def test_equality(self):
self.assertEqual(Group('aa'), Group('aa'))
self.assertNotEqual(Group('aa'), Group('bb'))
self.assertNotEqual(Group('aa'), Group(123))
self.assertNotEqual(Group('aa'), Group(None))
self.assertNotEqual(Group('aa'), object())
self.assertNotEqual(Group('aa'), None)
def create_example_client(session, unit_id, properties):
if len(session.query(OrgUnit).filter_by(unit_id=unit_id).all()) == 0:
#create users_group if not exist
temp = session.query(Group).filter(
Group.groupid == properties.get('group')).all()
if len(temp) == 0:
users_group = Group(properties.get('group'))
else:
users_group = temp[0]
properties.pop('group')
#create inbox_group if not exist
temp = session.query(Group).filter(
Group.groupid == properties.get('inbox_group')).all()
if len(temp) == 0:
inbox_group = Group(properties.get('inbox_group'))
else:
inbox_group = temp[0]
properties.pop('inbox_group')
orgunit = OrgUnit(unit_id, **properties)
orgunit.users_group = users_group
orgunit.inbox_group = inbox_group
session.add(orgunit)
return orgunit
def _create_example_client(session, client_id, properties):
if len(session.query(Client).filter_by(client_id=client_id).all()) == 0:
#create users_group if not exist
temp = session.query(Group).filter(
Group.groupid == properties.get('group')).all()
if len(temp) == 0:
users_group = Group(properties.get('group'))
else:
users_group = temp[0]
properties.pop('group')
#create inbox_group if not exist
temp = session.query(Group).filter(
Group.groupid == properties.get('inbox_group')).all()
if len(temp) == 0:
inbox_group = Group(properties.get('inbox_group'))
else:
inbox_group = temp[0]
properties.pop('inbox_group')
client = Client(client_id, **properties)
client.users_group = users_group
client.inbox_group = inbox_group
session.add(client)
return client
def _create_example_user(session, site, userid, properties, groups):
acl_users = site.acl_users
password = '******'
# add the user to acl_users on site level
if not acl_users.getUserById(userid):
acl_users.source_users.addUser(userid, userid, password)
# create the user object in sql
if session.query(User).filter_by(userid=userid).count() == 0:
user = User(userid, **properties)
session.add(user)
else:
user = session.query(User).filter_by(userid=userid).first()
# append the user to the group
for groupid in groups:
groups = session.query(Group).filter(Group.groupid == groupid).all()
# does the group don't exist create it
if len(groups) == 0:
group = Group(groupid)
group.users.append(user)
session.add(group)
else:
groups[0].users.append(user)
session.add(groups[0])
transaction.commit()
return session.query(User).filter_by(userid=userid).first()
def ogds_add_user_to_group(user, groupid, session=None):
session = session or create_session()
try:
group = session.query(Group).filter_by(groupid=groupid).one()
except NoResultFound:
group = Group(groupid)
group.users.append(user)
session.add(group)
def test_creatable(self):
groups = self.session.query(Group).all()
self.assertEqual(len(groups), 5)
g1 = Group('group-one')
self.session.add(g1)
groups = self.session.query(Group).all()
self.assertEqual(len(groups), 6)
self.assertEqual(groups[-1].groupid, 'group-one')
def test_urlencodes_group_member_urls(self, browser):
self.login(self.regular_user, browser)
user = self.get_ogds_user(self.regular_user)
group_with_spaces = Group(groupid='with spaces')
user.groups.append(group_with_spaces)
browser.open(self.portal, view='@@user-details/kathi.barfuss')
group_links = [a.get('href') for a in browser.css('.groups li a')]
self.assertEqual([
'http://nohost/plone/@@list_groupmembers?group=fa_users',
'http://nohost/plone/@@list_groupmembers?group=projekt_a',
'http://nohost/plone/@@list_groupmembers?group=with+spaces'
], group_links)
def import_groups(self):
"""Imports groups from all the configured LDAP plugins into OGDS.
