def group_create(self, name, description,
expire_date=None, visibility='A'):
"""Create a group.
:type name: str
:param name: The groups name.
:type description: str
:param description: The groups description.
:type expire_date: DateTime
:param expire_date: The groups expiration date.
:type visibility: str
:param visibility: The groups visibility. Can one of:
'A' All
'I' Internal
'N' None
"""
# Perform auth-check
self.ba.can_create_group(self.operator_id, groupname=name)
# Check if group exists
if Utils.get_group(self.db, 'name', name):
raise Errors.CerebrumRPCException('Group already exists.')
co = Factory.get('Constants')(self.db)
gr = Factory.get('Group')(self.db)
# Test if visibility is sane
vis = co.GroupVisibility(visibility)
try:
int(vis)
except (Errors.NotFoundError, TypeError):
raise Errors.CerebrumRPCException('Invalid visibility.')
# Create the group
# TODO: Moar try/except?
GroupAPI.group_create(gr, self.operator_id, vis, name,
description, expire_date)
# Set moderator if appropriate.
# TODO: use the commented version when we pass the config as a dict.
if getattr(self.config, 'GROUP_OWNER_OPSET', None):
# Fetch operator.
en = Utils.get_entity_by_id(self.db, self.operator_id)
# Grant auth
GroupAPI.grant_auth(en, gr, getattr(self.config,
'GROUP_OWNER_OPSET'))
return gr.entity_id
def in_system(self, id_type, entity_id, system):
"""Check if a user is represented in a system.
:type id_type: basestring
:param id_type: The id-type to look-up by.
:type entity_id: basestring
:param entity_id: The entitys id.
:type system: basestring
:param system: The system to check."""
co = Factory.get('Constants')(self.db)
# Fetch entity
e = Utils.get(self.db, 'entity', id_type, entity_id)
if not e:
# TODO: Should this be raised in the Utils-module/class/whatever?
raise Errors.CerebrumRPCException('Entity does not exist')
try:
sys = co.Spread(system)
int(sys)
except Errors.NotFoundError:
raise Errors.CerebrumRPCException('System does not exist')
try:
return bool(e.get_subclassed_object().has_spread(sys))
except AttributeError:
# If we wind up here, the entity does not have the EntitySpread
# class mixed into itself. When the EntitySpread-class is not mixed
# in, we get an AttributeError since has_spread() is not defined.
# TBD: Return false, or raise something?
return False
def in_system(self, id_type, entity_id, system):
"""Check if a user is represented in a system.
:type id_type: basestring
:param id_type: The id-type to look-up by.
:type entity_id: basestring
:param entity_id: The entitys id.
:type system: basestring
:param system: The system to check."""
co = Factory.get('Constants')(self.db)
# Fetch entity
e = Utils.get(self.db, 'entity', id_type, entity_id)
if not e:
# TODO: Should this be raised in the Utils-module/class/whatever?
raise Errors.CerebrumRPCException('Entity does not exist')
try:
sys = co.Spread(system)
int(sys)
except Errors.NotFoundError:
raise Errors.CerebrumRPCException('System does not exist')
try:
return bool(e.get_subclassed_object().has_spread(sys))
except AttributeError:
# If we wind up here, the entity does not have the EntitySpread
# class mixed into itself. When the EntitySpread-class is not mixed
# in, we get an AttributeError since has_spread() is not defined.
# TBD: Return false, or raise something?
return False
def group_remove_member(self, group_id_type, group_id,
member_id_type, member_id):
"""Remove a member from a group.
:type group_id_type: str
:param group_id_type: Group identifier type, 'id' or 'group_name'
:type group_id: str
:param group_id: Group identifier
:type member_id_type: str
:param member_id_type: Member identifier type, 'id' or 'account_name'
:type member_id: str
:param member_id: Member identifier
:rtype: boolean
"""
# Get the group
gr = Utils.get(self.db, 'group', group_id_type, group_id)
if not gr:
raise Errors.CerebrumRPCException(
'Group %s:%s does not exist.' % (group_id_type, group_id))
# Perform auth check
self.ba.can_alter_group(self.operator_id, gr)
# Get the member we want to add
member = Utils.get(self.db, 'entity', member_id_type, member_id)
if not member:
raise Errors.CerebrumRPCException(
'Entity %s:%s does not exist.' % (member_id_type, member_id))
if not gr.has_member(member.entity_id):
return False
GroupAPI.remove_member(gr, member.entity_id)
return True
def active_in_system(self, id_type, entity_id, system):
"""Check if a user is represented and active in a system.
