def dict_to_filter(criteria, or_search=False, or_keys=None, or_values=None):
"""Turn dictionary criteria into ldap queryFilter string
"""
or_keys = (or_keys is None) and or_search or or_keys
or_values = (or_values is None) and or_search or or_values
_filter = None
for attr, values in criteria.items():
attr = encode_utf8(attr)
if not isinstance(values, list):
values = [values]
attrfilter = None
for value in values:
if isinstance(value, unicode):
value = encode_utf8(value)
valuefilter = LDAPFilter(filter_format('(%s=%s)', (attr, value)))
if attrfilter is None:
attrfilter = valuefilter
continue
if or_values:
attrfilter |= valuefilter
else:
attrfilter &= valuefilter
if _filter is None:
_filter = attrfilter
continue
if or_keys:
_filter |= attrfilter
else:
_filter &= attrfilter
if _filter is None:
_filter = LDAPFilter()
return _filter
def dict_to_filter(criteria, or_search, only_values=False):
"""Turn dictionary criteria into ldap queryFilter string
"""
_filter = None
for attr, values in criteria.items():
attr = encode_utf8(attr)
if not isinstance(values, list):
values = [values]
for value in values:
if isinstance(value, unicode):
value = encode_utf8(value)
if _filter is None:
if only_values:
_filter = LDAPFilter('%s' % value)
else:
_filter = LDAPFilter('(%s=%s)' % (attr, value))
else:
if only_values:
_next = '%s' % value
else:
_next = '(%s=%s)' % (attr, value)
if or_search:
_filter |= _next
else:
_filter &= _next
if _filter is None:
_filter = LDAPFilter()
return _filter
def dict_to_filter(criteria, or_search=False, or_keys=None, or_values=None):
"""Turn dictionary criteria into ldap queryFilter string
"""
or_keys = (or_keys is None) and or_search or or_keys
or_values = (or_values is None) and or_search or or_values
_filter = None
for attr, values in criteria.items():
attr = encode_utf8(attr)
if not isinstance(values, list):
values = [values]
attrfilter = None
for value in values:
if isinstance(value, unicode):
value = encode_utf8(value)
attr = ''.join(map(lambda x: ESCAPE_CHARS.get(x, x), attr))
if isinstance(value, str):
value = ''.join(map(lambda x: ESCAPE_CHARS.get(x, x), value))
valuefilter = LDAPFilter('(%s=%s)' % (attr, value))
if attrfilter is None:
attrfilter = valuefilter
continue
if or_values:
attrfilter |= valuefilter
else:
attrfilter &= valuefilter
if _filter is None:
_filter = attrfilter
continue
if or_keys:
_filter |= attrfilter
else:
_filter &= attrfilter
if _filter is None:
_filter = LDAPFilter()
return _filter
def enumerateGroups(self, id=None, exact_match=False, sort_by=None, max_results=None, **kw):
""" -> ( group_info_1, ... group_info_N )
o Return mappings for groups matching the given criteria.
o 'id' in combination with 'exact_match' true, will
return at most one mapping per supplied ID ('id' and 'login'
may be sequences).
o If 'exact_match' is False, then 'id' may be treated by
the plugin as "contains" searches (more complicated searches
may be supported by some plugins using other keyword arguments).
o If 'sort_by' is passed, the results will be sorted accordingly.
known valid values are 'id' (some plugins may support others).
o If 'max_results' is specified, it must be a positive integer,
limiting the number of returned mappings. If unspecified, the
plugin should return mappings for all groups satisfying the
criteria.
o Minimal keys in the returned mappings:
'id' -- (required) the group ID
'pluginid' -- (required) the plugin ID (as returned by getId())
'properties_url' -- (optional) the URL to a page for updating the
group's properties.
'members_url' -- (optional) the URL to a page for updating the
principals who belong to the group.
o Plugin *must* ignore unknown criteria.
o Plugin may raise ValueError for invalid critera.
o Insufficiently-specified criteria may have catastrophic
scaling issues for some implementations.
"""
groups = self.groups
if not groups:
return ()
if id:
kw["id"] = id
if not kw: # show all
matches = groups.ids
else:
try:
matches = groups.search(criteria=kw, exact_match=exact_match)
except ValueError:
return ()
if sort_by == "id":
matches = sorted(matches)
pluginid = self.getId()
ret = [dict(id=encode_utf8(_id), pluginid=pluginid) for _id in matches]
if max_results and len(ret) > max_results:
ret = ret[:max_results]
return ret
def __init__(self, queryFilter=None):
if queryFilter is not None \
and not isinstance(queryFilter, basestring) \
and not isinstance(queryFilter, LDAPFilter):
raise TypeError('Query filter must be LDAPFilter or string')
queryFilter = encode_utf8(queryFilter)
self._filter = queryFilter
if isinstance(queryFilter, LDAPFilter):
self._filter = str(queryFilter)
def __init__(self, queryFilter=None):
if queryFilter is not None \
and not isinstance(queryFilter, basestring) \
and not isinstance(queryFilter, LDAPFilter):
raise TypeError('Query filter must be LDAPFilter or string')
queryFilter = encode_utf8(queryFilter)
self._filter = queryFilter
if isinstance(queryFilter, LDAPFilter):
self._filter = str(queryFilter)
def enumerateUsers(self, id=None, login=None, exact_match=False, sort_by=None, max_results=None, **kw):
"""-> ( user_info_1, ... user_info_N )
o Return mappings for users matching the given criteria.
o 'id' or 'login', in combination with 'exact_match' true, will
return at most one mapping per supplied ID ('id' and 'login'
may be sequences).
o If 'exact_match' is False, then 'id' and / or login may be
treated by the plugin as "contains" searches (more complicated
searches may be supported by some plugins using other keyword
arguments).
o If 'sort_by' is passed, the results will be sorted accordingly.
known valid values are 'id' and 'login' (some plugins may support
others).
o If 'max_results' is specified, it must be a positive integer,
limiting the number of returned mappings. If unspecified, the
plugin should return mappings for all users satisfying the criteria.
o Minimal keys in the returned mappings:
'id' -- (required) the user ID, which may be different than
the login name
'login' -- (required) the login name
'pluginid' -- (required) the plugin ID (as returned by getId())
'editurl' -- (optional) the URL to a page for updating the
mapping's user
o Plugin *must* ignore unknown criteria.
o Plugin may raise ValueError for invalid criteria.
o Insufficiently-specified criteria may have catastrophic
scaling issues for some implementations.
