def valid_form_user(ldap, request, cn, uidNumber, employeeNumber, mail, edit=False): # Valid is_valid = True if not edit: try: ldap.get_user(cn) is_valid = False messages.add_message( request, messages.WARNING, ldap_messages.get("error_duplicated_name_user") % cn) except LDAPError: pass for usr in get_users(ldap): if edit and cn == usr.get("cn"): continue if uidNumber == usr.get("uidNumber"): is_valid = False messages.add_message(request, messages.WARNING, ldap_messages.get( "error_duplicated_uidNumber_user") % uidNumber) if employeeNumber == usr.get("employeeNumber"): is_valid = False messages.add_message(request, messages.WARNING, ldap_messages.get( "error_duplicated_employeeNumber_user") % employeeNumber) if mail == usr.get("mail"): is_valid = False messages.add_message(request, messages.WARNING, ldap_messages.get( "error_duplicated_mail_user") % mail) return is_valid
def ajax_unlock_user(request): ldap = Ldap(AuthSession(request.session).get_user().get_username()) status_code = 500 try: cn = request.GET['cn'] ldap.unlock_user(cn) status_code = 200 messages.add_message( request, messages.SUCCESS, ldap_messages.get("success_unlock_user") % cn) except LDAPNotFoundError, e: messages.add_message( request, messages.ERROR, ldap_messages.get("invalid_user") % cn)
def add_group_form(request): try: lists = dict() ldap = Ldap(AuthSession(request.session).get_user().get_username()) users_list = get_users(ldap) if request.method == "POST": form = GroupForm(users_list, request.POST) if form.is_valid(): cn = str(form.cleaned_data['cn']) gidNumber = str(form.cleaned_data['gidNumber']) member_uid = form.cleaned_data['member_uid'] if valid_form_group(ldap, request, cn, gidNumber): ldap.add_group(cn, gidNumber, member_uid) messages.add_message( request, messages.SUCCESS, ldap_messages.get("success_insert_group")) return redirect('ldap.group.list') else: form = GroupForm( users_list, initial={'gidNumber': gidNumber_suggest(ldap)}) except LDAPError, e: logger.error(e) messages.add_message(request, messages.ERROR, e)
def delete_sudoer_all(request): if request.method == 'POST': ldap = Ldap(AuthSession(request.session).get_user().get_username()) form = DeleteForm(request.POST) if form.is_valid(): # All cns to be deleted cns = split_to_array(form.cleaned_data['ids']) # All messages to display error_list = list() # Control others exceptions have_errors = False # For each sudoer selected to remove for cn in cns: try: ldap.rem_sudoer(cn) except LDAPNotFoundError, e: error_list.append(cn) have_errors = True except LDAPError, e: logger.error(e) messages.add_message(request, messages.ERROR, e) have_errors = True break # If cant remove nothing if len(error_list) == len(cns): messages.add_message( request, messages.ERROR, error_messages.get("can_not_remove_all")) # If cant remove someones elif len(error_list) > 0: msg = "" for id_error in error_list: msg = msg + id_error + ", " msg = error_messages.get("can_not_remove") % msg[:-2] messages.add_message(request, messages.WARNING, msg) # If all has ben removed elif have_errors == False: messages.add_message( request, messages.SUCCESS, ldap_messages.get("success_remove_sudoer")) else: messages.add_message( request, messages.SUCCESS, error_messages.get("can_not_remove_error"))
def edit_sudoer_form(request, cn): try: lists = dict() lists["edit"] = True lists["action"] = reverse("ldap.sudoer.edit", args=[cn]) ldap = Ldap(AuthSession(request.session).get_user().get_username()) groups_list = get_groups(ldap) if request.method == "POST": commands_list = request.POST.getlist( 'commands') if "commands" in request.POST else [] form = SudoerForm(groups_list, commands_list, request.POST) if form.is_valid(): cn = str(form.cleaned_data['cn']) sudoHost = str(form.cleaned_data['host']) sudoUser = form.cleaned_data['groups'] sudoCommand = form.cleaned_data['commands'] ldap.edit_sudoer(cn, sudoHost, sudoUser, sudoCommand) messages.add_message( request, messages.SUCCESS, ldap_messages.get("success_edit_sudoer")) return