def update_view(self, model, view): settings = self.request.registry.settings ldap = False if 'pyvac.use_ldap' in settings: ldap = asbool(settings.get('pyvac.use_ldap')) if view['errors']: self.request.session.flash('error;%s' % ','.join(view['errors'])) view['groups'] = Group.all(self.session, order_by=Group.name) view['managers'] = User.by_role(self.session, 'manager') if ldap: ldap = LdapCache() login = self.get_model().login if login: view['ldap_user'] = ldap.search_user_by_login(login) else: view['ldap_user'] = {} view['managers'] = ldap.list_manager() view['units'] = ldap.list_ou() view['countries'] = Countries.all(self.session, order_by=Countries.name) # generate a random password for the user, he must change it later password = randomstring() log.info('temporary password generated: %s' % password) view['password'] = password view['view_name'] = self.__class__.__name__.lower() view['myself'] = (self.user.id == self.get_model().id)
def render(self): settings = self.request.registry.settings use_ldap = False if 'pyvac.use_ldap' in settings: use_ldap = asbool(settings.get('pyvac.use_ldap')) user_attr = {} users_teams = {} active_users = [] if use_ldap: # synchronise user groups/roles User.sync_ldap_info(self.session) ldap = LdapCache() user_attr = ldap.get_users_units() users_teams = {} for team, members in ldap.list_teams().iteritems(): for member in members: users_teams.setdefault(member, []).append(team) active_users = ldap.list_active_users() return { u'user_count': User.find(self.session, count=True), u'users': User.find(self.session, order_by=[User.dn]), 'use_ldap': use_ldap, 'ldap_info': user_attr, 'users_teams': users_teams, 'active_users': active_users, }
def save_model(self, account): super(Edit, self).update_model(account) self.set_country(account) self.append_groups(account) settings = self.request.registry.settings ldap = False if 'pyvac.use_ldap' in settings: ldap = asbool(settings.get('pyvac.use_ldap')) if ldap: # update in ldap r = self.request password = None if 'user.password' in r.params and r.params['user.password']: password = [hashPassword(r.params['user.password'])] unit = None if 'unit' in r.params and r.params['unit']: unit = r.params['unit'] ldap = LdapCache() ldap.update_user(account, password=password, unit=unit) if self.user and not self.user.is_admin: self.redirect_route = 'list_request'
def render(self): settings = self.request.registry.settings use_ldap = False if 'pyvac.use_ldap' in settings: use_ldap = asbool(settings.get('pyvac.use_ldap')) user_attr = {} users_teams = {} if use_ldap: # synchronise user groups/roles User.sync_ldap_info(self.session) ldap = LdapCache() user_attr = ldap.get_users_units() users_teams = {} for team, members in ldap.list_teams().iteritems(): for member in members: users_teams.setdefault(member, []).append(team) return {u'user_count': User.find(self.session, count=True), u'users': User.find(self.session, order_by=[User.dn]), 'use_ldap': use_ldap, 'ldap_info': user_attr, 'users_teams': users_teams, }
def sync_ldap_info(cls, session): """ Resynchronize ldap information in database, for changes in role/units """ ldap = LdapCache() managers = ldap.list_manager() admins = ldap.list_admin() for user in User.find(session, order_by=[User.dn]): group = u'user' # if it's a manager members should have him associated as such if user.dn in managers: group = u'manager' # if it's an admin he should be in admin group if user.dn in admins: group = u'admin' user.role = group # handle update of groups if it has changed exists = [] group_ids = [Group.by_name(session, group).id] for ugroup in user.groups: exists.append(ugroup.id) if ugroup.id not in group_ids: # keep sudoer group info if ugroup.name != 'sudoer': user.groups.remove(ugroup) for group_id in group_ids: if group_id not in exists: user.groups.append(Group.by_id(session, group_id))
def delete(self, account): # cancel all associated requests for this user requests = account.requests for req in requests: req.update_status('CANCELED') # delete all request history entries for this user # otherwise it will raise a integrity error for entry in req.history: self.session.delete(entry) self.session.flush() # cancel all request history entries in case there are entries in # this table but without an existing request histo_reqs = RequestHistory.by_user(self.session, account.id) for entry in histo_reqs: self.session.delete(entry) self.session.flush() # cancel associated password recovery attempts for this user for item in account.recovery: self.session.delete(item) super(Delete, self).delete(account) if account.ldap_user: # delete in ldap ldap = LdapCache() try: ldap.delete_user(account.dn) except IndexError: log.info('User %s seems already deleted in ldap' % account.dn)