:type id_type: basestring
:param id_type: The id-type to look-up by.
:type entity_id: basestring
:param entity_id: The entitys id.
:type system: basestring
:param system: The system to check."""
# Check for existing quarantines on the entity that are locking the
# entity out (if the quarantine is active), and also check if the
# entity is in the system.
# TODO: Should this evaluate the shell set by quarantine rules? Some
# quarantines does not result in a locked-status, but has
# nologin-shells associated with them..
import mx
from Cerebrum.QuarantineHandler import QuarantineHandler
co = Factory.get('Constants')(self.db)
# q[i] = {quarantine_type: int, creator_id: int, description: string,
# create_date: DateTime, start_date: DateTime,
# disable_until: DateTime, DateTime: end_date}
e = Utils.get(self.db, 'entity', id_type, entity_id)
# Fetch quarantines if applicable
try:
quars = e.get_entity_quarantine()
except AttributeError:
quars = []
now = mx.DateTime.now()
locked = False
for q in quars:
# Use code string for quarantine type
qt = q['quarantine_type']
qtype = co.map_const(qt)
qhandler = QuarantineHandler(self.db, [qtype])
if (qhandler.is_locked() and
(q['start_date'] <= now and
(q['end_date'] is None or
q['end_date'] > now) and
(q['disable_until'] is None or
q['disable_until'] <= now))):
locked = True
if (locked or not self.in_system(id_type, entity_id, system)):
return False
else:
return True
def active_in_system(self, id_type, entity_id, system):
"""Check if a user is represented and active in a system.
:type id_type: basestring
:param id_type: The id-type to look-up by.
:type entity_id: basestring
:param entity_id: The entitys id.
:type system: basestring
:param system: The system to check."""
# Check for existing quarantines on the entity that are locking the
# entity out (if the quarantine is active), and also check if the
# entity is in the system.
# TODO: Should this evaluate the shell set by quarantine rules? Some
# quarantines does not result in a locked-status, but has
# nologin-shells associated with them..
import mx
from Cerebrum.QuarantineHandler import QuarantineHandler
co = Factory.get('Constants')(self.db)
# q[i] = {quarantine_type: int, creator_id: int, description: string,
# create_date: DateTime, start_date: DateTime,
# disable_until: DateTime, DateTime: end_date}
e = Utils.get(self.db, 'entity', id_type, entity_id)
# Fetch quarantines if applicable
try:
quars = e.get_entity_quarantine()
except AttributeError:
quars = []
now = mx.DateTime.now()
locked = False
for q in quars:
# Use code string for quarantine type
qt = q['quarantine_type']
qtype = co.map_const(qt)
qhandler = QuarantineHandler(self.db, [qtype])
if (qhandler.is_locked() and
(q['start_date'] <= now and
(q['end_date'] is None or q['end_date'] > now) and
(q['disable_until'] is None or q['disable_until'] <= now))):
locked = True
if (locked or not self.in_system(id_type, entity_id, system)):
return False
else:
return True
def group_info(self, group_id_type, group_id):
"""Get information about a group.
:type group_id_type: str
:param group_id_type: Group identifier type, 'id' or 'group_name'
:type group_id: str
:param group_id: Group identifier
"""
gr = Utils.get(self.db, 'group', group_id_type, group_id)
# Check if group exists
if not gr:
raise Errors.CerebrumRPCException(
'Group %s:%s does not exist.' % (group_id_type, group_id))
return GroupAPI.group_info(gr)
def spread_list(self, id_type, entity_id):
"""List account's spreads.
:type id_type: basestring
:param id_type: The id-type to look-up by.
