def import_users(self): """Imports users from all the configured LDAP plugins into OGDS. """ session = create_session() # Set all SQL users inactive first - the ones still contained in the LDAP # will be set active again below (in the same transaction). for user in session.query(User): user.active = 0 for plugin in self._ldap_plugins(): ldap_userfolder = plugin._getLDAPUserFolder() uid_attr = self._get_uid_attr(ldap_userfolder) ldap_util = ILDAPSearch(ldap_userfolder) ldap_users = ldap_util.get_users() for ldap_user in ldap_users: dn, info = ldap_user # Ignore users without an UID in LDAP if not uid_attr in info: continue userid = info[uid_attr] # Skip users with uid longer than SQL 'userid' column # FIXME: Increase size of SQL column to 64 if len(userid) > 30: continue if not self.user_exists(userid): # Create the new user user = User(userid) session.add(user) else: # Get the existing user user = session.query(User).filter_by(userid=userid).first() # Iterate over all SQL columns and update their values columns = User.__table__.columns for col in columns: if col.name == 'userid': # We already set the userid when creating the user # object, and it may not be called the same in LDAP as # in our SQL model continue value = info.get(col.name) # We can't store sequences in SQL columns. So if we do get a multi-valued field # to be stored directly in OGDS, we treat it as a multi-line string and join it. if isinstance(value, list) or isinstance(value, tuple): value = ' '.join([str(v) for v in value]) setattr(user, col.name, value) # Set the user active user.active = 1 logger.info("Imported user '%s'..." % userid) session.flush()
def test_equality(self): self.assertEqual(User('aa'), User('aa')) self.assertNotEqual(User('aa'), User('bb')) self.assertNotEqual(User('aa'), User(123)) self.assertNotEqual(User('aa'), User(None)) self.assertNotEqual(User('aa'), object()) self.assertNotEqual(User('aa'), None)
def _create_example_user(session, site, userid, properties, groups): acl_users = site.acl_users password = '******' # add the user to acl_users on site level if not acl_users.getUserById(userid): acl_users.source_users.addUser(userid, userid, password) # create the user object in sql if session.query(User).filter_by(userid=userid).count() == 0: user = User(userid, **properties) session.add(user) else: user = session.query(User).filter_by(userid=userid).first() # append the user to the group for groupid in groups: groups = session.query(Group).filter(Group.groupid == groupid).all() # does the group don't exist create it if len(groups) == 0: group = Group(groupid) group.users.append(user) session.add(group) else: groups[0].users.append(user) session.add(groups[0]) transaction.commit() return session.query(User).filter_by(userid=userid).first()
def test_create_sets_attrs(self): attrs = { 'userid': 'hugo.boss', 'active': True, 'firstname': 'Hugo', 'lastname': 'Boss', 'directorate_abbr': 'FD', 'directorate': 'Finanzdepartement', 'department_abbr': 'FV', 'department': 'Finanzverwaltung', 'email': '*****@*****.**', 'email2': '*****@*****.**', 'url': 'http://example.com', 'phone_office': '012 345 67 89', 'phone_fax': '012 345 67 81', 'phone_mobile': '079 123 45 67', 'salutation': 'Herr', 'description': 'Meister Boss', 'address1': 'Bossstrasse 1', 'address2': 'Oberes Bosshaus', 'zip_code': '1234', 'city': 'Bossingen', 'country': 'Schweiz', 'import_stamp': 'stamp', } user = User(**attrs) for key, value in attrs.items(): self.assertEqual(getattr(user, key), value)
