def manage_changeUser(self, userid, password=None, sndpassword=None,
roles=None, domains=None, REQUEST=None, **kw):
"""Change a zenoss users settings.
"""
user = self.acl_users.getUser(userid)
if not user:
if REQUEST:
messaging.IMessageSender(self).sendToBrowser(
'Error',
'User "%s" was not found.' % userid,
priority=messaging.WARNING
)
return self.callZenScreen(REQUEST)
else:
return
if password and password != sndpassword:
if REQUEST:
messaging.IMessageSender(self).sendToBrowser(
'Error',
"Passwords didn't match. No change.",
priority=messaging.WARNING
)
return self.callZenScreen(REQUEST)
else:
raise ValueError("passwords don't match")
if REQUEST:
# TODO: Record all the non-password values.
#updates = dict((k,v) for k,v in kw.items() if 'password' not in k.lower())
updates = {}
if password: updates['password'] = '******'
if roles: updates['roles': roles]
if domains: updates['domains': domains]
if password is None: password = user._getPassword()
if roles is None: roles = user.roles
if domains is None: domains = user.domains
self.acl_users._doChangeUser(userid,password,roles,domains)
ufolder = self.getUserSettings(userid)
ufolder.updatePropsFromDict(kw)
if REQUEST:
messaging.IMessageSender(self).sendToBrowser(
'Settings Saved',
Time.SaveMessage()
)
audit('UI.User.Edit', username=userid, data_=updates)
return self.callZenScreen(REQUEST)
else:
return user
def manage_editUserSettings(self, oldpassword=None, password=None,
sndpassword=None, roles=None, groups=None,
domains=None, REQUEST=None, **kw):
"""Update user settings.
"""
# get the user object; return if no user
user = self.acl_users.getUser(self.id)
if not user:
user = self.getPhysicalRoot().acl_users.getUser(self.id)
if not user:
if REQUEST:
messaging.IMessageSender(self).sendToBrowser(
'Error',
'User %s not found.' % self.id,
priority=messaging.WARNING
)
return self.callZenScreen(REQUEST)
else:
return
# Verify existing password
curuser = self.getUser().getId()
if not oldpassword or not self.ZenUsers.authenticateCredentials(
curuser, oldpassword):
if REQUEST:
messaging.IMessageSender(self).sendToBrowser(
'Error',
'Confirmation password is empty or invalid. Please'+
' confirm your password for security reasons.',
priority=messaging.WARNING
)
return self.callZenScreen(REQUEST)
else:
raise ValueError("Current password is incorrect.")
# update role info
roleManager = self.acl_users.roleManager
origRoles = filter(rolefilter, user.getRoles())
if not self.has_role('Manager') and roles and 'Manager' in roles:
if REQUEST:
messaging.IMessageSender(self).sendToBrowser(
'Error',
'Only Managers can make more Managers.',
priority=messaging.WARNING
)
return self.callZenScreen(REQUEST)
else:
return
if not self.has_role('Manager') and origRoles and \
'Manager' in origRoles:
if REQUEST:
messaging.IMessageSender(self).sendToBrowser(
'Error',
'Only Managers can modify other Managers.',
priority=messaging.WARNING
)
return self.callZenScreen(REQUEST)
else:
return
# if there's a change, then we need to update
# TODO: Record all the non-password values.
#updates = dict((k,v) for k,v in kw.items() if 'password' not in k.lower())
updates = {}
# update user roles
if roles is None:
roles = ()
origRolesSet = set(origRoles)
rolesSet = set(roles)
if rolesSet != origRolesSet and self.isManager():
# get roles to remove and then remove them
removeRoles = origRolesSet - rolesSet
for role in removeRoles:
try:
roleManager.removeRoleFromPrincipal(role, self.id)
except KeyError:
# User doesn't actually have that role; ignore
pass
# get roles to add and then add them
addRoles = rolesSet - origRolesSet
for role in addRoles:
roleManager.assignRoleToPrincipal(role, self.id)
updates['roles'] = roles
# update group info
if groups is None:
groups = ()
groupManager = self.acl_users.groupManager
origGroupsSet = set(groupManager.getGroupsForPrincipal(user))
groupsSet = set(groups)
# if there's a change, then we need to update
if groupsSet != origGroupsSet and self.isManager():
# get groups to remove and then remove them
removeGroups = origGroupsSet - groupsSet
for groupid in removeGroups:
groupManager.removePrincipalFromGroup(user.getId(), groupid)
# get groups to add and then add them
addGroups = groupsSet - origGroupsSet
for groupid in addGroups:
try:
groupManager.addPrincipalToGroup(user.getId(), groupid)
except KeyError:
# This can occur if the group came from an external source.
pass
updates['groups'] = groups
# we're not managing domains right now
if domains:
msg = 'Zenoss does not currently manage domains for users.'
raise NotImplementedError(msg)
# update Zenoss user folder settings
if REQUEST:
kw = REQUEST.form
self.manage_changeProperties(**kw)
# update password info
if self.id=='admin':
userManager = self.getPhysicalRoot().acl_users.userManager
else:
userManager = self.acl_users.userManager
if password:
if password.find(':') >= 0:
if REQUEST:
messaging.IMessageSender(self).sendToBrowser(
'Error',
'Passwords cannot contain a ":". Password not updated.',
priority=messaging.WARNING
)
return self.callZenScreen(REQUEST)
else:
raise ValueError("Passwords cannot contain a ':' ")
elif password != sndpassword:
if REQUEST:
messaging.IMessageSender(self).sendToBrowser(
'Error',
'Passwords did not match. Password not updated.',
priority=messaging.WARNING
)
return self.callZenScreen(REQUEST)
else:
raise ValueError("Passwords don't match")
else:
try:
userManager.updateUserPassword(self.id, password)
updates['password'] = '******'
except KeyError:
self.getPhysicalRoot().acl_users.userManager.updateUserPassword(
self.id, password)
if REQUEST:
loggedInUser = REQUEST['AUTHENTICATED_USER']
# we only want to log out the user if it's *their* password
# they've changed, not, for example, if the admin user is
# changing another user's password
if loggedInUser.getUserName() == self.id:
self.acl_users.logout(REQUEST)
# finish up
if REQUEST:
messaging.IMessageSender(self).sendToBrowser(
'Settings Saved',
Time.SaveMessage()
)
audit('UI.User.Edit', username=self.id, data_=updates)
return self.callZenScreen(REQUEST)
else:
return user