:type entity_id: basestring
:param entity_id: The entitys id."""
co = Factory.get('Constants')(self.db)
e = Utils.get(self.db, 'entity', id_type, entity_id)
spreads = dict()
def fixer(id):
if id[0] in spreads:
return str(spreads[id[0]])
s = spreads[id[0]] = co.map_const(id[0])
return str(s)
try:
return map(fixer, e.get_subclassed_object().get_spread())
except NameError:
raise Errors.CerebrumRPCException("No spreads in entity")
def group_list(self, group_id_type, group_id):
"""Get list of group members
:type group_id_type: str
:param group_id_type: Group identifier type, 'id' or 'group_name'
:type group_id: unicode or str
:param group_id: Group identifier
:rtype: list(dict{'name': name or id, 'type': type})
"""
gr = Utils.get(self.db, 'group', group_id_type, group_id)
# Check if group exists
if not gr:
raise Errors.CerebrumRPCException(
'Group %s:%s does not exist.' % (group_id_type, group_id))
lst = [{'name': x[1], 'type': x[0]} for x in
map(Utils.get_entity_designator, GroupAPI.group_list(gr))]
return lst
def spread_list(self, id_type, entity_id):
"""List account's spreads.
:type id_type: basestring
:param id_type: The id-type to look-up by.
:type entity_id: basestring
:param entity_id: The entitys id."""
co = Factory.get('Constants')(self.db)
e = Utils.get(self.db, 'entity', id_type, entity_id)
spreads = dict()
def fixer(id):
if id[0] in spreads:
return str(spreads[id[0]])
s = spreads[id[0]] = co.map_const(id[0])
return str(s)
try:
return map(fixer, e.get_subclassed_object().get_spread())
except NameError:
raise Errors.CerebrumRPCException("No spreads in entity")
def add_to_system(self, id_type, entity_id, system):
"""Add an entity to a system.
:type id_type: basestring
:param id_type: The id-type to look-up by.
:type entity_id: basestring
:param entity_id: The entitys id.
:type system: basestring
:param system: The system the entity should be added to."""
# Fetch entity
en = Utils.get(self.db, 'entity', id_type, entity_id)
if not en:
# TODO: Should this be raised in the Utils-module/class/whatever?
raise Errors.CerebrumRPCException('Entity does not exist')
co = Factory.get('Constants')(self.db)
try:
sys = co.Spread(system)
int(sys)
except Errors.NotFoundError:
raise Errors.CerebrumRPCException('System does not exist')
self.ba.can_add_spread(self.operator_id, en, sys)
try:
if en.get_subclassed_object().has_spread(sys):
return
en.get_subclassed_object().add_spread(sys)
except AttributeError:
raise Errors.CerebrumRPCException('Can\'t add entity to system.')
except self.db.IntegrityError:
# TODO: This seems correct?
raise Errors.CerebrumRPCException(
'Entity not applicable for system.')
def add_to_system(self, id_type, entity_id, system):
"""Add an entity to a system.
:type id_type: basestring
:param id_type: The id-type to look-up by.
:type entity_id: basestring
:param entity_id: The entitys id.
:type system: basestring
:param system: The system the entity should be added to."""
# Fetch entity
en = Utils.get(self.db, 'entity', id_type, entity_id)
if not en:
# TODO: Should this be raised in the Utils-module/class/whatever?
raise Errors.CerebrumRPCException('Entity does not exist')
co = Factory.get('Constants')(self.db)
try:
sys = co.Spread(system)
int(sys)
except Errors.NotFoundError:
raise Errors.CerebrumRPCException('System does not exist')
self.ba.can_add_spread(self.operator_id, en, sys)
try:
if en.get_subclassed_object().has_spread(sys):
return
en.get_subclassed_object().add_spread(sys)
except AttributeError:
raise Errors.CerebrumRPCException('Can\'t add entity to system.')
except self.db.IntegrityError:
# TODO: This seems correct?
raise Errors.CerebrumRPCException(
'Entity not applicable for system.')
def group_set_expire(self, group_id_type, group_id, expire_date=None):
"""Set an expire-date on a group.
:type group_id_type: str
:param group_id_type: Group identifier type, 'id' or 'group_name'
:type group_id: str
:param group_id: Group identifier
:type expire_date: <mx.DateTime>
:param expire_date: The expire-date to set, or None.
"""
# Get group
gr = Utils.get(self.db, 'group', group_id_type, group_id)
if not gr:
raise Errors.CerebrumRPCException(
'Group %s:%s does not exist.' % (group_id_type, group_id))
# Perform auth check
self.ba.can_alter_group(self.operator_id, gr)
GroupAPI.set_expire_date(gr, expire_date)