def migrate(self): # Add a temp secretary id column to meetings new_secretary_id = Column('new_secretary_id', String(USER_ID_LENGTH), ForeignKey(User.userid)) self.op.add_column('meetings', new_secretary_id) # Populate temp secretary column - user if match else new inactive user meetings_table = table( 'meetings', column('id'), column('secretary_id'), column('new_secretary_id'), ) meetings = self.connection.execute(meetings_table.select()).fetchall() for meeting in meetings: if meeting.secretary_id: member = Member.query.get(meeting.secretary_id) if member: user = User.query.filter(User.firstname == member.firstname, User.lastname == member.lastname).first() if not user: # We have to create an inactive user for the member userid = uuid4().hex user = User(userid) user.active = False user.firstname = member.firstname user.lastname = member.lastname user.email = member.email self.session.add(user) self.session.flush() self.execute( meetings_table.update() .values(new_secretary_id=user.userid) .where(meetings_table.columns.id == meeting.id) ) # Drop old secretary column self.op.drop_column('meetings', 'secretary_id') # Rename temp secretary column self.op.alter_column('meetings', 'new_secretary_id', new_column_name='secretary_id')
def test_handles_reassign_to_the_same_user_correctly(self, browser): # add additional org_unit org_unit = self.add_additional_org_unit() org_unit.users_group.users.append(User.get(self.regular_user.id)) self.login(self.regular_user, browser) # manually register watchers center = notification_center() center.add_task_responsible(self.task, self.task.responsible) center.add_task_issuer(self.task, self.task.issuer) self.reassign(browser, self.regular_user, u'Bitte Abkl\xe4rungen erledigen.') resource = notification_center().fetch_resource(self.task) create_session().refresh(resource) subscriptions = resource.subscriptions self.assertItemsEqual( [(self.regular_user.id, TASK_RESPONSIBLE_ROLE), (self.dossier_responsible.id, TASK_ISSUER_ROLE)], [(sub.watcher.actorid, sub.role) for sub in subscriptions])
def create_ogds_user(userid, session=None, groups=('og_mandant1_users', ), assigned_client=[], **properties): session = session or create_session() defaults = { 'firstname': 'Hugo', 'lastname': 'Boss', 'email': '*****@*****.**' } options = defaults.copy() options.update(properties) try: user = session.query(User).filter_by(userid=userid).one() except NoResultFound: user = User(userid, **options) else: for key, value in options.items(): setattr(user, key, value) session.add(user) for groupid in groups: ogds_add_user_to_group(user, groupid, session=session) for client in assigned_client: assign_user_to_client(user, client, session=session) reset_ogds_sync_stamp(getSite()) return user
def migrate(self): # Add a temp secretary id column to meetings new_secretary_id = Column('new_secretary_id', String(USER_ID_LENGTH), ForeignKey(User.userid)) self.op.add_column('meetings', new_secretary_id) # Populate temp secretary column - user if match else new inactive user meetings_table = table( 'meetings', column('id'), column('secretary_id'), column('new_secretary_id'), ) meetings = self.connection.execute(meetings_table.select()).fetchall() for meeting in meetings: if meeting.secretary_id: member = Member.query.get(meeting.secretary_id) if member: user = User.query.filter( User.firstname == member.firstname, User.lastname == member.lastname).first() if not user: # We have to create an inactive user for the member userid = uuid4().hex user = User(userid) user.active = False user.firstname = member.firstname user.lastname = member.lastname user.email = member.email self.session.add(user) self.session.flush() self.execute(meetings_table.update().values( new_secretary_id=user.userid).where( meetings_table.columns.id == meeting.id)) # Drop old secretary column self.op.drop_column('meetings', 'secretary_id') # Rename temp secretary column self.op.alter_column('meetings', 'new_secretary_id', new_column_name='secretary_id')
def test_label_is_the_fullname_with_userid_in_braces(self): sammy = User('sammy', firstname='Samuel', lastname='Jackson') self.assertEqual('Jackson Samuel (sammy)', sammy.label())
def test_repr(self): self.assertEqual(str(User('a-user')), '<User a-user>')
def get_user(self): return User.get(self._user_id)
