def group(self, **kw):
activities = GroupActivity.all()
activity_search = search_utility.GroupActivity.search
search_bar = SearchBar(activity_search.create_complete_search_table(),
name='activitysearch',)
return self._activities_grid(activities, search_bar, 'group',
search_utility.GroupActivity, title='Group Activity', **kw)
def removeUser(self, group_id=None, id=None, **kw):
group = Group.by_id(group_id)
if not group.can_modify_membership(identity.current.user):
flash(_(u'You are not an owner of group %s' % group))
redirect('../groups/mine')
if not group.can_remove_member(identity.current.user, id):
flash(_(u'Cannot remove member'))
redirect('../groups/edit?group_id=%s' % group_id)
groupUsers = group.users
for user in groupUsers:
if user.user_id == int(id):
group.users.remove(user)
removed = user
activity = GroupActivity(identity.current.user, u'WEBUI',
u'Removed', u'User',
removed.user_name, u"")
group.activity.append(activity)
mail.group_membership_notify(user,
group,
agent=identity.current.user,
action='Removed')
flash(_(u"%s Removed" % removed.display_name))
redirect("../groups/edit?group_id=%s" % group_id)
flash(_(u"No user %s in group %s" % (id, removed.display_name)))
raise redirect("../groups/edit?group_id=%s" % group_id)
def save_user(self, **kw):
user = User.by_user_name(kw['user']['text'])
if user is None:
flash(_(u"Invalid user %s" % kw['user']['text']))
redirect("./edit?group_id=%s" % kw['group_id'])
group = Group.by_id(kw['group_id'])
if not group.can_modify_membership(identity.current.user):
flash(_(u'You are not an owner of group %s' % group))
redirect('../groups/mine')
if user not in group.users:
group.users.append(user)
activity = GroupActivity(identity.current.user, u'WEBUI', u'Added',
u'User', u"", user.user_name)
group.activity.append(activity)
mail.group_membership_notify(user,
group,
agent=identity.current.user,
action='Added')
flash(_(u"OK"))
redirect("./edit?group_id=%s" % kw['group_id'])
else:
flash(
_(u"User %s is already in Group %s" %
(user.user_name, group.group_name)))
redirect("./edit?group_id=%s" % kw['group_id'])
def _new_group(self, group_id, display_name, group_name, ldap,
root_password):
user = identity.current.user
if ldap and not user.is_admin():
flash(_(u'Only admins can create LDAP groups'))
redirect('.')
try:
Group.by_name(group_name)
except NoResultFound:
pass
else:
flash(_(u"Group %s already exists." % group_name))
redirect(".")
group = Group()
session.add(group)
group.record_activity(user=user,
service=u'WEBUI',
field=u'Group',
action=u'Created')
group.display_name = display_name
group.group_name = group_name
group.ldap = ldap
if group.ldap:
group.refresh_ldap_members()
group.root_password = root_password
if not ldap: # LDAP groups don't have owners
group.user_group_assocs.append(UserGroup(user=user, is_owner=True))
group.activity.append(
GroupActivity(user,
service=u'WEBUI',
action=u'Added',
field_name=u'User',
old_value=None,
new_value=user.user_name))
group.activity.append(
GroupActivity(user,
service=u'WEBUI',
action=u'Added',
field_name=u'Owner',
old_value=None,
new_value=user.user_name))
return group
def setUp(self):
self.distro = data_setup.create_distro()
self.distro_tree1 = data_setup.create_distro_tree(distro=self.distro,
arch='x86_64')
self.distro_tree2 = data_setup.create_distro_tree(distro=self.distro,
arch='i386')
self.distro_tree1.activity.append(
DistroTreeActivity(user=User.by_user_name(data_setup.ADMIN_USER),
service=u'testdata',
field_name=u'Nonesente',
old_value=u'sdfas',
new_value=u'sdfa',
action='Added'))
self.distro_tree2.activity.append(
DistroTreeActivity(user=User.by_user_name(data_setup.ADMIN_USER),
service=u'testdata',
field_name=u'Noneseonce',
old_value=u'bsdf',
new_value=u'sdfas',
action='Added'))
self.distro.activity.append(
