def save_model(self, account): super(Edit, self).update_model(account) self.set_country(account) self.append_groups(account) if 'disable_rtt' in self.request.params: account.add_feature('disable_rtt', save=True) else: account.del_feature('disable_rtt', save=True) settings = self.request.registry.settings ldap = False if 'pyvac.use_ldap' in settings: ldap = asbool(settings.get('pyvac.use_ldap')) if ldap: # update in ldap r = self.request password = None if 'user.password' in r.params and r.params['user.password']: password = [hashPassword(r.params['user.password'])] unit = None if 'unit' in r.params and r.params['unit']: unit = r.params['unit'] arrival_date = None if 'arrival_date' in r.params and r.params['arrival_date']: # cast to datetime arrival_date = datetime.strptime(r.params['arrival_date'], '%d/%m/%Y') uid = None if 'user.uid' in r.params and r.params['user.uid']: uid = r.params['user.uid'] if (r.params.get('remove_photo', 'no') == 'yes'): photo = '' else: try: r.params['photofile'].file.seek(0) photo = r.params['photofile'].file.read() except: photo = None if photo: log.info('uploading photo size: %d' % len(photo)) mobile = None if 'mobile' in r.params: mobile = r.params['mobile'] ldap = LdapCache() ldap.update_user(account, password=password, unit=unit, arrival_date=arrival_date, uid=uid, photo=photo, mobile=mobile) # only for admins if self.user.is_admin: # update teams uteams = {} for team, members in ldap.list_teams().iteritems(): for member in members: uteams.setdefault(member, []).append(team) user_teams = uteams.get(account.dn, []) # add to new teams for team in r.params.getall('teams'): members = ldap.get_team_members(team) if account.dn not in members: members.append(account.dn.encode('utf-8')) ldap.update_team(team, members) # remove from old teams for team in user_teams: if team not in r.params.getall('teams'): members = ldap.get_team_members(team) if account.dn in members: members.remove(account.dn) ldap.update_team(team, members) # update role for user in LDAP old_role = account.role if 'ldap_role' in r.params: new_role = r.params['ldap_role'] if old_role != new_role: log.info('LDAP role changed: %s -> %s' % (old_role, new_role)) if new_role == 'manager': ldap.add_manager(account.dn) elif old_role == 'manager': ldap.remove_manager(account.dn) if new_role == 'admin': ldap.add_admin(account.dn) elif old_role == 'admin': ldap.remove_admin(account.dn) if self.user and not self.user.is_admin: self.redirect_route = 'list_request'