"""
# TODO: sort_by in node.ext.ldap
if login:
if not isinstance(login, basestring):
# XXX TODO
raise NotImplementedError("sequence is not supported yet.")
kw["login"] = login
# pas search users gives both login and name if login is meant
if "login" in kw and "name" in kw:
del kw["name"]
if id:
if not isinstance(id, basestring):
# XXX TODO
raise NotImplementedError("sequence is not supported yet.")
kw["id"] = id
users = self.users
if not users:
return tuple()
try:
matches = users.search(criteria=kw, attrlist=("login",), exact_match=exact_match)
except ValueError:
return tuple()
pluginid = self.getId()
ret = list()
for id, attrs in matches:
ret.append({"id": encode_utf8(id), "login": attrs["login"][0], "pluginid": pluginid})
if max_results and len(ret) > max_results:
ret = ret[:max_results]
return ret
def enumerateUsers(self,
id=None,
login=None,
exact_match=False,
sort_by=None,
max_results=None,
**kw):
"""-> ( user_info_1, ... user_info_N )
o Return mappings for users matching the given criteria.
o 'id' or 'login', in combination with 'exact_match' true, will
return at most one mapping per supplied ID ('id' and 'login'
may be sequences).
o If 'exact_match' is False, then 'id' and / or login may be
treated by the plugin as "contains" searches (more complicated
searches may be supported by some plugins using other keyword
arguments).
o If 'sort_by' is passed, the results will be sorted accordingly.
known valid values are 'id' and 'login' (some plugins may support
others).
o If 'max_results' is specified, it must be a positive integer,
limiting the number of returned mappings. If unspecified, the
plugin should return mappings for all users satisfying the criteria.
o Minimal keys in the returned mappings:
'id' -- (required) the user ID, which may be different than
the login name
'login' -- (required) the login name
'pluginid' -- (required) the plugin ID (as returned by getId())
'editurl' -- (optional) the URL to a page for updating the
mapping's user
o Plugin *must* ignore unknown criteria.
o Plugin may raise ValueError for invalid criteria.
o Insufficiently-specified criteria may have catastrophic
scaling issues for some implementations.
"""
default = tuple()
if not self.is_plugin_active(pas_interfaces.IUserEnumerationPlugin):
return default
# XXX: sort_by in node.ext.ldap
if login:
if not isinstance(login, basestring):
# XXX
raise NotImplementedError('sequence is not supported yet.')
kw['login'] = login
# pas search users gives both login and name if login is meant
if "login" in kw and "name" in kw:
del kw["name"]
if id:
if not isinstance(id, basestring):
# XXX
raise NotImplementedError('sequence is not supported yet.')
kw['id'] = id
users = self.users
if not users:
return default
try:
matches = users.search(criteria=kw,
attrlist=('login', ),
exact_match=exact_match)
# raised if exact_match and result not unique.
except ValueError:
return default
pluginid = self.getId()
ret = list()
for id, attrs in matches:
ret.append({
'id': encode_utf8(id),
'login': attrs['login'][0],
'pluginid': pluginid
})
if max_results and len(ret) > max_results:
ret = ret[:max_results]
return ret
def enumerateGroups(self,
id=None,
exact_match=False,
sort_by=None,
max_results=None,
**kw):
""" -> ( group_info_1, ... group_info_N )
o Return mappings for groups matching the given criteria.
o 'id' in combination with 'exact_match' true, will
return at most one mapping per supplied ID ('id' and 'login'
may be sequences).
o If 'exact_match' is False, then 'id' may be treated by
the plugin as "contains" searches (more complicated searches
may be supported by some plugins using other keyword arguments).
o If 'sort_by' is passed, the results will be sorted accordingly.
known valid values are 'id' (some plugins may support others).
o If 'max_results' is specified, it must be a positive integer,
limiting the number of returned mappings. If unspecified, the
plugin should return mappings for all groups satisfying the
criteria.
o Minimal keys in the returned mappings:
'id' -- (required) the group ID
'pluginid' -- (required) the plugin ID (as returned by getId())
'properties_url' -- (optional) the URL to a page for updating the
group's properties.
'members_url' -- (optional) the URL to a page for updating the
principals who belong to the group.
o Plugin *must* ignore unknown criteria.
o Plugin may raise ValueError for invalid critera.
o Insufficiently-specified criteria may have catastrophic
scaling issues for some implementations.
"""
default = ()
if not self.is_plugin_active(pas_interfaces.IGroupEnumerationPlugin):
return default
groups = self.groups
if not groups:
return default
if id:
kw['id'] = id
if not kw: # show all
matches = groups.ids
else:
try:
matches = groups.search(criteria=kw, exact_match=exact_match)
# raised if exact_match and result not unique.
except ValueError:
return default
if sort_by == 'id':
matches = sorted(matches)
pluginid = self.getId()
ret = [dict(id=encode_utf8(_id), pluginid=pluginid) for _id in matches]
if max_results and len(ret) > max_results:
ret = ret[:max_results]
return ret