redirect('ldap.sudoer.list') else: sudoer = ldap.get_sudoer(cn) groups = [] for grp in validates_dict(sudoer, ("sudoUser")): groups.append(str(grp).replace("%", "")) form = SudoerForm(groups_list, validates_dict(sudoer, ("sudoCommand")), initial={'cn': sudoer.get( "cn"), 'host': sudoer.get("sudoHost"), 'groups': groups, 'commands': validates_dict(sudoer, ("sudoCommand"))}) except LDAPNotFoundError, e: messages.add_message( request, messages.ERROR, ldap_messages.get("invalid_sudoer") % cn) return redirect('ldap.sudoer.form')
def clean(self): cleaned_data = self.cleaned_data userType = cleaned_data.get("userType") homeDirectory = cleaned_data.get("homeDirectory") uidNumber = cleaned_data.get("uidNumber") groupPattern = cleaned_data.get("groupPattern") if groupPattern is not None: if str(groupPattern) == str(CHOICES_GROUP[0][0]): if homeDirectory is None or homeDirectory == "": self._errors["homeDirectory"] = self.error_class( [error_messages.get("required")]) if userType is None or userType == "": self._errors["userType"] = self.error_class( [error_messages.get("required")]) if uidNumber is not None: ldap = Ldap(None) if groupPattern == ldap.groupStandard: if not ldap.valid_range_user_internal(uidNumber): self._errors["uidNumber"] = self.error_class([ ldap_messages.get("error_range_out_user") % (ldap.rangeUsers[0], ldap.rangeUsers[-1]) ]) else: if not ldap.valid_range_user_external(uidNumber): self._errors["uidNumber"] = self.error_class([ ldap_messages.get("error_range_out_user") % (ldap.rangeUsersExternal[0], ldap.rangeUsersExternal[-1]) ]) return cleaned_data
def add_sudoer_form(request): try: lists = dict() ldap = Ldap(AuthSession(request.session).get_user().get_username()) groups_list = get_groups(ldap) if request.method == "POST": commands_list = request.POST.getlist( 'commands') if "commands" in request.POST else [] form = SudoerForm(groups_list, commands_list, request.POST) if form.is_valid(): cn = str(form.cleaned_data['cn']) sudoHost = str(form.cleaned_data['host']) sudoUser = form.cleaned_data['groups'] sudoCommand = form.cleaned_data['commands'] try: # Valid cn sudoer = None sudoer = ldap.get_sudoer(cn) except LDAPError, e: pass if sudoer is None: ldap.add_sudoer(cn, sudoHost, sudoUser, sudoCommand) messages.add_message( request, messages.SUCCESS, ldap_messages.get("success_insert_sudoer")) return redirect('ldap.sudoer.list') else: messages.add_message(request, messages.WARNING, ldap_messages.get( "error_duplicated_name_sudoer") % cn) else:
def valid_form_group(ldap, request, cn, gidNumber): # Valid is_valid = True try: ldap.get_group(cn) is_valid = False messages.add_message(request, messages.WARNING, ldap_messages.get( "error_duplicated_name_group") % cn) except LDAPError: pass for grp in get_groups(ldap): if gidNumber == grp.get("gidNumber"): is_valid = False messages.add_message(request, messages.WARNING, ldap_messages.get( "error_duplicated_gidNumber_group") % gidNumber) return is_valid
def clean(self): cleaned_data = self.cleaned_data gidNumber = cleaned_data.get("gidNumber") if gidNumber is not None: ldap = Ldap(None) if not ldap.valid_range_group(gidNumber): self._errors["gidNumber"] = self.error_class([ldap_messages.get( "error_range_out_group") % (ldap.rangeGroups[0], ldap.rangeGroups[-1])]) return cleaned_data
