def manage_changeUser(self, userid, password=None, sndpassword=None, roles=None, domains=None, REQUEST=None, **kw): """Change a zenoss users settings. """ user = self.acl_users.getUser(userid) if not user: if REQUEST: messaging.IMessageSender(self).sendToBrowser( 'Error', 'User "%s" was not found.' % userid, priority=messaging.WARNING ) return self.callZenScreen(REQUEST) else: return if password and password != sndpassword: if REQUEST: messaging.IMessageSender(self).sendToBrowser( 'Error', "Passwords didn't match. No change.", priority=messaging.WARNING ) return self.callZenScreen(REQUEST) else: raise ValueError("passwords don't match") if REQUEST: # TODO: Record all the non-password values. #updates = dict((k,v) for k,v in kw.items() if 'password' not in k.lower()) updates = {} if password: updates['password'] = '******' if roles: updates['roles': roles] if domains: updates['domains': domains] if password is None: password = user._getPassword() if roles is None: roles = user.roles if domains is None: domains = user.domains self.acl_users._doChangeUser(userid,password,roles,domains) ufolder = self.getUserSettings(userid) ufolder.updatePropsFromDict(kw) if REQUEST: messaging.IMessageSender(self).sendToBrowser( 'Settings Saved', Time.SaveMessage() ) audit('UI.User.Edit', username=userid, data_=updates) return self.callZenScreen(REQUEST) else: return user
def manage_editUserSettings(self, oldpassword=None, password=None, sndpassword=None, roles=None, groups=None, domains=None, REQUEST=None, **kw): """Update user settings. """ # get the user object; return if no user user = self.acl_users.getUser(self.id) if not user: user = self.getPhysicalRoot().acl_users.getUser(self.id) if not user: if REQUEST: messaging.IMessageSender(self).sendToBrowser( 'Error', 'User %s not found.' % self.id, priority=messaging.WARNING ) return self.callZenScreen(REQUEST) else: return # Verify existing password curuser = self.getUser().getId() if not oldpassword or not self.ZenUsers.authenticateCredentials( curuser, oldpassword): if REQUEST: messaging.IMessageSender(self).sendToBrowser( 'Error', 'Confirmation password is empty or invalid. Please'+ ' confirm your password for security reasons.', priority=messaging.WARNING ) return self.callZenScreen(REQUEST) else: raise ValueError("Current password is incorrect.") # update role info roleManager = self.acl_users.roleManager origRoles = filter(rolefilter, user.getRoles()) if not self.has_role('Manager') and roles and 'Manager' in roles: if REQUEST: messaging.IMessageSender(self).sendToBrowser( 'Error', 'Only Managers can make more Managers.', priority=messaging.WARNING ) return self.callZenScreen(REQUEST) else: return if not self.has_role('Manager') and origRoles and \ 'Manager' in origRoles: if REQUEST: messaging.IMessageSender(self).sendToBrowser( 'Error', 'Only Managers can modify other Managers.', priority=messaging.WARNING ) return self.callZenScreen(REQUEST) else: return # if there's a change, then we need to update # TODO: Record all the non-password values. #updates = dict((k,v) for k,v in kw.items() if 'password' not in k.lower()) updates = {} # update user roles if roles is None: roles = () origRolesSet = set(origRoles) rolesSet = set(roles) if rolesSet != origRolesSet and self.isManager(): # get roles to remove and then remove them removeRoles = origRolesSet - rolesSet for role in removeRoles: try: roleManager.removeRoleFromPrincipal(role, self.id) except KeyError: # User doesn't actually have that role; ignore pass # get roles to add and then add them addRoles = rolesSet - origRolesSet for role in addRoles: roleManager.assignRoleToPrincipal(role, self.id) updates['roles'] = roles # update group info if groups is None: groups = () groupManager = self.acl_users.groupManager origGroupsSet = set(groupManager.getGroupsForPrincipal(user)) groupsSet = set(groups) # if there's a change, then we need to update if groupsSet != origGroupsSet and self.isManager(): # get groups to remove and then remove them removeGroups = origGroupsSet - groupsSet for groupid in removeGroups: groupManager.removePrincipalFromGroup(user.getId(), groupid) # get groups to add and then add them addGroups = groupsSet - origGroupsSet for groupid in addGroups: try: groupManager.addPrincipalToGroup(user.getId(), groupid) except KeyError: # This can occur if the group came from an external source. pass updates['groups'] = groups # we're not managing domains right now if domains: msg = 'Zenoss does not currently manage domains for users.' raise NotImplementedError(msg) # update Zenoss user folder settings if REQUEST: kw = REQUEST.form self.manage_changeProperties(**kw) # update password info if self.id=='admin': userManager = self.getPhysicalRoot().acl_users.userManager else: userManager = self.acl_users.userManager if password: if password.find(':') >= 0: if REQUEST: messaging.IMessageSender(self).sendToBrowser( 'Error', 'Passwords cannot contain a ":". Password not updated.', priority=messaging.WARNING ) return self.callZenScreen(REQUEST) else: raise ValueError("Passwords cannot contain a ':' ") elif password != sndpassword: if REQUEST: messaging.IMessageSender(self).sendToBrowser( 'Error', 'Passwords did not match. Password not updated.', priority=messaging.WARNING ) return self.callZenScreen(REQUEST) else: raise ValueError("Passwords don't match") else: try: userManager.updateUserPassword(self.id, password) updates['password'] = '******' except KeyError: self.getPhysicalRoot().acl_users.userManager.updateUserPassword( self.id, password) if REQUEST: loggedInUser = REQUEST['AUTHENTICATED_USER'] # we only want to log out the user if it's *their* password # they've changed, not, for example, if the admin user is # changing another user's password if loggedInUser.getUserName() == self.id: self.acl_users.logout(REQUEST) # finish up if REQUEST: messaging.IMessageSender(self).sendToBrowser( 'Settings Saved', Time.SaveMessage() ) audit('UI.User.Edit', username=self.id, data_=updates) return self.callZenScreen(REQUEST) else: return user