def group_delete(request, gid):
if request.method == 'POST':
group = UserGroup.objects.get(id=int(gid))
auth_services.get_services().ldap_delete_group(group)
auth_services.get_services().delete_data_directory(group)
group.delete()
response = {'deleted': True}
return HttpResponse(json.dumps(response, indent=4),
content_type='application/json')
def password_reset_complete(request):
"""
View that checks the hash in a password reset link and presents a
form for entering a new password.
"""
user_id = request.POST.get('user_id')
token = request.POST.get('token')
user = User.objects.get(id=user_id)
errors = ''
if user is not None and default_token_generator.check_token(user, token):
if request.method == 'POST':
temp_pass = request.POST.get('password')
user.set_password(temp_pass)
user.save()
auth_services.get_services().ldap_change_user_password(
user, temp_pass)
request.session['username'] = user.username
request.session['password'] = temp_pass
user = authenticate(username=user.username, password=temp_pass)
if user is not None:
if user.is_active:
login(request, user)
return redirect('home')
else:
errors = _("Your account has been disabled")
else:
errors = _(
"The username and password you have entered do not match our records"
)
else:
errors = _(
'Invalid token. Your link has expired, you need to ask for another one.'
)
return render(request, 'registration/password_reset_confirm.html',
{'errors': errors})
def password_update(request):
if request.method == 'POST':
password1 = request.POST.get('password1')
password2 = request.POST.get('password2')
if password1 == password2:
user = User.objects.get(id=request.user.id)
user.set_password(password1)
user.save()
auth_services.get_services().ldap_change_user_password(
user, password1)
response = {'success': True}
else:
response = {'success': False}
return HttpResponse(json.dumps(response, indent=4),
content_type='application/json')
def group_add(request):
if request.method == 'POST':
form = UserGroupForm(request.POST)
message = None
if form.is_valid():
try:
if form.data['name'] == 'admin':
message = _("Admin is a reserved group")
raise Exception
if _valid_name_regex.search(form.data['name']) == None:
message = _(
"Invalid user group name: '{value}'. Identifiers must begin with a letter or an underscore (_). Subsequent characters can be letters, underscores or numbers"
).format(value=form.data['name'])
raise Exception
group = UserGroup(name=form.data['name'],
description=form.data['description'])
group.save()
auth_services.get_services().ldap_add_group(group)
auth_services.get_services().add_data_directory(group)
return redirect('group_list')
except Exception as e:
print str(e)
return render(request, 'group_add.html', {
'form': form,
'message': message
})
else:
return render(request, 'group_add.html', {'form': form})
else:
form = UserGroupForm()
return render(request, 'group_add.html', {'form': form})
def user_delete(request, uid):
if request.method == 'POST':
user = User.objects.get(id=uid)
groups_by_user = UserGroupUser.objects.filter(user_id=user.id)
for ugu in groups_by_user:
user_group = UserGroup.objects.get(id=ugu.user_group.id)
auth_services.get_services().ldap_delete_group_member(
user, user_group)
auth_services.get_services().ldap_delete_default_group_member(user)
auth_services.get_services().ldap_delete_user(user)
user.delete()
response = {'deleted': True}
return HttpResponse(json.dumps(response, indent=4),
content_type='application/json')
def user_update(request, uid):
if request.method == 'POST':
user = User.objects.get(id=int(uid))
assigned_groups = []
for key in request.POST:
if 'group-' in key:
assigned_groups.append(int(key.split('-')[1]))
is_staff = False
if 'is_staff' in request.POST:
is_staff = True
is_superuser = False
if 'is_superuser' in request.POST:
is_superuser = True
is_staff = True
user.first_name = request.POST.get('first_name')
user.last_name = request.POST.get('last_name')
user.email = request.POST.get('email')
user.is_staff = is_staff
user.save()
if user.is_superuser and is_superuser:
admin_group = UserGroup.objects.get(name__exact='admin')
assigned_groups.append(admin_group.id)
if not user.is_superuser and is_superuser:
user.is_superuser = True
user.save()
admin_group = UserGroup.objects.get(name__exact='admin')
auth_services.get_services().ldap_add_group_member(
user, admin_group)
assigned_groups.append(admin_group.id)
if user.is_superuser and not is_superuser:
user.is_superuser = False
user.save()
admin_group = UserGroup.objects.get(name__exact='admin')