def add_user_form(request, pattern): try: lists = dict() ldap = Ldap(AuthSession(request.session).get_user().get_username()) group_list = get_groups(ldap) policy_list = get_policies(ldap) if pattern == PATTERN_TYPES.INTERNAL: groupPattern = ldap.groupStandard usertype_list = CHOICES_GROUP loginShell = "/bin/bash" elif pattern == PATTERN_TYPES.EXTERNAL: groupPattern = ldap.groupStandardExternal usertype_list = None loginShell = "/sbin/nologin" if request.method == "POST": form = UserForm(group_list, policy_list, usertype_list, request.POST, initial={ 'groupPattern': groupPattern}) if form.is_valid(): data = form.cleaned_data for e in data.keys(): if type(data[e]) == unicode or type(data[e]) == int: data[e] = str(data[e]) if valid_form_user(ldap, request, data['cn'], data['uidNumber'], data['employeeNumber'], data['mail']): ldap.add_user(data['cn'], data['uidNumber'], data['groupPattern'], data['homeDirectory'], data['givenName'], data['initials'], data['sn'], data['mail'], data['homePhone'], data['mobile'], data['street'], data[ 'description'], data['employeeNumber'], data['employeeType'], data['loginShell'], data['shadowLastChange'], data['shadowMin'], data['shadowMax'], data['shadowWarning'], data['policy'], data['groups']) messages.add_message( request, messages.SUCCESS, ldap_messages.get("success_insert_user")) return HttpResponseRedirect(reverse('ldap.user.list', args=[pattern])) else: form = UserForm(group_list, policy_list, usertype_list, initial={'uidNumber': uidNumber_suggest( ldap, pattern), 'groupPattern': groupPattern, 'shadowMin': 1, 'shadowMax': 365, 'shadowWarning': 335, 'shadowLastChange': 1, 'loginShell': loginShell}) except LDAPError, e: logger.error(e) messages.add_message(request, messages.ERROR, e)
def edit_group_form(request, cn): try: lists = dict() lists["edit"] = True lists["action"] = reverse("ldap.group.edit", args=[cn]) ldap = Ldap(AuthSession(request.session).get_user().get_username()) users_list = get_users(ldap) form = GroupForm(users_list) if request.method == "POST": form = GroupForm(users_list, request.POST) if form.is_valid(): cn = str(form.cleaned_data['cn']) gidNumber = str(form.cleaned_data['gidNumber']) member_uid = form.cleaned_data['member_uid'] ldap.edit_group(cn, gidNumber, member_uid) messages.add_message( request, messages.SUCCESS, ldap_messages.get("success_edit_group")) return redirect('ldap.group.list') else: group = ldap.get_group(cn) form = GroupForm(users_list, initial={'cn': group.get("cn"), 'gidNumber': group.get( "gidNumber"), 'member_uid': validates_dict(group, ("memberUid"))}) except LDAPNotFoundError, e: messages.add_message( request, messages.ERROR, ldap_messages.get("invalid_group") % cn) return redirect('ldap.group.form')
def clean(self): cleaned_data = self.cleaned_data userType = cleaned_data.get("userType") homeDirectory = cleaned_data.get("homeDirectory") uidNumber = cleaned_data.get("uidNumber") groupPattern = cleaned_data.get("groupPattern") if groupPattern is not None: if str(groupPattern) == str(CHOICES_GROUP[0][0]): if homeDirectory is None or homeDirectory == "": self._errors["homeDirectory"] = self.error_class( [error_messages.get("required")]) if userType is None or userType == "": self._errors["userType"] = self.error_class( [error_messages.get("required")]) if uidNumber is not None: ldap = Ldap(None) if groupPattern == ldap.groupStandard: if not ldap.valid_range_user_internal(uidNumber): self._errors["uidNumber"] = self.error_class([ldap_messages.get( "error_range_out_user") % (ldap.rangeUsers[0], ldap.rangeUsers[-1])]) else: if not ldap.valid_range_user_external(uidNumber): self._errors["uidNumber"] = self.error_class([ldap_messages.get( "error_range_out_user") % (ldap.rangeUsersExternal[0], ldap.rangeUsersExternal[-1])]) return cleaned_data
def ajax_reset_password_user(request): lists = dict() ldap = Ldap(AuthSession(request.session).get_user().get_username()) status_code = 500 try: cn = request.GET['cn'] ldap.reset_pwd(cn) lists["password"] = LDAP_PASSWORD_DEFAULT status_code = 200 except LDAPNotFoundError, e: messages.add_message( request, messages.ERROR, ldap_messages.get("invalid_user") % cn)
def clean(self): cleaned_data = self.cleaned_data gidNumber = cleaned_data.get("gidNumber") if gidNumber is not None: ldap = Ldap(None) if not ldap.valid_range_group(gidNumber): self._errors["gidNumber"] = self.error_class([ ldap_messages.get("error_range_out_group") % (ldap.rangeGroups[0], ldap.rangeGroups[-1]) ]) return cleaned_data