"""
session = create_session()
# Set all SQL groups inactive first - the ones still contained in the
# LDAP will be set active again below (in the same transaction).
#
# Also set their `users` attribute to an empty collection in order
# to clear out memberships from the `groups_users` association table
# before importing them, so that memberships from groups that have
# been deleted in LDAP get removed from OGDS.
for group in session.query(Group):
group.active = False
group.users = []
for plugin in self._ldap_plugins():
ldap_userfolder = plugin._getLDAPUserFolder()
ldap_util = ILDAPSearch(ldap_userfolder)
logger.info(u'Groups base: %s' % ldap_userfolder.groups_base)
logger.info(u'Group filter: %r' % ldap_util.get_group_filter())
ldap_groups = ldap_util.get_groups()
for ldap_group in ldap_groups:
dn, info = ldap_group
# Group name is in the 'cn' attribute, which may be
# mapped to 'fullname'
if 'cn' in info:
groupid = info['cn']
if isinstance(groupid, list):
groupid = groupid[0]
else:
groupid = info['fullname']
groupid = groupid.decode('utf-8')
info['groupid'] = groupid
# Skip groups with groupid longer than SQL 'groupid' column
if len(groupid) > GROUP_ID_LENGTH:
logger.warn(u"Skipping group '{}' - "
u"groupid too long!".format(groupid))
continue
if not self.group_exists(groupid):
# Create the new group
group = Group(groupid)
session.add(group)
else:
# Get the existing group
try:
group = self.get_sql_group(groupid)
except MultipleResultsFound:
# Duplicate group with slightly different spelling
# (casing, whitespace, ...) that may not be considered
# different by the SQL backend's unique constraint.
# We therefore enforce uniqueness ourselves.
logger.warn(
u"Skipping duplicate group '{}'!".format(groupid))
continue
# Iterate over all SQL columns and update their values
columns = Group.__table__.columns
for col in columns:
setattr(group, col.name,
self._convert_value(info.get(col.name)))
# Sync group title
title_attribute = self.get_group_title_ldap_attribute()
if title_attribute and info.get(title_attribute):
setattr(group, 'title',
self._convert_value(info.get(title_attribute)))
contained_users = []
group_members = ldap_util.get_group_members(info)
logger.info(u"Importing group '{}'...".format(groupid))
for user_dn in group_members:
ldap_user = ldap_util.entry_by_dn(user_dn)
if ldap_user is None:
logger.warn(USER_NOT_FOUND_LDAP.format(user_dn))
continue
user_dn, user_info = ldap_user
if isinstance(user_dn, str):
user_dn = user_dn.decode('utf-8')
if not ldap_util.is_ad:
if 'userid' not in user_info:
logger.warn(NO_UID_MSG.format(user_dn))
continue
userid = user_info['userid']
else:
# Active Directory
uid_found = False
for uid_key in AD_UID_KEYS:
if uid_key in user_info:
userid = user_info[uid_key]
uid_found = True
break
if not uid_found:
# No suitable UID found, skip this user
logger.warn(
NO_UID_AD_MSG.format(user_dn, AD_UID_KEYS))
continue
if isinstance(userid, list):
userid = userid[0]
if isinstance(userid, str):
userid = userid.decode('utf-8')
try:
user = self.get_sql_user(userid)
except NoResultFound:
logger.warn(USER_NOT_FOUND_SQL.format(userid))
continue
except MultipleResultsFound:
# Duplicate user - skip (see above).
logger.warn(
u" Skipping duplicate user '{}'!".format(userid))
continue
contained_users.append(user)
logger.info(
u"Importing user '{}' into group '{}'...".format(
userid, groupid))
group.users = contained_users
group.active = True
session.flush()
logger.info(u"Done.")