auth_services.get_services().ldap_delete_group_member(
user, admin_group)
groups_by_user = UserGroupUser.objects.filter(user_id=user.id)
for ugu in groups_by_user:
user_group = UserGroup.objects.get(id=ugu.user_group.id)
auth_services.get_services().ldap_delete_group_member(
user, user_group)
ugu.delete()
for ag in assigned_groups:
user_group = UserGroup.objects.get(id=ag)
usergroup_user = UserGroupUser(user=user, user_group=user_group)
usergroup_user.save()
auth_services.get_services().ldap_add_group_member(
user, user_group)
return redirect('user_list')
else:
selected_user = User.objects.get(id=int(uid))
groups = auth_utils.get_all_groups_checked_by_user(selected_user)
return render(
request, 'user_update.html', {
'uid': uid,
'selected_user': selected_user,
'user': request.user,
'groups': groups
})
def user_add(request):
ad_suffix = GVSIGOL_LDAP['AD']
if not ad_suffix:
show_pass_form = True
else:
show_pass_form = False
if request.method == 'POST':
form = UserCreateForm(request.POST)
if form.is_valid():
assigned_groups = []
is_staff = False
if 'is_staff' in form.data:
is_staff = True
is_superuser = False
if 'is_superuser' in form.data:
is_superuser = True
is_staff = True
assigned_groups = []
for key in form.data:
if 'group-' in key:
assigned_groups.append(int(key.split('-')[1]))
try:
gs = geographic_servers.get_instance().get_default_server()
server_object = Server.objects.get(id=int(gs.id))
if form.data['password1'] == form.data['password2']:
user = User(username=form.data['username'].lower(),
first_name=u''.join(
form.data['first_name']).encode('utf-8'),
last_name=u''.join(
form.data['last_name']).encode('utf-8'),
email=form.data['email'].lower(),
is_superuser=is_superuser,
is_staff=is_staff)
user.set_password(form.data['password1'])
user.save()
#admin_group = UserGroup.objects.get(name__exact='admin')
aux = UserGroup.objects.filter(name="admin")
if aux.count() > 1:
print "WARNING: table gvsigol_auth_usergroup inconsistent !!!!!!!!!!!"
admin_group = aux[0]
if user.is_superuser:
auth_services.get_services().ldap_add_user(
user, form.data['password1'], True)
auth_services.get_services().ldap_add_group_member(
user, admin_group)
usergroup_user = UserGroupUser(user=user,
user_group=admin_group)
usergroup_user.save()
else:
auth_services.get_services().ldap_add_user(
user, form.data['password1'], False)
#auth_services.get_services().ldap_add_group_member(user, admin_group)
for ag in assigned_groups:
user_group = UserGroup.objects.get(id=ag)
usergroup_user = UserGroupUser(user=user,
user_group=user_group)
usergroup_user.save()
auth_services.get_services().ldap_add_group_member(
user, user_group)
#User backend
if is_superuser or is_staff:
ugroup = UserGroup(
name='ug_' + form.data['username'].lower(),
description=_(u'User group for') + ': ' +
form.data['username'].lower())
ugroup.save()
ugroup_user = UserGroupUser(user=user,
user_group=ugroup)
ugroup_user.save()
auth_services.get_services().ldap_add_group(ugroup)
auth_services.get_services().add_data_directory(ugroup)
auth_services.get_services().ldap_add_group_member(
user, ugroup)
url = server_object.frontend_url + '/'
ws_name = 'ws_' + form.data['username'].lower()
if gs.createWorkspace(ws_name, url + ws_name):
# save it on DB if successfully created
newWs = Workspace(
server=server_object,
name=ws_name,
description='',
uri=url + ws_name,
wms_endpoint=url + ws_name + '/wms',
wfs_endpoint=url + ws_name + '/wfs',
wcs_endpoint=url + ws_name + '/wcs',
wmts_endpoint=url + 'gwc/service/wmts',
cache_endpoint=url + 'gwc/service/wms',
created_by=user.username,
is_public=False)
newWs.save()
ds_name = 'ds_' + form.data['username'].lower()
services_utils.create_datastore(
request, user.username, ds_name, newWs)
gs.reload_nodes()
try:
auth_utils.sendMail(user, form.data['password1'])
except Exception as ex:
print str(ex)
pass
return redirect('user_list')
except Exception as e:
print "ERROR: Problem creating user " + str(e)
errors = []
errors.append(
{'message': "ERROR: Problem creating user " + str(e)})
groups = auth_utils.get_all_groups()
return render(
request, 'user_add.html', {
'form': form,
'groups': groups,
'errors': errors,
'show_pass_form': show_pass_form
})
else:
groups = auth_utils.get_all_groups()
return render(request, 'user_add.html', {
'form': form,
'groups': groups,
'show_pass_form': show_pass_form
})
else:
form = UserCreateForm()
groups = auth_utils.get_all_groups()
return render(request, 'user_add.html', {
'form': form,
'groups': groups,
'show_pass_form': show_pass_form
})
