def remove_group_membership(group_name):
"""
Remove a user from a group. If the user has the group ownership, it will be
revoked.
:param group_name: Group's name.
:jsonparam string user_name: User's username.
"""
u = identity.current.user
group = _get_group_by_name(group_name, lockmode='update')
if not group.can_modify_membership(identity.current.user):
raise Forbidden403('Cannot edit membership of group %s' % group_name)
if 'user_name' not in request.args:
raise MethodNotAllowed405
user = _get_user_by_username(request.args['user_name'])
if not group.can_remove_member(u, user.id):
raise Forbidden403('Cannot remove user %s from group %s' %
(user, group_name))
if user in group.users:
group.remove_member(user, agent=identity.current.user)
mail.group_membership_notify(user,
group,
agent=identity.current.user,
action='Removed')
else:
raise Conflict409('User %s is not a member of group %s' %
(user.user_name, group_name))
return '', 204
def removeUser(self, group_id=None, id=None, **kw):
group = Group.by_id(group_id)
if not group.can_modify_membership(identity.current.user):
flash(_(u'You are not an owner of group %s' % group))
redirect('../groups/mine')
if not group.can_remove_member(identity.current.user, id):
flash(_(u'Cannot remove member'))
redirect('../groups/edit?group_id=%s' % group_id)
groupUsers = group.users
for user in groupUsers:
if user.user_id == int(id):
group.users.remove(user)
removed = user
activity = GroupActivity(identity.current.user, u'WEBUI', u'Removed', u'User', removed.user_name, u"")
group.activity.append(activity)
mail.group_membership_notify(user, group,
agent=identity.current.user,
action='Removed')
flash(_(u"%s Removed" % removed.display_name))
redirect("../groups/edit?group_id=%s" % group_id)
flash( _(u"No user %s in group %s" % (id, removed.display_name)))
raise redirect("../groups/edit?group_id=%s" % group_id)
def add_group_membership(group_name):
"""
Add a user to a group.
:param group_name: Group's name.
:jsonparam string user_name: User's username.
:jsonparam boolean is_owner: If true, the given user will become one of the
group owners.
"""
u = identity.current.user
data = read_json_request(request)
group = _get_group_by_name(group_name, lockmode='update')
if not group.can_modify_membership(identity.current.user):
raise Forbidden403('Cannot edit membership of group %s' % group_name)
if 'user_name' not in data:
raise BadRequest400('User not specified')
user = _get_user_by_username(data['user_name'])
if user.removed:
raise BadRequest400('Cannot add deleted user %s to group' %
user.user_name)
is_owner = data.get('is_owner', False)
if user not in group.users:
group.add_member(user, is_owner=is_owner, agent=identity.current.user)
mail.group_membership_notify(user, group, agent=u, action='Added')
else:
raise Conflict409('User %s is already a member of group %s' %
(user.user_name, group_name))
return '', 204
def remove_group_membership(group_name):
"""
Remove a user from a group. If the user has the group ownership, it will be
revoked.
:param group_name: Group's name.
:jsonparam string user_name: User's username.
"""
u = identity.current.user
group = _get_group_by_name(group_name, lockmode='update')
if not group.can_modify_membership(identity.current.user):
raise Forbidden403('Cannot edit membership of group %s' % group_name)
if 'user_name' not in request.args:
raise MethodNotAllowed405
user = _get_user_by_username(request.args['user_name'])
if not group.can_remove_member(u, user.id):
raise Forbidden403('Cannot remove user %s from group %s' % (user, group_name))
if user in group.users:
group.remove_member(user, agent=identity.current.user)
mail.group_membership_notify(user, group, agent=identity.current.user,
action='Removed')
else:
raise Conflict409('User %s is not a member of group %s' % (user.user_name, group_name))
return '', 204
def add_group_membership(group_name):
"""
Add a user to a group.
:param group_name: Group's name.
:jsonparam string user_name: User's username.
:jsonparam boolean is_owner: If true, the given user will become one of the
group owners.
