class AddLdapGroupForm(forms.Form):
name = forms.RegexField(
label="Name",
max_length=64,
regex='^%s$' % (get_groupname_re_rule(),),
help_text=_("Required. 30 characters or fewer. May only contain letters, "
"numbers, hyphens or underscores."),
error_messages={'invalid': _("Whitespaces and ':' not allowed") })
dn = forms.BooleanField(label=_("Distinguished name"),
help_text=_("Whether or not the group should be imported by "
"distinguished name."),
initial=False,
required=False)
import_members = forms.BooleanField(label=_('Import new members'),
help_text=_('Import unimported or new users from the group.'),
initial=False,
required=False)
ensure_home_directories = forms.BooleanField(label=_('Create home directories'),
help_text=_('Create home directories for every member imported, if members are being imported.'),
initial=True,
required=False)
def clean(self):
cleaned_data = super(AddLdapGroupForm, self).clean()
name = cleaned_data.get("name")
dn = cleaned_data.get("dn")
if not dn:
if name is not None and len(name) > 30:
msg = _('Too long: 30 characters or fewer and not %(name)s') % dict(name=(len(name),))
errors = self._errors.setdefault('name', ErrorList())
errors.append(msg)
raise forms.ValidationError(msg)
return cleaned_data
class GroupEditForm(forms.ModelForm):
"""
Form to manipulate a group. This manages the group name and its membership.
"""
GROUPNAME = re.compile('^%s$' % get_groupname_re_rule())
class Meta:
model = Group
fields = ("name",)
def clean_name(self):
# Note that the superclass doesn't have a clean_name method.
data = self.cleaned_data["name"]
if not self.GROUPNAME.match(data):
raise forms.ValidationError(_("Group name may only contain letters, " +
"numbers, hyphens or underscores."))
return data
def __init__(self, *args, **kwargs):
super(GroupEditForm, self).__init__(*args, **kwargs)
if self.instance.id:
self.fields['name'].widget.attrs['readonly'] = True
initial_members = User.objects.filter(groups=self.instance).order_by('username')
initial_perms = HuePermission.objects.filter(grouppermission__group=self.instance).order_by('app','description')
else:
initial_members = []
initial_perms = []
self.fields["members"] = _make_model_field(_("members"), initial_members, User.objects.order_by('username'))
self.fields["permissions"] = _make_model_field(_("permissions"), initial_perms, HuePermission.objects.order_by('app','description'))
def _compute_diff(self, field_name):
current = set(self.fields[field_name].initial_objs)
updated = set(self.cleaned_data[field_name])
delete = current.difference(updated)
add = updated.difference(current)
return delete, add
def save(self):
super(GroupEditForm, self).save()
self._save_members()
self._save_permissions()
def _save_members(self):
delete_membership, add_membership = self._compute_diff("members")
for user in delete_membership:
user.groups.remove(self.instance)
user.save()
for user in add_membership:
user.groups.add(self.instance)
user.save()
def _save_permissions(self):
delete_permission, add_permission = self._compute_diff("permissions")
for perm in delete_permission:
GroupPermission.objects.get(group=self.instance, hue_permission=perm).delete()
for perm in add_permission:
GroupPermission.objects.create(group=self.instance, hue_permission=perm)
def validate_groupname(groupname_pattern):
validator = re.compile(r"^%s$" % get_groupname_re_rule())
assert groupname_pattern is not None, _("Group name required.")
assert len(groupname_pattern) <= 80, _("Group name must be 80 characters or fewer.")
assert validator.match(groupname_pattern), _(
"Group name can be any character as long as it's 80 characters or fewer."
)
def validate_groupname(groupname_pattern):
validator = re.compile(r"^%s$" % get_groupname_re_rule())
if not groupname_pattern:
raise ValidationError(_('Group name required.'))
if len(groupname_pattern) > 80:
raise ValidationError(_('Group name must be 80 characters or fewer.'))
if not validator.match(groupname_pattern):
raise ValidationError(_("Group name can be any character as long as it's 80 characters or fewer."))
def validate_groupname(groupname_pattern):
validator = re.compile(r"^%s$" % get_groupname_re_rule())
assert groupname_pattern is not None, _('Group name required.')
assert len(groupname_pattern) <= 80, _(
'Group name must be 80 characters or fewer.')
assert validator.match(groupname_pattern), _(
"Group name can be any character as long as it's 80 characters or fewer."