def import_users(self): """Imports users from all the configured LDAP plugins into OGDS. """ session = create_session() # Set all SQL users inactive first - the ones still contained in the # LDAP will be set active again below (in the same transaction). for user in session.query(User): user.active = False for plugin in self._ldap_plugins(): ldap_userfolder = plugin._getLDAPUserFolder() uid_attr = self._get_uid_attr(ldap_userfolder) ldap_util = ILDAPSearch(ldap_userfolder) logger.info(u'Users base: %s' % ldap_userfolder.users_base) logger.info(u'User filter: %s' % ldap_util.get_user_filter()) ldap_users = ldap_util.get_users() for ldap_user in ldap_users: dn, info = ldap_user # Ignore users without an UID in LDAP if uid_attr not in info: continue userid = info[uid_attr] userid = userid.decode('utf-8') # Skip users with uid longer than SQL 'userid' column if len(userid) > USER_ID_LENGTH: logger.warn(u"Skipping user '{}' - " u"userid too long!".format(userid)) continue if not self.user_exists(userid): # Create the new user user = User(userid) session.add(user) else: # Get the existing user try: user = self.get_sql_user(userid) except MultipleResultsFound: # Duplicate user with slightly different spelling # (casing, whitespace, ...) that may not be considered # different by the SQL backend's unique constraint. # We therefore enforce uniqueness ourselves. logger.warn( u"Skipping duplicate user '{}'!".format(userid)) continue # Iterate over all SQL columns and update their values columns = User.__table__.columns for col in columns: if col.name == 'userid': # We already set the userid when creating the user # object, and it may not be called the same in LDAP as # in our SQL model continue value = info.get(col.name) # We can't store sequences in SQL columns. So if we do get # a multi-valued field to be stored directly in OGDS, we # treat it as a multi-line string and join it. if isinstance(value, list) or isinstance(value, tuple): value = ' '.join([str(v) for v in value]) if isinstance(value, str): value = value.decode('utf-8') # Truncate purely descriptive user fields if necessary if isinstance(col.type, String): if value and len(value) > col.type.length: logger.warn(u"Truncating value %r for column %r " u"(user: %r)" % (value, col.name, userid)) value = value[:col.type.length] setattr(user, col.name, value) # Set the user active user.active = True logger.info(u"Imported user '{}'".format(userid)) session.flush()
def test_get(self): self.assertEqual(self.john, User.get('john')) self.assertIsNone(User.get('asds'))
def test_fullname_is_first_and_lastname(self): billy = User("billyj", firstname="billy", lastname="johnson") self.assertEquals('johnson billy', billy.fullname())
def test_get_by(self): self.assertEqual(self.john, User.get_by(userid='john')) self.assertIsNone(User.get_by(firstname='blabla'))
def test_get_one(self): self.assertEqual(self.hugo, User.get_one(userid='hugo')) with self.assertRaises(NoResultFound): User.get_one(userid='asd')
def test_fullname_is_userid_if_no_name_given(self): billyj = User("billyj") self.assertEquals('billyj', billyj.fullname())
def test_fullname_is_only_first_or_lastname_if_other_is_missing(self): billy = User("billyj", firstname="billy") self.assertEquals('billy', billy.fullname()) johnson = User("billyj", lastname="johnson") self.assertEquals('johnson', johnson.fullname())
def test_label_is_the_fullname_with_userid_in_braces(self): sammy = User("sammy", firstname="Samuel", lastname="Jackson") self.assertEquals("Jackson Samuel (sammy)", sammy.label())
def test_count(self): self.assertEqual(6, User.count())
def __call__(self): form = self.request.form session = create_session() policy_id = form['policy'] client_registry = getUtility(IClientConfigurationRegistry) config = client_registry.get_policy(policy_id) # drop sql tables if form.get('first', False) and config.get('purge_sql', False): self.drop_sql_tables(session) ext_profiles = list(EXTENSION_PROFILES) if config.get('base_profile', None): ext_profiles.append(config.get('base_profile')) # create plone site site = addPloneSite( self.context, form['client_id'], title=form['title'], profile_id=_DEFAULT_PROFILE, extension_ids=ext_profiles, setup_content=False, default_language=config.get('language', 