def test_is_issuer(self):
task1 = self.stub()
self.expect(task1.issuer).result('hugo.boss')
task2 = self.stub()
self.expect(task2.issuer).result('james.bond')
task3 = self.stub()
self.expect(task3.issuer).result('inbox:client1')
request = self.stub()
contact_info = self.mocker.mock()
self.mock_utility(contact_info, IContactInformation, name=u"")
plone_portal_state = self.stub()
self.mock_adapter(plone_portal_state, ITask, [Interface, Interface],
'plone_portal_state')
with self.mocker.order():
# check1 (direct issuer)
self.expect(contact_info.is_inbox('hugo.boss')).result(False)
self.expect(plone_portal_state(ANY,
ANY)).result(plone_portal_state)
self.expect(plone_portal_state.member().id).result('hugo.boss')
# check2 (not the issuer, without including the inbox group)
self.expect(contact_info.is_inbox('james.bond')).result(False)
self.expect(plone_portal_state(ANY,
ANY)).result(plone_portal_state)
self.expect(plone_portal_state.member().id).result('hugo.boss')
# check3 (not the issuer, not in the issuer group)
self.expect(contact_info.is_inbox('james.bond')).result(False)
self.expect(plone_portal_state(ANY,
ANY)).result(plone_portal_state)
self.expect(plone_portal_state.member().id).result('hugo.boss')
self.expect(request.get_header('X-OGDS-CID', None)).result(False)
self.expect(contact_info.is_user_in_inbox_group()).result(False)
# check4 (not the issuer, not in the issuer group but an internal request)
self.expect(contact_info.is_inbox('james.bond')).result(False)
self.expect(plone_portal_state(ANY,
ANY)).result(plone_portal_state)
self.expect(plone_portal_state.member().id).result('hugo.boss')
self.expect(request.get_header('X-OGDS-CID', None)).result(True)
# check5 (not the issuer but in the issuer group)
self.expect(contact_info.is_inbox('james.bond')).result(False)
self.expect(plone_portal_state(ANY,
ANY)).result(plone_portal_state)
self.expect(plone_portal_state.member().id).result('hugo.boss')
self.expect(request.get_header('X-OGDS-CID', None)).result(False)
self.expect(contact_info.is_user_in_inbox_group()).result(True)
# check6 (issuer is a inbox, user is in the inbox group)
self.expect(contact_info.is_inbox('inbox:client1')).result(True)
self.expect(contact_info.get_group_of_inbox(ANY)).result(
Group('og_inbox_group'))
self.expect(contact_info.is_group_member('og_inbox_group',
ANY)).result(True)
# check7 (issuer is a inbox, user is in the inbox group)
self.expect(contact_info.is_inbox('inbox:client1')).result(True)
self.expect(contact_info.get_group_of_inbox(ANY)).result(
Group('og_inbox_group'))
self.expect(contact_info.is_group_member('og_inbox_group',
ANY)).result(False)
self.replay()
self.assertTrue(TaskTransitionController(task1, request)._is_issuer())
self.assertFalse(TaskTransitionController(task2, request)._is_issuer())
self.assertFalse(
TaskTransitionController(task2,
request)._is_issuer_or_inbox_group_user())
self.assertTrue(
TaskTransitionController(task2,
request)._is_issuer_or_inbox_group_user())
self.assertTrue(
TaskTransitionController(task2,
request)._is_issuer_or_inbox_group_user())
self.assertTrue(TaskTransitionController(task3, request)._is_issuer())
self.assertFalse(
TaskTransitionController(task3,
request)._is_issuer_or_inbox_group_user())
def import_groups(self):
"""Imports groups from all the configured LDAP plugins into OGDS.
"""
session = create_session()
for plugin in self._ldap_plugins():
ldap_userfolder = plugin._getLDAPUserFolder()
ldap_util = ILDAPSearch(ldap_userfolder)
ldap_groups = ldap_util.get_groups()
for ldap_group in ldap_groups:
dn, info = ldap_group
# Group name is in the 'cn' attribute, which may be mapped to 'fullname'
if 'cn' in info:
groupid = info['cn']
if isinstance(groupid, list):
groupid = groupid[0]
else:
groupid = info['fullname']
groupid = groupid.decode('utf-8')
info['groupid'] = groupid
if not self.group_exists(groupid):
# Create the new group
group = Group(groupid)
session.add(group)
else:
# Get the existing group
group = session.query(Group).filter_by(groupid=groupid).first()
# Iterate over all SQL columns and update their values
columns = Group.__table__.columns
for col in columns:
value = info.get(col.name)