)
def validate_groupname(groupname_pattern):
validator = re.compile(r"^%s$" % get_groupname_re_rule())
if not groupname_pattern:
raise ValidationError(_('Group name required.'))
if len(groupname_pattern) > 80:
raise ValidationError(_('Group name must be 80 characters or fewer.'))
if not validator.match(groupname_pattern):
raise ValidationError(_("Group name can be any character as long as it's 80 characters or fewer."))
class AddLdapGroupsForm(forms.Form):
groupname_pattern = forms.RegexField(
label=_t("Name"),
max_length=80,
regex='^%s$' % get_groupname_re_rule(),
help_text=_t("Required. 80 characters or fewer."),
error_messages={'invalid': _t("80 characters or fewer.")})
dn = forms.BooleanField(
label=_t("Distinguished name"),
help_text=_t("Whether or not the group should be imported by "
"distinguished name."),
initial=False,
required=False)
import_members = forms.BooleanField(
label=_t('Import new members'),
help_text=_t('Import unimported or new users from the group.'),
initial=False,
required=False)
ensure_home_directories = forms.BooleanField(
label=_t('Create home directories'),
help_text=_t(
'Create home directories for every member imported, if members are being imported.'
),
initial=True,
required=False)
import_members_recursive = forms.BooleanField(
label=_t('Import new members from all subgroups'),
help_text=_t('Import unimported or new users from the all subgroups.'),
initial=False,
required=False)
def __init__(self, *args, **kwargs):
super(AddLdapGroupsForm, self).__init__(*args, **kwargs)
self.fields['server'] = forms.ChoiceField(choices=get_server_choices(),
required=False)
def clean(self):
cleaned_data = super(AddLdapGroupsForm, self).clean()
groupname_pattern = cleaned_data.get("groupname_pattern")
dn = cleaned_data.get("dn")
if not dn:
if groupname_pattern is not None and len(groupname_pattern) > 80:
msg = _('Too long: 80 characters or fewer and not %s'
) % groupname_pattern
errors = self._errors.setdefault('groupname_pattern',
ErrorList())
errors.append(msg)
raise forms.ValidationError(msg)
return cleaned_data
class AuditLoggingMiddleware(object):
username_re = get_username_re_rule()
groupname_re = get_groupname_re_rule()
operations = {
'/accounts/login': '******',
'/accounts/logout': 'USER_LOGOUT',
'/useradmin/users/add_ldap_users': 'ADD_LDAP_USERS',
'/useradmin/users/add_ldap_groups': 'ADD_LDAP_GROUPS',
'/useradmin/users/sync_ldap_users_groups': 'SYNC_LDAP_USERS_GROUPS',
'/useradmin/users/new': 'CREATE_USER',
'/useradmin/groups/new': 'CREATE_GROUP',
'/useradmin/users/delete': 'DELETE_USER',
'/useradmin/groups/delete': 'DELETE_GROUP'
}
operation_patterns = {
'/useradmin/permissions/edit/(?P<app>.*)/(?P<priv>.*)':
'EDIT_PERMISSION',
'/useradmin/users/edit/(?P<username>%s)' % (username_re, ):
'EDIT_USER',
'/useradmin/groups/edit/(?P<name>%s)' % (groupname_re, ): 'EDIT_GROUP'
}
process_view_operations = ('USER_LOGOUT', 'DELETE_USER')
def __init__(self):
from desktop.conf import AUDIT_EVENT_LOG_DIR, SERVER_USER
self.impersonator = SERVER_USER.get()
if not AUDIT_EVENT_LOG_DIR.get():
LOG.info('Unloading AuditLoggingMiddleware')
raise exceptions.MiddlewareNotUsed
def process_view(self, request, view_func, view_args, view_kwargs):
try:
operation = self._get_operation(request.path)
if operation in self.process_view_operations:
self._log_message(operation, request)
except Exception, e:
LOG.error('Could not audit the request: %s' % e)
return None
# Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. from django.conf.urls import url from desktop.lib.django_util import get_username_re_rule, get_groupname_re_rule from useradmin import views as useradmin_views from useradmin import api as useradmin_api username_re = get_username_re_rule() groupname_re = get_groupname_re_rule() urlpatterns = [ url(r'^$', useradmin_views.list_users, name="useradmin.views.list_users"), url(r'^users/?$', useradmin_views.list_users, name="useradmin.views.list_users"), url(r'^groups/?$', useradmin_views.list_groups, name="useradmin.views.list_groups"), url(r'^permissions/?$', useradmin_views.list_permissions, name="useradmin.views.list_permissions"), url(r'^configurations/?