def edit_user_form(request, pattern, cn): try: lists = dict() lists["pattern"] = pattern lists["action"] = reverse( "ldap.user.edit", kwargs={"pattern": pattern, "cn": cn}) lists["edit"] = True ldap = Ldap(AuthSession(request.session).get_user().get_username()) group_list = get_groups(ldap) policy_list = get_policies(ldap) if pattern == PATTERN_TYPES.INTERNAL: groupPattern = ldap.groupStandard usertype_list = CHOICES_GROUP elif pattern == PATTERN_TYPES.EXTERNAL: groupPattern = ldap.groupStandardExternal usertype_list = None if request.method == "POST": form = UserForm(group_list, policy_list, usertype_list, request.POST, initial={ 'groupPattern': groupPattern}) if form.is_valid(): data = form.cleaned_data for e in data.keys(): if type(data[e]) == unicode or type(data[e]) == int: data[e] = str(data[e]) if valid_form_user(ldap, request, data['cn'], data['uidNumber'], data['employeeNumber'], data['mail'], edit=True): ldap.edit_user(data['cn'], data['uidNumber'], data['groupPattern'], data['homeDirectory'], data['givenName'], data['initials'], data['sn'], data['mail'], data['homePhone'], data['mobile'], data['street'], data[ 'description'], data['employeeNumber'], data['employeeType'], data['loginShell'], data['shadowLastChange'], data['shadowMin'], data['shadowMax'], data['shadowWarning'], data['policy'], data['groups']) client_user = AuthSession( request.session).get_clientFactory().create_usuario() try: local_user = client_user.get_by_user_ldap(data['cn']) local_user = local_user['usuario'] name = data['givenName'] + ' ' + \ data['initials'] + ' ' + data['sn'] client_user.alterar(local_user['id'], local_user['user'], local_user[ 'pwd'], name, local_user['ativo'], data['mail'], local_user['user_ldap']) except UsuarioNaoExisteError: pass messages.add_message( request, messages.SUCCESS, ldap_messages.get("success_edit_user")) return HttpResponseRedirect(reverse('ldap.user.list', args=[pattern])) else: user = ldap.get_user(cn) user['groups'] = ldap.get_groups_user(cn) user['groupPattern'] = groupPattern form = UserForm( group_list, policy_list, usertype_list, initial=user) except LDAPNotFoundError, e: messages.add_message( request, messages.ERROR, ldap_messages.get("invalid_user") % cn) return HttpResponseRedirect(reverse('ldap.user.list', args=[pattern]))
def delete_user_all(request, pattern): if request.method == 'POST': ldap = Ldap(AuthSession(request.session).get_user().get_username()) form = DeleteForm(request.POST) if form.is_valid(): # All cns to be deleted cns = split_to_array(form.cleaned_data['ids']) # All messages to display error_list = list() # Control others exceptions have_errors = False # For each user selected to remove for cn in cns: try: ldap.rem_user(cn) client_user = AuthSession( request.session).get_clientFactory().create_usuario() try: local_user = client_user.get_by_user_ldap(cn) local_user = local_user['usuario'] client_user.alterar(local_user['id'], local_user['user'], local_user[ 'pwd'], local_user['nome'], local_user['ativo'], local_user['email'], None) except UsuarioNaoExisteError: pass except LDAPMethodError, e: error_list.append(cn) have_errors = True except LDAPError, e: logger.error(e) messages.add_message(request, messages.ERROR, e) have_errors = True break # If cant remove nothing if len(error_list) == len(cns): messages.add_message( request, messages.ERROR, error_messages.get("can_not_remove_all")) # If cant remove someones elif len(error_list) > 0: msg = "" for id_error in error_list: msg = msg + id_error + ", " msg = error_messages.get("can_not_remove") % msg[:-2] messages.add_message(request, messages.WARNING, msg) # If all has ben removed elif have_errors == False: messages.add_message( request, messages.SUCCESS, ldap_messages.get("success_remove_user")) else: messages.add_message( request, messages.SUCCESS, error_messages.get("can_not_remove_error"))