def create_service_account(session, actor, name, description, canjoin):
# type (Session, User, str, str, str) -> None
"""Creates a service account with the given name, description, and canjoin status
Args:
session: the database session
actor: the user creating the service account
name: the name of the service account
description: description of the service account
canjoin: the canjoin status for management of the service account
Throws:
IntegrityError: if a user or group with the given name already exists
"""
user = User(username=name, role_user=True)
group = Group(groupname=name, description=description, canjoin=canjoin)
user.add(session)
group.add(session)
group.add_member(actor, actor, "Group Creator", "actioned", None,
"np-owner")
group.add_member(actor, user, "Service Account", "actioned", None,
"member")
session.commit()
AuditLog.log(session,
actor.id,
'create_service_account',
'Created new service account.',
on_group_id=group.id,
on_user_id=user.id)
def sync_db_command(args):
# Models not implicitly or explictly imported above are explicitly imported
# here:
from grouper.models.perf_profile import PerfProfile # noqa
db_engine = get_db_engine(get_database_url(settings))
Model.metadata.create_all(db_engine)
# Add some basic database structures we know we will need if they don't exist.
session = make_session()
for name, description in SYSTEM_PERMISSIONS:
test = Permission.get(session, name)
if test:
continue
permission = Permission(name=name, description=description)
try:
permission.add(session)
session.flush()
except IntegrityError:
session.rollback()
raise Exception('Failed to create permission: %s' % (name, ))
session.commit()
# This group is needed to bootstrap a Grouper installation.
admin_group = Group.get(session, name="grouper-administrators")
if not admin_group:
admin_group = Group(
groupname="grouper-administrators",
description="Administrators of the Grouper system.",
canjoin="nobody",
)
try:
admin_group.add(session)
session.flush()
except IntegrityError:
session.rollback()
raise Exception('Failed to create group: grouper-administrators')
for permission_name in (GROUP_ADMIN, PERMISSION_ADMIN, USER_ADMIN):
permission = Permission.get(session, permission_name)
assert permission, "Permission should have been created earlier!"
grant_permission(session, admin_group.id, permission.id)
session.commit()
def post(self):
form = GroupCreateForm(self.request.arguments)
if not form.validate():
return self.render(
"group-create.html", form=form,
alerts=self.get_form_alerts(form.errors)
)
user = self.get_current_user()
group = Group(
groupname=form.data["groupname"],
description=form.data["description"],
canjoin=form.data["canjoin"],
auto_expire=form.data["auto_expire"],
)
try:
group.add(self.session)
self.session.flush()
except IntegrityError:
self.session.rollback()
form.groupname.errors.append(
"{} already exists".format(form.data["groupname"])
)
return self.render(
"group-create.html", form=form,
alerts=self.get_form_alerts(form.errors)
)
group.add_member(user, user, "Group Creator", "actioned", None, form.data["creatorrole"])
self.session.commit()
AuditLog.log(self.session, self.current_user.id, 'create_group',
'Created new group.', on_group_id=group.id)
return self.redirect("/groups/{}?refresh=yes".format(group.name))
