages.
langCP = getAdapter(site, ILanguageSelectionSchema)
langCP.default_language = 'de-ch'
# the og_admin_user is not longer used so we set him to inactive
og_admin_user.active = False
return 'ok'