DistroActivity(user=User.by_user_name(data_setup.ADMIN_USER),
service=u'testdata',
action=u'Nothing',
field_name=u'Nonsense',
old_value=u'asdf',
new_value=u'omgwtfbbq'))
self.system = data_setup.create_system()
self.system.activity.append(
SystemActivity(user=User.by_user_name(data_setup.ADMIN_USER),
service=u'testdata',
action=u'Nothing',
field_name=u'Nonsense',
old_value=u'asdf',
new_value=u'omgwtfbbq'))
self.group2 = data_setup.create_group()
self.group = data_setup.create_group()
self.group.activity.append(
GroupActivity(user=User.by_user_name(data_setup.ADMIN_USER),
service=u'testdata',
action=u'Nothing',
field_name=u'Nonsense',
old_value=u'asdf',
new_value=u'omgwtfbbq'))
self.browser = self.get_browser()
def removeSystem(self, group_id=None, id=None, **kw):
group = Group.by_id(group_id)
system = System.by_id(id, identity.current.user)
# A group owner can remove a system from their group.
# A system owner can remove their system from a group.
# But note this is not symmetrical with adding systems.
if not (group.can_edit(identity.current.user)
or system.can_edit(identity.current.user)):
flash(_(u'Not permitted to remove %s from %s') % (system, group))
redirect('../groups/mine')
group.systems.remove(system)
activity = GroupActivity(identity.current.user, u'WEBUI', u'Removed',
u'System', system.fqdn, u"")
group.activity.append(activity)
system.record_activity(user=identity.current.user,
service=u'WEBUI',
action=u'Removed',
field=u'Group',
old=group.display_name,
new=u"")
flash(_(u"%s Removed" % system.fqdn))
raise redirect("./edit?group_id=%s" % group_id)
def modify(self, group_name, kw):
"""
Modifies an existing group. You must be an owner of a group to modify any details.
:param group_name: An existing group name
:type group_name: string
The *kw* argument must be an XML-RPC structure (dict)
specifying the following keys:
'group_name'
New group name (maximum 16 characters)
'display_name'
New group display name
'add_member'
Add user (username) to the group
'remove_member'
Remove an existing user (username) from the group
'root_password'
Change the root password of this group.
Returns a message whether the group was successfully modified or
raises an exception on failure.
"""
# if not called from the bkr group-modify
if not kw:
raise BX(_('Please specify an attribute to modify.'))
try:
group = Group.by_name(group_name)
except NoResultFound:
raise BX(_(u'Group does not exist: %s.' % group_name))
if group.ldap:
if not identity.current.user.is_admin():
raise BX(_(u'Only admins can modify LDAP groups'))
if kw.get('add_member', None) or kw.get('remove_member', None):
raise BX(_(u'Cannot edit membership of an LDAP group'))
user = identity.current.user
if not group.can_edit(user):
raise BX(_('You are not an owner of group %s' % group_name))
group_name = kw.get('group_name', None)
if group_name:
try:
Group.by_name(group_name)
except NoResultFound:
pass
else:
if group_name != group.group_name:
raise BX(
_(u'Failed to update group %s: Group name already exists: %s'
% (group.group_name, group_name)))
GroupFormSchema.fields['group_name'].to_python(group_name)
group.set_name(user, u'XMLRPC', kw.get('group_name', None))
display_name = kw.get('display_name', None)
if display_name:
GroupFormSchema.fields['display_name'].to_python(display_name)
group.set_display_name(user, u'XMLRPC', display_name)
root_password = kw.get('root_password', None)
if root_password:
group.set_root_password(user, u'XMLRPC', root_password)
if kw.get('add_member', None):
username = kw.get('add_member')
user = User.by_user_name(username)
if user is None:
raise BX(_(u'User does not exist %s' % username))
if user not in group.users:
group.users.append(user)
activity = GroupActivity(identity.current.user,
u'XMLRPC',
action=u'Added',