'de-ch'), ) # ldap stool = getToolByName(site, 'portal_setup') if form.get('ldap', False): stool = getToolByName(site, 'portal_setup') stool.runAllImportStepsFromProfile('profile-%s' % form.get('ldap')) # Configure credentials from JSON file at # ~/.opengever/ldap/{hostname}.json configure_ldap_credentials(site) acl_users = getToolByName(site, 'acl_users') plugins = acl_users.plugins # disable source_groups when using ldap for ptype in plugins.listPluginTypeInfo(): try: plugins.deactivatePlugin(ptype['interface'], 'source_groups') except KeyError: pass # deactivate recursive groups for ptype in plugins.listPluginTypeInfo(): try: plugins.deactivatePlugin(ptype['interface'], 'recursive_groups') except KeyError: pass # move ldap up plugins.movePluginsUp(IPropertiesPlugin, ('ldap', )) plugins.movePluginsUp(IPropertiesPlugin, ('ldap', )) plugins.movePluginsUp(IPropertiesPlugin, ('ldap', )) if form.get('first', False) and form.get('import_users', False): print '===== SYNC LDAP ====' class Object(object): pass # Import LDAP users and groups options = Object() options.site_root = '/' + form['client_id'] options.update_syncstamp = False sync_ldap.run_import(self.context, options) if form.get('configsql'): # register the client in the ogds # is the client already configured? -> delete it clients = session.query(Client).filter_by( client_id=form['client_id']).all() if clients: session.delete(clients[0]) # groups must exist users_groups = session.query(Group).filter_by( groupid=form['group']) inbox_groups = session.query(Group).filter_by( groupid=form['inbox_group']) try: users_group = users_groups[0] except IndexError: raise SetupError("User group '%s' could not be found." % form['group']) try: inbox_group = inbox_groups[0] except IndexError: raise SetupError("Inbox group '%s' could not be found." % form['inbox_group']) active = bool(form.get('active', False)) client = Client( form['client_id'], enabled=active, title=form['title'], ip_address=form['ip_address'], site_url=form['site_url'], public_url=form['public_url'], ) client.users_group = users_group client.inbox_group = inbox_group session.add(client) # create the admin user in the ogds if he not exist # and add it to the specified user_group # so we avoid a constraintError in the choice fields if session.query(User).filter_by(userid=ADMIN_USER_ID).count() == 0: og_admin_user = User(ADMIN_USER_ID, firstname='OG', lastname='Administrator', active=True) session.add(og_admin_user) else: og_admin_user = session.query(User).filter_by( userid=ADMIN_USER_ID).first() og_admin_user.active = True users_group = session.query(Group).filter_by( groupid=form['group']).first() if og_admin_user not in users_group.users: users_group.users.append(og_admin_user) # set the client id in the registry client_id = form['client_id'].decode('utf-8') registry = getUtility(IRegistry) proxy = registry.forInterface(IClientConfiguration) proxy.client_id = form['client_id'].decode('utf-8') # set the mail domain in the registry registry = getUtility(IRegistry) proxy = registry.forInterface(IMailSettings) proxy.mail_domain = form['mail_domain'].decode('utf-8') mail_from_address = self.get_mail_from_address() site.manage_changeProperties({ 'email_from_address': mail_from_address, 'email_from_name': client_id }) # set global Member role for the client users group site.acl_users.portal_role_manager.assignRoleToPrincipal( 'Member', form['group']) # set global Member role for readers group if form['reader_group']: site.acl_users.portal_role_manager.assignRoleToPrincipal( 'Member', form['reader_group']) # set Role Manager role for rolemanager group if form['rolemanager_group']: site.acl_users.portal_role_manager.assignRoleToPrincipal( 'Role Manager', form['rolemanager_group']) # provide the repository root for opengever.setup:default repository_root = config.get('repository_root', None) if repository_root: self.request.set('repository_root', repository_root) # import the defaul generic setup profiles if needed stool = getToolByName(site, 'portal_setup') for profile in config.get('additional_profiles', ()): stool.runAllImportStepsFromProfile('profile-%s' % profile) # set the site title site.manage_changeProperties(title=form['title']) # REALLY set the language - the plone4 addPloneSite is really # buggy with languages. langCP = getAdapter(site, ILanguageSelectionSchema) langCP.default_language = 'de-ch' # the og_admin_user is not longer used so we set him to inactive og_admin_user.active = False return 'ok'
