def update(entity):
try:
attrs = {}
if entity.description:
attrs.update(
{global_ids.DESC: [(MOD_REPLACE, [entity.description])]})
# list of srings:
if entity.props is not None and len(entity.props) > 0:
attrs.update({global_ids.PROPS: [(MOD_REPLACE, [entity.props])]})
# list of comma delimited strings:
if entity.constraint is not None:
attrs.update({
global_ids.CONSTRAINT:
[(MOD_REPLACE, [entity.constraint.get_raw()])]
})
if len(attrs) > 0:
conn = ldaphelper.open()
conn.modify_s(__get_dn(entity), mods_to_modlist(attrs))
except ldap.NO_SUCH_OBJECT:
raise NotFound(msg='Role update failed, not found:' + entity.name,
id=global_ids.ROLE_NOT_FOUND)
except ldap.LDAPError as e:
raise RbacError('Role update failed result=' + str(e),
global_ids.ROLE_UPDATE_FAILED)
except Exception as e:
raise RbacError(msg='Role update error=' + str(e),
id=global_ids.ROLE_UPDATE_FAILED)
return entity
def assign(entity, constraint):
try:
attrs = {}
if constraint is not None:
attrs.update({ROLE_CONSTRAINTS: [(MOD_ADD, constraint.get_raw())]})
attrs.update({ROLES: [(MOD_ADD, constraint.name)]})
if len(attrs) > 0:
conn = ldaphelper.open()
conn.modify_s(__get_dn(entity), mods_to_modlist(attrs))
except ldap.NO_SUCH_OBJECT:
raise RbacError(msg='User assign failed, not found:' + entity.uid,
id=global_ids.USER_NOT_FOUND)
except ldap.LDAPError as e:
raise RbacError(msg='User assign failed result=' + str(e),
id=global_ids.URLE_ASSIGN_FAILED)
except Exception as e:
raise RbacError(msg='User assign error=' + str(e),
id=global_ids.URLE_ASSIGN_FAILED)
return entity
def remove_member(entity, uid):
try:
attrs = {}
if uid:
user_dn = __get_user_dn(uid)
attrs.update({MEMBER: [(MOD_DELETE, user_dn)]})
conn = ldaphelper.open()
conn.modify_s(__get_dn(entity), mods_to_modlist(attrs))
except ldap.NO_SUCH_ATTRIBUTE:
raise RbacError(msg='Remove member failed, not assigned, role=' +
entity.name + ', member dn=' + user_dn,
id=global_ids.URLE_ASSIGN_NOT_EXIST)
except ldap.LDAPError as e:
raise RbacError(msg='Remove member failed result=' + str(e),
id=global_ids.ROLE_REMOVE_OCCUPANT_FAILED)
except Exception as e:
raise RbacError(msg='Remove member error=' + str(e),
id=global_ids.ROLE_REMOVE_OCCUPANT_FAILED)
return entity
def add_member(entity, uid):
try:
attrs = {}
if uid:
user_dn = __get_user_dn(uid)
attrs.update({MEMBER: [(MOD_ADD, user_dn)]})
conn = ldaphelper.open()
conn.modify_s(__get_dn(entity), mods_to_modlist(attrs))
except ldap.NO_SUCH_OBJECT:
raise NotFound(msg='Add member failed, not found, role=' +
entity.name + ', member dn=' + user_dn,
id=global_ids.ROLE_NOT_FOUND)
except ldap.LDAPError as e:
raise RbacError(msg='Add member failed result=' + str(e),
id=global_ids.ROLE_USER_ASSIGN_FAILED)
except Exception as e:
raise RbacError(msg='Add member error=' + str(e),
id=global_ids.ROLE_USER_ASSIGN_FAILED)
return entity
def update(entity):
try:
attrs = {}
# strings:
if entity.cn:
attrs.update({global_ids.CN: [(MOD_REPLACE, [entity.cn])]})
if entity.sn:
attrs.update({global_ids.SN: [(MOD_REPLACE, [entity.sn])]})
if entity.password:
attrs.update({PW: [(MOD_REPLACE, [entity.password])]})
if entity.description:
attrs.update(
{global_ids.DESC: [(MOD_REPLACE, [entity.description])]})
if entity.ou:
attrs.update({global_ids.OU: [(MOD_REPLACE, [entity.ou])]})
if entity.display_name:
attrs.update(
{DISPLAY_NAME: [(MOD_REPLACE, [entity.display_name])]})
if entity.employee_type:
attrs.update(
{EMPLOYEE_TYPE: [(MOD_REPLACE, entity.employee_type)]})
if entity.title:
attrs.update({TITLE: [(MOD_REPLACE, [entity.title])]})
if entity.department_number:
attrs.update({DEPT_NUM: [(MOD_REPLACE, entity.department_number)]})
if entity.l:
attrs.update({LOCATION: [(MOD_REPLACE, entity.l)]})
if entity.physical_delivery_office_name:
attrs.update({
PHYSICAL_OFFICE_NM:
[(MOD_REPLACE, entity.physical_delivery_office_name)]
})
if entity.postal_code:
attrs.update({POSTAL_CODE: [(MOD_REPLACE, entity.postal_code)]})
if entity.room_number:
attrs.update({RM_NUM: [(MOD_REPLACE, entity.room_number)]})
if entity.pw_policy:
attrs.update({PW_POLICY: [(MOD_REPLACE, entity.pw_policy)]})
# list of strings:
if entity.phones is not None and len(entity.phones) > 0:
attrs.update({TELEPHONE_NUMBER: [(MOD_REPLACE, entity.phones)]})
if entity.mobiles is not None and len(entity.mobiles) > 0:
attrs.update({MOBILE: [(MOD_REPLACE, entity.mobiles)]})
if entity.emails is not None and len(entity.emails) > 0:
attrs.update({MAIL: [(MOD_REPLACE, entity.emails)]})
if entity.system is not None:
attrs.update({
IS_SYSTEM:
[(MOD_REPLACE, 'TRUE' if entity.system else 'FALSE')]
})
# list of delimited strings::
if entity.constraint is not None:
attrs.update({
global_ids.CONSTRAINT:
[(MOD_REPLACE, entity.constraint.get_raw())]
})
# boolean:
if entity.props is not None and len(entity.props) > 0:
attrs.update({global_ids.PROPS: [(MOD_REPLACE, entity.props)]})
if len(attrs) > 0:
conn = ldaphelper.open()
conn.modify_s(__get_dn(entity), mods_to_modlist(attrs))
except ldap.NO_SUCH_OBJECT:
raise NotFound(msg='User update failed, not found:' + entity.name,
id=global_ids.USER_UPDATE_FAILED)
except ldap.LDAPError as e:
raise RbacError(msg='User update failed result=' + str(e),
id=global_ids.USER_UPDATE_FAILED)
except Exception as e:
raise RbacError(msg='User update error=' + str(e),
id=global_ids.USER_UPDATE_FAILED)
return entity