def create_role_user(session, actor, name, description, canjoin):
# type (Session, User, str, str, str) -> None
"""DEPRECATED: Do not use in production code
Creates a service account with the given name, description, and canjoin status
Args:
session: the database session
actor: the user creating the service account
name: the name of the service account
description: description of the service account
canjoin: the canjoin status for management of the service account
Throws:
IntegrityError: if a user or group with the given name already exists
"""
user = User(username=name, role_user=True)
group = Group(groupname=name, description=description, canjoin=canjoin)
user.add(session)
group.add(session)
group.add_member(actor, actor, "Group Creator", "actioned", None, "np-owner")
group.add_member(actor, user, "Service Account", "actioned", None, "member")
session.commit()
AuditLog.log(
session,
actor.id,
"create_role_user",
"Created new service account.",
on_group_id=group.id,
on_user_id=user.id,
)
def create_role_user(session, actor, name, description, canjoin):
# type (Session, User, str, str, str) -> None
"""DEPRECATED: Do not use in production code
Creates a service account with the given name, description, and canjoin status
Args:
session: the database session
actor: the user creating the service account
name: the name of the service account
description: description of the service account
canjoin: the canjoin status for management of the service account
Throws:
IntegrityError: if a user or group with the given name already exists
"""
user = User(username=name, role_user=True)
group = Group(groupname=name, description=description, canjoin=canjoin)
user.add(session)
group.add(session)
group.add_member(actor, actor, "Group Creator", "actioned", None, "np-owner")
group.add_member(actor, user, "Service Account", "actioned", None, "member")
session.commit()
AuditLog.log(
session,
actor.id,
"create_role_user",
"Created new service account.",
on_group_id=group.id,
on_user_id=user.id,
)
def mutate_group_command(session: Session, group: Group,
args: Namespace) -> None:
for username in args.username:
user = User.get(session, name=username)
if not user:
logging.error("no such user '{}'".format(username))
return
if args.subcommand == "add_member":
if args.member:
role = "member"
elif args.owner:
role = "owner"
elif args.np_owner:
role = "np-owner"
elif args.manager:
role = "manager"
assert role
logging.info("Adding {} as {} to group {}".format(
username, role, args.groupname))
group.add_member(user,
user,
"grouper-ctl join",
status="actioned",
role=role)
AuditLog.log(
session,
user.id,
"join_group",
"{} manually joined via grouper-ctl".format(username),
on_group_id=group.id,
)
session.commit()
elif args.subcommand == "remove_member":
logging.info("Removing {} from group {}".format(
username, args.groupname))
try:
group.revoke_member(user, user, "grouper-ctl remove")
AuditLog.log(
session,
user.id,
"leave_group",
"{} manually left via grouper-ctl".format(username),
on_group_id=group.id,
)
session.commit()
except PluginRejectedGroupMembershipUpdate as e:
logging.error("%s", e)
def post(self, *args: Any, **kwargs: Any) -> None:
form = GroupCreateForm(self.request.arguments)
if not form.validate():
return self.render(
"group-create.html", form=form, alerts=self.get_form_alerts(form.errors)
)
if "@" in form.data["groupname"]:
form.groupname.errors.append("Group names cannot contain @")
return self.render(
"group-create.html", form=form, alerts=self.get_form_alerts(form.errors)
)
group = Group(
groupname=form.data["groupname"],
description=form.data["description"],
canjoin=form.data["canjoin"],
auto_expire=form.data["auto_expire"],
require_clickthru_tojoin=form.data["require_clickthru_tojoin"],
)
try:
group.add(self.session)
self.session.flush()
except IntegrityError:
self.session.rollback()
form.groupname.errors.append("{} already exists".format(form.data["groupname"]))
return self.render(
"group-create.html", form=form, alerts=self.get_form_alerts(form.errors)
)
group.add_member(
self.current_user,
self.current_user,
"Group Creator",
"actioned",
None,
form.data["creatorrole"],
)
self.session.commit()
AuditLog.log(
self.session,
self.current_user.id,
"create_group",
"Created new group.",
on_group_id=group.id,
)
return self.redirect("/groups/{}?refresh=yes".format(group.name))
def post(self, *args, **kwargs):
# type: (*Any, **Any) -> None
form = GroupCreateForm(self.request.arguments)
if not form.validate():
return self.render(
"group-create.html", form=form, alerts=self.get_form_alerts(form.errors)
)
group = Group(
groupname=form.data["groupname"],
description=form.data["description"],
canjoin=form.data["canjoin"],
auto_expire=form.data["auto_expire"],
require_clickthru_tojoin=form.data["require_clickthru_tojoin"],
)
try:
group.add(self.session)
self.session.flush()
except IntegrityError:
self.session.rollback()
form.groupname.errors.append("{} already exists".format(form.data["groupname"]))
return self.render(
"group-create.html", form=form, alerts=self.get_form_alerts(form.errors)
)
group.add_member(
self.current_user,
self.current_user,
"Group Creator",
"actioned",
None,
form.data["creatorrole"],
)
self.session.commit()
AuditLog.log(
self.session,
self.current_user.id,
"create_group",
"Created new group.",
on_group_id=group.id,
)
return self.redirect("/groups/{}?refresh=yes".format(group.name))
def post(self):
form = GroupCreateForm(self.request.arguments)
if not form.validate():
return self.render(
"group-create.html", form=form,
alerts=self.get_form_alerts(form.errors)
)
user = self.get_current_user()
group = Group(
groupname=form.data["groupname"],
description=form.data["description"],
canjoin=form.data["canjoin"],
auto_expire=form.data["auto_expire"],
)
try:
group.add(self.session)
self.session.flush()
except IntegrityError:
self.session.rollback()
form.groupname.errors.append(
"{} already exists".format(form.data["groupname"])
)
return self.render(
"group-create.html", form=form,
alerts=self.get_form_alerts(form.errors)
)
group.add_member(user, user, "Group Creator", "actioned", None, form.data["creatorrole"])
self.session.commit()
AuditLog.log(self.session, self.current_user.id, 'create_group',
'Created new group.', on_group_id=group.id)
return self.redirect("/groups/{}?refresh=yes".format(group.name))