def test_create_userid_required(self): with self.assertRaises(TypeError): User()
def test_count(self): self.assertEqual(2, User.count())
def __call__(self): form = self.request.form session = create_session() policy_id = form['policy'] client_registry = getUtility(IClientConfigurationRegistry) config = client_registry.get_policy(policy_id) # drop sql tables if form.get('first', False) and config.get('purge_sql', False): self.drop_sql_tables(session) ext_profiles = list(EXTENSION_PROFILES) if config.get('base_profile', None): ext_profiles.append(config.get('base_profile')) # create plone site site = addPloneSite( self.context, form['client_id'], title=form['title'], profile_id=_DEFAULT_PROFILE, extension_ids=ext_profiles, setup_content=False, default_language=config.get('language', 'de-ch'), ) # ldap stool = getToolByName(site, 'portal_setup') if form.get('ldap', False): stool = getToolByName(site, 'portal_setup') stool.runAllImportStepsFromProfile('profile-%s' % form.get('ldap')) # Configure credentials from JSON file at # ~/.opengever/ldap/{hostname}.json configure_ldap_credentials(site) acl_users = getToolByName(site, 'acl_users') plugins = acl_users.plugins # disable source_groups when using ldap for ptype in plugins.listPluginTypeInfo(): try: plugins.deactivatePlugin(ptype['interface'], 'source_groups') except KeyError: pass # deactivate recursive groups for ptype in plugins.listPluginTypeInfo(): try: plugins.deactivatePlugin(ptype['interface'], 'recursive_groups') except KeyError: pass # move ldap up plugins.movePluginsUp(IPropertiesPlugin, ('ldap',)) plugins.movePluginsUp(IPropertiesPlugin, ('ldap',)) plugins.movePluginsUp(IPropertiesPlugin, ('ldap',)) if form.get('first', False) and form.get('import_users', False): print '===== SYNC LDAP ====' class Object(object): pass # Import LDAP users and groups options = Object() options.site_root = '/' + form['client_id'] options.update_syncstamp = False sync_ldap.run_import(self.context, options) if form.get('configsql'): # register the client in the ogds # is the client already configured? -> delete it clients = session.query(Client).filter_by( client_id=form['client_id']).all() if clients: session.delete(clients[0]) # groups must exist users_groups = session.query(Group).filter_by( groupid=form['group']) inbox_groups = session.query(Group).filter_by( groupid=form['inbox_group']) try: users_group = users_groups[0] except IndexError: raise SetupError("User group '%s' could not be found." % form['group']) try: inbox_group = inbox_groups[0] except IndexError: raise SetupError("Inbox group '%s' could not be found." % form['inbox_group']) active = bool(form.get('active', False)) client = Client(form['client_id'], enabled=active, title=form['title'], ip_address=form['ip_address'], site_url=form['site_url'], public_url=form['public_url'], ) client.users_group = users_group client.inbox_group = inbox_group session.add(client) # create the admin user in the ogds if he not exist # and add it to the specified user_group # so we avoid a constraintError in the choice fields if session.query(User).filter_by(userid=ADMIN_USER_ID).count() == 0: og_admin_user = User(ADMIN_USER_ID, firstname='OG', lastname='Administrator', active=True) session.add(og_admin_user) else: og_admin_user = session.query(User).filter_by( userid=ADMIN_USER_ID).first() og_admin_user.active = True users_group = session.query(Group).filter_by( groupid=form['group']).first() if og_admin_user not in