# We can't store sequences in SQL columns. So if we do get
# a multi-valued field to be stored directly in OGDS, we
# treat it as a multi-line string and join it.
if isinstance(value, list) or isinstance(value, tuple):
value = ' '.join([str(v) for v in value])
setattr(group, col.name, value)
contained_users = []
group_members = ldap_util.get_group_members(info)
for user_dn in group_members:
try:
ldap_user = ldap_util.entry_by_dn(user_dn)
user_dn, user_info = ldap_user
if not ldap_util.is_ad:
if not 'userid' in user_info:
logger.warn(NO_UID_MSG % user_dn)
continue
userid = user_info['userid']
else:
# Active Directory
uid_found = False
for uid_key in AD_UID_KEYS:
if uid_key in user_info:
userid = user_info[uid_key]
uid_found = True
break
if not uid_found:
# No suitable UID found, skip this user
logger.warn(NO_UID_AD_MSG % (AD_UID_KEYS,
user_dn))
continue
if isinstance(userid, list):
userid = userid[0]
user = self.get_sql_user(userid)
if user is None:
logger.warn(USER_NOT_FOUND_SQL % userid)
continue
contained_users.append(user)
logger.info("Importing user '%s'..." % userid)
except NO_SUCH_OBJECT:
logger.warn(USER_NOT_FOUND_LDAP % user_dn)
group.users = contained_users
session.flush()
def import_groups(self):
"""Imports groups from all the configured LDAP plugins into OGDS.
"""
session = create_session()
for plugin in self._ldap_plugins():
ldap_userfolder = plugin._getLDAPUserFolder()
ldap_util = ILDAPSearch(ldap_userfolder)
ldap_groups = ldap_util.get_groups()
for ldap_group in ldap_groups:
dn, info = ldap_group
# Group name is in the 'cn' attribute, which may be mapped to 'fullname'
if 'cn' in info:
groupid = info['cn']
if isinstance(groupid, list):
groupid = groupid[0]
else:
groupid = info['fullname']
groupid = groupid.decode('utf-8')
info['groupid'] = groupid
if not self.group_exists(groupid):
# Create the new group
group = Group(groupid)
session.add(group)
else:
# Get the existing group
group = session.query(Group).filter_by(
groupid=groupid).first()
# Iterate over all SQL columns and update their values
columns = Group.__table__.columns
for col in columns:
value = info.get(col.name)
# We can't store sequences in SQL columns. So if we do get
# a multi-valued field to be stored directly in OGDS, we
# treat it as a multi-line string and join it.
if isinstance(value, list) or isinstance(value, tuple):
value = ' '.join([str(v) for v in value])
setattr(group, col.name, value)
contained_users = []
group_members = ldap_util.get_group_members(info)
for user_dn in group_members:
try:
ldap_user = ldap_util.entry_by_dn(user_dn)
user_dn, user_info = ldap_user
if not ldap_util.is_ad:
if not 'userid' in user_info:
logger.warn(NO_UID_MSG % user_dn)
continue
userid = user_info['userid']
else:
# Active Directory
uid_found = False
for uid_key in AD_UID_KEYS:
if uid_key in user_info:
userid = user_info[uid_key]
uid_found = True
break
if not uid_found:
# No suitable UID found, skip this user
logger.warn(NO_UID_AD_MSG %
(AD_UID_KEYS, user_dn))
continue
if isinstance(userid, list):
userid = userid[0]
user = self.get_sql_user(userid)
if user is None:
logger.warn(USER_NOT_FOUND_SQL % userid)
continue
contained_users.append(user)
logger.info("Importing user '%s'..." % userid)
except NO_SUCH_OBJECT:
logger.warn(USER_NOT_FOUND_LDAP % user_dn)
group.users = contained_users
session.flush()
def test_create_groupid_required(self):
with self.assertRaises(TypeError):
Group()
def test_create_sets_attrs(self):
attrs = {'groupid': 'admins', 'title': 'Administrators'}
group = Group(**attrs)
for key, value in attrs.items():
self.assertEqual(getattr(group, key), value)
def test_repr(self):
self.assertEqual(str(Group('a-group')), '<Group a-group>')
def import_groups(self):
"""Imports groups from all the configured LDAP plugins into OGDS.
