def save_user(username, first_name, last_name, email, roles):
# First check if user is already in DB, and create if not, and update if is
user = User.get_by_username(username)
if not user:
# Create new user if not in database
user = User.create(username=username,
first_name=first_name,
last_name=last_name,
email=email,
roles=roles)
elif user.first_name != first_name or user.last_name != last_name or user.email != email or user.roles != roles:
# Update user if details have changed. Username should never change
user.first_name = first_name
user.last_name = last_name
user.email = email
user.roles = roles
user = User.update(user)
return user
def authenticate(self, username, password):
# TODO: Check if app is able to reach LDAP server
# TODO: Check if user is active in AD
# Try to authenticate user via AD
result = ldap_manager.authenticate(username, password)
if result.status == AuthenticationResponseStatus.success:
# Grab relevant roles for PID (users, superusers, admin)
roles = [
'employees'
] # Add employees for staging server purposes. TODO: Find a better way to manage
for group in result.user_groups:
if group['name'].startswith('plaid-'):
roles.append(group['name'])
# Check if user is part of plaid-users (required to access app)
if current_app.config['PLAID_USERS_GROUP'] not in roles:
flash(
'You are not part of PLAID users group, contact Sean or Jarle if you should have access',
'warning')
return None
user = ldap_manager._save_user(result.user_id,
result.user_info['givenName'],
result.user_info['sn'],
result.user_info['mail'],
', '.join(roles))
return user
else:
# Query local SQLite DB in DEV
if current_app.config['ENV'] is 'dev':
user = User.get_by_username(username)
if user is None:
flash(
'Could not authenticate with AD or find a local user',
'warning')
return None
flash('Logged in as local user', 'info')
return user
else:
flash(
'Could not authenticate your username ({0}) with AD, did you enter correct password?'
.format(self.username.data), 'warning')
return None
return None
def get_tasks_for_user(username, task_type='assigned'):
# TODO: Change this away from this kind of URL, but task table is tricky right now
user = None
if username == 'efab':
settings = Settings.get_settings()
user = settings.efab_user
elif username == 'mfab':
settings = Settings.get_settings()
user = settings.mfab_user
elif username == 'plaid_admin':
settings = Settings.get_settings()
user = settings.plaid_admin
else:
user = User.get_by_username(username)
tasks = Task.find_all_tasks_for_user(user, task_type)
task_columns = Task.__table__.columns._data.keys()
results = []
for task in tasks:
task_dict = {}
for column in task_columns:
if column not in ['assigned_to_id', 'requested_by_id']:
task_dict[column] = getattr(task, column)
task_dict['assigned_to'] = {
'id': task.assigned_to.id,
'get_name': task.assigned_to.get_name(),
'username': task.assigned_to.username
}
task_dict['requested_by'] = {
'id': task.requested_by.id,
'get_name': task.requested_by.get_name(),
'username': task.requested_by.username
}
results.append(task_dict)
return jsonify({
'success': True,
'data': results
}), 200, {
'ContentType': 'application/json'
}
def load_user(username):
"""Load user by usename."""
return User.get_by_username(username)