users_group.users: users_group.users.append(og_admin_user) # set the client id in the registry client_id = form['client_id'].decode('utf-8') registry = getUtility(IRegistry) proxy = registry.forInterface(IClientConfiguration) proxy.client_id = form['client_id'].decode('utf-8') # set the mail domain in the registry registry = getUtility(IRegistry) proxy = registry.forInterface(IMailSettings) proxy.mail_domain = form['mail_domain'].decode('utf-8') mail_from_address = self.get_mail_from_address() site.manage_changeProperties({'email_from_address': mail_from_address, 'email_from_name': client_id}) # set global Member role for the client users group site.acl_users.portal_role_manager.assignRoleToPrincipal( 'Member', form['group']) # set global Member role for readers group if form['reader_group']: site.acl_users.portal_role_manager.assignRoleToPrincipal( 'Member', form['reader_group']) # set Role Manager role for rolemanager group if form['rolemanager_group']: site.acl_users.portal_role_manager.assignRoleToPrincipal( 'Role Manager', form['rolemanager_group']) # provide the repository root for opengever.setup:default repository_root = config.get('repository_root', None) if repository_root: self.request.set('repository_root', repository_root) # import the defaul generic setup profiles if needed stool = getToolByName(site, 'portal_setup') for profile in config.get('additional_profiles', ()): stool.runAllImportStepsFromProfile('profile-%s' % profile) # set the site title site.manage_changeProperties(title=form['title']) # REALLY set the language - the plone4 addPloneSite is really # buggy with languages. langCP = getAdapter(site, ILanguageSelectionSchema) langCP.default_language = 'de-ch' # the og_admin_user is not longer used so we set him to inactive og_admin_user.active = False return 'ok'
def import_users(self): """Imports users from all the configured LDAP plugins into OGDS. """ session = create_session() # Set all SQL users inactive first - the ones still contained in the # LDAP will be set active again below (in the same transaction). for user in session.query(User): user.active = False for plugin in self._ldap_plugins(): ldap_userfolder = plugin._getLDAPUserFolder() uid_attr = self._get_uid_attr(ldap_userfolder) ldap_util = ILDAPSearch(ldap_userfolder) logger.info(u"Users base: %s" % ldap_userfolder.users_base) logger.info(u"User filter: %s" % ldap_util.get_user_filter()) ldap_users = ldap_util.get_users() for ldap_user in ldap_users: dn, info = ldap_user # Ignore users without an UID in LDAP if uid_attr not in info: continue userid = info[uid_attr] userid = userid.decode("utf-8") # Skip users with uid longer than SQL 'userid' column if len(userid) > USER_ID_LENGTH: logger.warn(u"Skipping user '{}' - " u"userid too long!".format(userid)) continue if not self.user_exists(userid): # Create the new user user = User(userid) session.add(user) else: # Get the existing user try: user = self.get_sql_user(userid) except MultipleResultsFound: # Duplicate user with slightly different spelling # (casing, whitespace, ...) that may not be considered # different by the SQL backend's unique constraint. # We therefore enforce uniqueness ourselves. logger.warn(u"Skipping duplicate user '{}'!".format(userid)) continue # Iterate over all SQL columns and update their values columns = User.__table__.columns for col in columns: if col.name == "userid": # We already set the userid when creating the user # object, and it may not be called the same in LDAP as # in our SQL model continue value = info.get(col.name) # We can't store sequences in SQL columns. So if we do get # a multi-valued field to be stored directly in OGDS, we # treat it as a multi-line string and join it. if isinstance(value, list) or isinstance(value, tuple): value = " ".join([str(v) for v in value]) if isinstance(value, str): value = value.decode("utf-8") setattr(user, col.name, value) # Set the user active user.active = True logger.info(u"Imported user '{}'".format(userid)) session.flush()