field_name=u'User',
old_value=u"",
new_value=username)
group.activity.append(activity)
mail.group_membership_notify(user,
group,
agent=identity.current.user,
action='Added')
else:
raise BX(
_(u'User %s is already in group %s' %
(username, group.group_name)))
if kw.get('remove_member', None):
username = kw.get('remove_member')
user = User.by_user_name(username)
if user is None:
raise BX(_(u'User does not exist %s' % username))
if user not in group.users:
raise BX(
_(u'No user %s in group %s' %
(username, group.group_name)))
else:
if not group.can_remove_member(identity.current.user,
user.user_id):
raise BX(_(u'Cannot remove member'))
groupUsers = group.users
for usr in groupUsers:
if usr.user_id == user.user_id:
group.users.remove(usr)
removed = user
activity = GroupActivity(identity.current.user,
u'XMLRPC',
action=u'Removed',
field_name=u'User',
old_value=removed.user_name,
new_value=u"")
group.activity.append(activity)
mail.group_membership_notify(
user,
group,
agent=identity.current.user,
action='Removed')
break
#dummy success return value
return ['1']
def create(self, kw):
"""
Creates a new group.
The *kw* argument must be an XML-RPC structure (dict)
specifying the following keys:
'group_name'
Group name (maximum 16 characters)
'display_name'
Group display name
'ldap'
Populate users from LDAP (True/False)
Returns a message whether the group was successfully created or
raises an exception on failure.
"""
display_name = kw.get('display_name')
group_name = kw.get('group_name')
ldap = kw.get('ldap')
password = kw.get('root_password')
if ldap and not identity.current.user.is_admin():
raise BX(_(u'Only admins can create LDAP groups'))
try:
group = Group.by_name(group_name)
except NoResultFound:
#validate
GroupFormSchema.fields['group_name'].to_python(group_name)
GroupFormSchema.fields['display_name'].to_python(display_name)
group = Group()
session.add(group)
group.record_activity(user=identity.current.user,
service=u'XMLRPC',
field=u'Group',
action=u'Created')
group.display_name = display_name
group.group_name = group_name
group.ldap = ldap
group.root_password = password
user = identity.current.user
if not ldap:
group.user_group_assocs.append(
UserGroup(user=user, is_owner=True))
group.activity.append(
GroupActivity(user,
service=u'XMLRPC',
action=u'Added',
field_name=u'User',
old_value=None,
new_value=user.user_name))
group.activity.append(
GroupActivity(user,
service=u'XMLRPC',
action=u'Added',
field_name=u'Owner',
old_value=None,
new_value=user.user_name))
if group.ldap:
group.refresh_ldap_members()
return 'Group created: %s.' % group_name
else:
raise BX(_(u'Group already exists: %s.' % group_name))
flash(unicode(e))
redirect("./edit?group_id=%s" % kw['group_id'])
# A system owner can add their system to a group, but a group owner
# *cannot* add an arbitrary system to their group because that would
# grant them extra privileges over it.
if not system.can_edit(identity.current.user):
flash(_(u'You do not have permission to edit system %s' % system))
redirect('edit?group_id=%s' % kw['group_id'])
group = Group.by_id(kw['group_id'])
if group in system.groups:
flash(
_(u"System '%s' is already in group '%s'" %
(system.fqdn, group.group_name)))
redirect("./edit?group_id=%s" % kw['group_id'])
group.systems.append(system)
activity = GroupActivity(identity.current.user, u'WEBUI', u'Added',
u'System', u"", system.fqdn)
group.activity.append(activity)
system.record_activity(user=identity.current.user,
service=u'WEBUI',
action=u'Added',
field=u'Group',
old=u"",
new=group.display_name)
flash(_(u"OK"))
redirect("./edit?group_id=%s" % kw.get('group_id'))
@identity.require(identity.in_group("admin"))
@expose(format='json')
def save_group_permissions(self, **kw):
try:
permission_name = kw['permissions']['text']