$', useradmin_views.list_configurations, name="useradmin.views.list_configurations"), url(r'^users/edit/(?P<username>%s)$' % (username_re,), useradmin_views.edit_user, name="useradmin.views.edit_user"), url(r'^users/add_ldap_users$', useradmin_views.add_ldap_users, name="useradmin.views.add_ldap_users"), url(r'^users/add_ldap_groups$', useradmin_views.add_ldap_groups, name="useradmin.views.add_ldap_groups"), url(r'^users/sync_ldap_users_groups$', useradmin_views.sync_ldap_users_groups, name="useradmin_views_sync_ldap_users_groups"), url(r'^groups/edit/(?P<name>%s)$' % (groupname_re,), useradmin_views.edit_group, name="useradmin.views.edit_group"), url(r'^permissions/edit/(?P<app>.+?)/(?P<priv>.+?)/?$', useradmin_views.edit_permission, name="useradmin.views.edit_permission"), url(r'^users/new$', useradmin_views.edit_user, name="useradmin.views.edit_user"),
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from django.conf.urls.defaults import patterns, url
from desktop.lib.django_util import get_username_re_rule, get_groupname_re_rule
username_re = get_username_re_rule()
groupname_re = get_groupname_re_rule()
urlpatterns = patterns('useradmin.views',
url(r'^$', 'list_users'),
url(r'^users$', 'list_users'),
url(r'^groups$', 'list_groups'),
url(r'^permissions$', 'list_permissions'),
url(r'^users/edit/(?P<username>%s)$' % (username_re,), 'edit_user'),
url(r'^users/add_ldap_users$', 'add_ldap_users'),
url(r'^users/add_ldap_groups$', 'add_ldap_groups'),
url(r'^users/sync_ldap_users_groups$', 'sync_ldap_users_groups'),
url(r'^groups/edit/(?P<name>%s)$' % (groupname_re,), 'edit_group'),
url(r'^permissions/edit/(?P<app>.*)/(?P<priv>.*)$', 'edit_permission'),
url(r'^users/new$', 'edit_user', name="useradmin.new"),
url(r'^groups/new$', 'edit_group', name="useradmin.new_group"),
class GroupEditForm(forms.ModelForm):
"""
Form to manipulate a group. This manages the group name and its membership.
"""
GROUPNAME = re.compile('^%s$' % get_groupname_re_rule())
class Meta(object):
model = Group
fields = ["name"]
if ENABLE_ORGANIZATIONS.get():
fields.append("organization")
def __init__(self, *args, **kwargs):
super(GroupEditForm, self).__init__(*args, **kwargs)
if self.instance.id:
self.fields['name'].widget.attrs['readonly'] = True
initial_members = User.objects.filter(
groups=self.instance).order_by(
'email' if ENABLE_ORGANIZATIONS.get() else 'username')
initial_perms = HuePermission.objects.filter(
grouppermission__group=self.instance).order_by(
'app', 'description')
else:
initial_members = []
initial_perms = []
self.fields["members"] = _make_model_field(
_("members"), initial_members, User.objects.order_by('username'))
self.fields["permissions"] = _make_model_field(
_("permissions"), initial_perms,
HuePermission.objects.order_by('app', 'description'))
if 'organization' in self.fields:
self.fields['organization'] = forms.ChoiceField(
choices=((get_user_request_organization().id,
get_user_request_organization()), ),
initial=get_user_request_organization())
def _compute_diff(self, field_name):
current = set(self.fields[field_name].initial_objs)
updated = set(self.cleaned_data[field_name])
delete = current.difference(updated)
add = updated.difference(current)
return delete, add
def save(self):
super(GroupEditForm, self).save()
self._save_members()
self._save_permissions()
def clean_name(self):
# Note that the superclass doesn't have a clean_name method.
data = self.cleaned_data["name"]
if not self.GROUPNAME.match(data):
raise forms.ValidationError(
_("Group name may only contain letters, numbers, hyphens or underscores."
))
return data
def clean_organization(self):
try:
return Organization.objects.get(
id=int(self.cleaned_data.get('organization')))
except:
LOG.exception('The organization does not exist.')
return None
def _save_members(self):
delete_membership, add_membership = self._compute_diff("members")
for user in delete_membership:
user.groups.remove(self.instance)
user.save()
for user in add_membership:
user.groups.add(self.instance)
user.save()
def _save_permissions(self):
delete_permission, add_permission = self._compute_diff("permissions")
for perm in delete_permission:
GroupPermission.objects.get(group=self.instance,
hue_permission=perm).delete()
for perm in add_permission:
GroupPermission.objects.create(group=self.instance,
hue_permission=perm)