"""
u = identity.current.user
data = read_json_request(request)
group = _get_group_by_name(group_name, lockmode='update')
if not group.can_modify_membership(identity.current.user):
raise Forbidden403('Cannot edit membership of group %s' % group_name)
if 'user_name' not in data:
raise BadRequest400('User not specified')
user = _get_user_by_username(data['user_name'])
is_owner = data.get('is_owner', False)
if user not in group.users:
group.add_member(user, is_owner=is_owner, agent=identity.current.user)
mail.group_membership_notify(user, group, agent=u, action='Added')
else:
raise Conflict409('User %s is already a member of group %s' % (user.user_name, group_name))
return '', 204
def removeUser(self, group_id=None, id=None, **kw):
group = Group.by_id(group_id)
if not group.can_modify_membership(identity.current.user):
flash(_(u'You are not an owner of group %s' % group))
redirect('../groups/mine')
if not group.can_remove_member(identity.current.user, id):
flash(_(u'Cannot remove member'))
redirect('../groups/edit?group_id=%s' % group_id)
groupUsers = group.users
for user in groupUsers:
if user.user_id == int(id):
group.users.remove(user)
removed = user
activity = GroupActivity(identity.current.user, u'WEBUI',
u'Removed', u'User',
removed.user_name, u"")
group.activity.append(activity)
mail.group_membership_notify(user,
group,
agent=identity.current.user,
action='Removed')
flash(_(u"%s Removed" % removed.display_name))
redirect("../groups/edit?group_id=%s" % group_id)
flash(_(u"No user %s in group %s" % (id, removed.display_name)))
raise redirect("../groups/edit?group_id=%s" % group_id)
def save_user(self, **kw):
user = User.by_user_name(kw['user']['text'])
if user is None:
flash(_(u"Invalid user %s" % kw['user']['text']))
redirect("./edit?group_id=%s" % kw['group_id'])
group = Group.by_id(kw['group_id'])
if not group.can_modify_membership(identity.current.user):
flash(_(u'You are not an owner of group %s' % group))
redirect('../groups/mine')
if user not in group.users:
group.users.append(user)
activity = GroupActivity(identity.current.user, u'WEBUI', u'Added',
u'User', u"", user.user_name)
group.activity.append(activity)
mail.group_membership_notify(user,
group,
agent=identity.current.user,
action='Added')
flash(_(u"OK"))
redirect("./edit?group_id=%s" % kw['group_id'])
else:
flash(
_(u"User %s is already in Group %s" %
(user.user_name, group.group_name)))
redirect("./edit?group_id=%s" % kw['group_id'])
def save_user(self, **kw):
user = User.by_user_name(kw['user']['text'])
if user is None:
flash(_(u"Invalid user %s" % kw['user']['text']))
redirect("./edit?group_id=%s" % kw['group_id'])
group = Group.by_id(kw['group_id'])
if not group.can_modify_membership(identity.current.user):
flash(_(u'You are not an owner of group %s' % group))
redirect('../groups/mine')
if user not in group.users:
group.users.append(user)
activity = GroupActivity(identity.current.user, u'WEBUI', u'Added', u'User', u"", user.user_name)
group.activity.append(activity)
mail.group_membership_notify(user, group,
agent=identity.current.user,
action='Added')
flash( _(u"OK") )
redirect("./edit?group_id=%s" % kw['group_id'])
else:
flash( _(u"User %s is already in Group %s" %(user.user_name, group.group_name)))
redirect("./edit?group_id=%s" % kw['group_id'])
def modify(self, group_name, kw):
"""
Modifies an existing group. You must be an owner of a group to modify any details.
:param group_name: An existing group name
:type group_name: string
The *kw* argument must be an XML-RPC structure (dict)
specifying the following keys:
'group_name'
New group name (maximum 16 characters)
'display_name'
New group display name
'add_member'
Add user (username) to the group
'remove_member'
Remove an existing user (username) from the group
'root_password'
Change the root password of this group.
Returns a message whether the group was successfully modified or
raises an exception on failure.
"""
# if not called from the bkr group-modify
if not kw:
raise BX(_('Please specify an attribute to modify.'))