"""
session = create_session()
# Set all SQL groups inactive first - the ones still contained in the
# LDAP will be set active again below (in the same transaction).
#
# Also set their `users` attribute to an empty collection in order
# to clear out memberships from the `groups_users` association table
# before importing them, so that memberships from groups that have
# been deleted in LDAP get removed from OGDS.
for group in session.query(Group):
group.active = False
group.users = []
for plugin in self._ldap_plugins():
ldap_userfolder = plugin._getLDAPUserFolder()
ldap_util = ILDAPSearch(ldap_userfolder)
logger.info(u"Groups base: %s" % ldap_userfolder.groups_base)
logger.info(u"Group filter: %r" % ldap_util.get_group_filter())
ldap_groups = ldap_util.get_groups()
for ldap_group in ldap_groups:
dn, info = ldap_group
# Group name is in the 'cn' attribute, which may be
# mapped to 'fullname'
if "cn" in info:
groupid = info["cn"]
if isinstance(groupid, list):
groupid = groupid[0]
else:
groupid = info["fullname"]
groupid = groupid.decode("utf-8")
info["groupid"] = groupid
# Skip groups with groupid longer than SQL 'groupid' column
if len(groupid) > GROUP_ID_LENGTH:
logger.warn(u"Skipping group '{}' - " u"groupid too long!".format(groupid))
continue
if not self.group_exists(groupid):
# Create the new group
group = Group(groupid)
session.add(group)
else:
# Get the existing group
try:
group = self.get_sql_group(groupid)
except MultipleResultsFound:
# Duplicate group with slightly different spelling
# (casing, whitespace, ...) that may not be considered
# different by the SQL backend's unique constraint.
# We therefore enforce uniqueness ourselves.
logger.warn(u"Skipping duplicate group '{}'!".format(groupid))
continue
# Iterate over all SQL columns and update their values
columns = Group.__table__.columns
for col in columns:
value = info.get(col.name)
# We can't store sequences in SQL columns. So if we do get
# a multi-valued field to be stored directly in OGDS, we
# treat it as a multi-line string and join it.
if isinstance(value, list) or isinstance(value, tuple):
value = " ".join([str(v) for v in value])
if isinstance(value, str):
value = value.decode("utf-8")
setattr(group, col.name, value)
contained_users = []
group_members = ldap_util.get_group_members(info)
logger.info(u"Importing group '{}'...".format(groupid))
for user_dn in group_members:
try:
ldap_user = ldap_util.entry_by_dn(user_dn)
user_dn, user_info = ldap_user
if isinstance(user_dn, str):
user_dn = user_dn.decode("utf-8")
if not ldap_util.is_ad:
if "userid" not in user_info:
logger.warn(NO_UID_MSG.format(user_dn))
continue
userid = user_info["userid"]
else:
# Active Directory
uid_found = False
for uid_key in AD_UID_KEYS:
if uid_key in user_info:
userid = user_info[uid_key]
uid_found = True
break
if not uid_found:
# No suitable UID found, skip this user
logger.warn(NO_UID_AD_MSG.format(user_dn, AD_UID_KEYS))
continue
if isinstance(userid, list):
userid = userid[0]
if isinstance(userid, str):
userid = userid.decode("utf-8")
try:
user = self.get_sql_user(userid)
except NoResultFound:
logger.warn(USER_NOT_FOUND_SQL.format(userid))
continue
except MultipleResultsFound:
# Duplicate user - skip (see above).
logger.warn(u" Skipping duplicate user '{}'!".format(userid))
continue
contained_users.append(user)
logger.info(u"Importing user '{}' into group '{}'...".format(userid, groupid))
except NO_SUCH_OBJECT:
logger.warn(USER_NOT_FOUND_LDAP.format(user_dn))
group.users = contained_users
group.active = True
session.flush()
logger.info(u"Done.")
