def manage_editUserRoles(self, user_dn, role_dns=[], REQUEST=None):
""" Edit the roles (groups) of a user """
all_groups = self.getGroups(attr='dn')
cur_groups = self.getGroups(dn=user_dn, attr='dn')
operations = []
luf = self.getLUF()
user = self.getUserByDN(user_dn)
if user is None:
return
for role_dn in role_dns:
if role_dn not in all_groups:
newgroup_type = 'groupOfUniqueNames'
newgroup_member = GROUP_MEMBER_MAP.get(newgroup_type)
newgroup_name = luf._delegate.explode_dn(role_dn, 1)[0]
connection = luf._connect()
attr_list = [ ('objectClass', ['top', newgroup_type])
, ('cn', newgroup_name)
, (newgroup_member, [user_dn, luf._binduid])
]
connection.add_s(role_dn, attr_list)
for group in all_groups:
if group in cur_groups and group not in role_dns:
operations.append({ 'op' : luf._delegate.DELETE
, 'target' : group
, 'type' : luf.getGroupType(group)
} )
elif group in role_dns and group not in cur_groups:
operations.append({ 'op' : luf._delegate.ADD
, 'target' : group
, 'type' : luf.getGroupType(group)
} )
if operations:
connection = luf._connect()
for to_do in operations:
mod_list = ( ( to_do['op']
, GROUP_MEMBER_MAP.get(to_do['type'])
, user_dn
), )
try:
connection.modify_s(to_do['target'], mod_list)
except Exception, e:
msg = str(e)
msg = 'Roles changed for %s' % (user_dn)
def getGroupedUsers(self, groups=None):
""" Retrieve all users that in the groups i know about """
all_dns = {}
users = []
luf = self.getLUF()
possible_members = GROUP_MEMBER_MAP.values()
if groups is None:
groups = self.getGroups()
for group_id, group_dn in groups:
group_details = self.getGroupDetails(group_id)
for attribute_name, dn_list in group_details:
if attribute_name in possible_members:
for dn in dn_list:
all_dns[dn] = 1
for dn in all_dns.keys():
user = luf.getUserByDN(dn)
if user is not None:
users.append(user.__of__(self))
return tuple(users)