try:
group = Group.by_name(group_name)
except NoResultFound:
raise BX(_(u'Group does not exist: %s.' % group_name))
if group.membership_type == GroupMembershipType.ldap:
if not identity.current.user.is_admin():
raise BX(_(u'Only admins can modify LDAP groups'))
if kw.get('add_member', None) or kw.get('remove_member', None):
raise BX(_(u'Cannot edit membership of an LDAP group'))
user = identity.current.user
if not group.can_edit(user):
raise BX(_('You are not an owner of group %s' % group_name))
group_name = kw.get('group_name', None)
if group_name:
try:
Group.by_name(group_name)
except NoResultFound:
pass
else:
if group_name != group.group_name:
raise BX(
_(u'Failed to update group %s: Group name already exists: %s'
% (group.group_name, group_name)))
group.set_name(user, u'XMLRPC', kw.get('group_name', None))
display_name = kw.get('display_name', None)
if display_name:
group.set_display_name(user, u'XMLRPC', display_name)
root_password = kw.get('root_password', None)
if root_password:
group.set_root_password(user, u'XMLRPC', root_password)
if kw.get('add_member', None):
username = kw.get('add_member')
user = User.by_user_name(username)
if user is None:
raise BX(_(u'User does not exist %s' % username))
if user.removed:
raise BX(
_(u'Cannot add deleted user %s to group' % user.user_name))
if user not in group.users:
group.add_member(user,
service=u'XMLRPC',
agent=identity.current.user)
mail.group_membership_notify(user,
group,
agent=identity.current.user,
action='Added')
else:
raise BX(
_(u'User %s is already in group %s' %
(username, group.group_name)))
if kw.get('remove_member', None):
username = kw.get('remove_member')
user = User.by_user_name(username)
if user is None:
raise BX(_(u'User does not exist %s' % username))
if user not in group.users:
raise BX(
_(u'No user %s in group %s' %
(username, group.group_name)))
else:
if not group.can_remove_member(identity.current.user,
user.user_id):
raise BX(_(u'Cannot remove member'))
groupUsers = group.users
for usr in groupUsers:
if usr.user_id == user.user_id:
group.remove_member(user,
service=u'XMLRPC',
agent=identity.current.user)
removed = user
mail.group_membership_notify(
user,
group,
agent=identity.current.user,
action='Removed')
break
#dummy success return value
return ['1']
def modify(self, group_name, kw):
"""
Modifies an existing group. You must be an owner of a group to modify any details.
:param group_name: An existing group name
:type group_name: string
The *kw* argument must be an XML-RPC structure (dict)
specifying the following keys:
'group_name'
New group name (maximum 16 characters)
'display_name'
New group display name
'add_member'
Add user (username) to the group
'remove_member'
Remove an existing user (username) from the group
'root_password'
Change the root password of this group.
Returns a message whether the group was successfully modified or
raises an exception on failure.
"""
# if not called from the bkr group-modify
if not kw:
raise BX(_('Please specify an attribute to modify.'))
try:
group = Group.by_name(group_name)
except NoResultFound:
raise BX(_(u'Group does not exist: %s.' % group_name))
if group.ldap:
if not identity.current.user.is_admin():
raise BX(_(u'Only admins can modify LDAP groups'))
if kw.get('add_member', None) or kw.get('remove_member', None):
raise BX(_(u'Cannot edit membership of an LDAP group'))
group_name = kw.get('group_name', None)
if group_name:
try:
Group.by_name(group_name)
except NoResultFound:
pass
else:
if group_name != group.group_name:
raise BX(_(u'Failed to update group %s: Group name already exists: %s' %
(group.group_name, group_name)))
user = identity.current.user
if not group.can_edit(user):
raise BX(_('You are not an owner of group %s' % group_name))
group.set_display_name(user, u'XMLRPC', kw.get('display_name', None))
group.set_name(user, u'XMLRPC', kw.get('group_name', None))
root_password = kw.get('root_password', None)
if root_password:
group.set_root_password(user, u'XMLRPC', root_password)
if kw.get('add_member', None):
username = kw.get('add_member')
user = User.by_user_name(username)
if user is None:
raise BX(_(u'User does not exist %s' % username))
if user not in group.users:
group.users.append(user)
activity = GroupActivity(identity.current.user, u'XMLRPC',
action=u'Added',
field_name=u'User',
old_value=u"", new_value=username)
group.activity.append(activity)
mail.group_membership_notify(user, group,
agent = identity.current.user,
action='Added')
else:
raise BX(_(u'User %s is already in group %s' % (username, group.group_name)))
if kw.get('remove_member', None):
username = kw.get('remove_member')
user = User.by_user_name(username)
if user is None:
raise BX(_(u'User does not exist %s' % username))
if user not in group.users:
raise BX(_(u'No user %s in group %s' % (username, group.group_name)))
else:
if not group.can_remove_member(identity.current.user, user.user_id):
raise BX(_(u'Cannot remove member'))
groupUsers = group.users
for usr in groupUsers:
if usr.user_id == user.user_id:
group.users.remove(usr)
removed = user
activity = GroupActivity(identity.current.user, u'XMLRPC',
action=u'Removed',
field_name=u'User',
old_value=removed.user_name,
new_value=u"")
group.activity.append(activity)
mail.group_membership_notify(user, group,
agent=identity.current.user,
action='Removed')
break
#dummy success return value
return ['1']