def render(self): from datetime import datetime today = datetime.now() end_date = datetime(today.year, 10, 31) previsions = Request.get_previsions(self.session, end_date) users_per_id = dict([(user.id, user) for user in User.find(self.session)]) settings = self.request.registry.settings use_ldap = False if 'pyvac.use_ldap' in settings: use_ldap = asbool(settings.get('pyvac.use_ldap')) user_attr = {} users_teams = {} if use_ldap: # synchronise user groups/roles User.sync_ldap_info(self.session) ldap = LdapCache() user_attr = ldap.get_users_units() users_teams = {} for team, members in list(ldap.list_teams().items()): for member in members: users_teams.setdefault(member, []).append(team) return {'users_per_id': users_per_id, 'use_ldap': use_ldap, 'ldap_info': user_attr, 'users_teams': users_teams, 'previsions': previsions, 'today': today, 'end_date': end_date, }
def render(self): # synchronise user groups/roles User.sync_ldap_info(self.session) ldap = LdapCache() users_entity = {} for team, members in list(ldap.list_teams().items()): for member in members: users_entity.setdefault(member, []).append(team) # keep only managed users for managers # use all users for admin overviews = {} if self.user.is_admin or self.user.has_feature('squad_overview_full'): for _, target_squad in list(self.squad_leaders.items()): squad_stats = self.get_squad_stats(target_squad, users_entity) overviews.update({target_squad: squad_stats}) elif self.user.is_manager: # retrieve logged squad leader target_squad = self.squad_leaders[self.user.login] squad_stats = self.get_squad_stats(target_squad, users_entity) overviews = {target_squad: squad_stats} else: return HTTPFound(location=route_url('home', self.request)) return {'users_entity': users_entity, 'overviews': overviews}
def get_data(self, session, country): now = datetime.now() th_trial, th_good = self.trial_thresholds[country] ldap = LdapCache() arrivals = ldap.list_arrivals_country(country) matched = [] for user_dn, dt in list(arrivals.items()): if not dt: continue dt_trial_threshold = dt + relativedelta(months=th_trial) dt_good = dt + relativedelta(months=th_good) if (now > dt_trial_threshold) and not (now > dt_good): matched.append((user_dn, dt)) datas = [] for user_dn, dt in matched: user = User.by_dn(session, user_dn) if not user: self.log.info('user not found: %s' % user_dn) continue if user.country not in self.countries: continue data = {'user_id': user.id} param = json.dumps(OrderedDict(data)) rem = CoreReminder.by_type_param(session, 'trial_threshold', param) if not rem: data['duration'] = th_trial data['subject'] = self.subject datas.append(data) return datas
def render(self): # synchronise user groups/roles User.sync_ldap_info(self.session) ldap = LdapCache() users_entity = {} for chapter, members in ldap.list_chapters().iteritems(): for member in members: users_entity.setdefault(member, []).append(chapter) # keep only managed users for managers # use all users for admin overviews = {} if self.user.is_admin or self.user.has_feature( 'chapter_overview_full'): # noqa for _, target_chapter in self.chapter_leaders.items(): chapter_stats = self.get_chapter_stats(target_chapter, users_entity) # noqa overviews.update({target_chapter: chapter_stats}) elif self.user.is_manager: # retrieve logged chapter leader target_chapter = self.chapter_leaders[self.user.login] chapter_stats = self.get_chapter_stats(target_chapter, users_entity) # noqa overviews = {target_chapter: chapter_stats} else: return HTTPFound(location=route_url('home', self.request)) return {'users_entity': users_entity, 'overviews': overviews}
def render(self): from datetime import datetime today = datetime.now() end_date = datetime(today.year, 10, 31) previsions = Request.get_previsions(self.session, end_date) users_per_id = dict([(user.id, user) for user in User.find(self.session)]) settings = self.request.registry.settings use_ldap = False if 'pyvac.use_ldap' in settings: use_ldap = asbool(settings.get('pyvac.use_ldap')) user_attr = {} users_teams = {} if use_ldap: # synchronise user groups/roles User.sync_ldap_info(self.session) ldap = LdapCache() user_attr = ldap.get_users_units() users_teams = {} for team, members in ldap.list_teams().iteritems(): for member in members: users_teams.setdefault(member, []).append(team) return {'users_per_id': users_per_id, 'use_ldap': use_ldap, 'ldap_info': user_attr, 'users_teams': users_teams, 'previsions': previsions, 'today': today, 'end_date': end_date, }
def manager_name(self): """ Get manager name for a user """ if not self.ldap_user: return self.manager.name else: ldap = LdapCache() user_data = ldap.search_user_by_dn(self.manager_dn) return user_data['login']
def manager_mail(self): """ Get manager email for a user """ if not self.ldap_user: return self.manager.email else: ldap = LdapCache() user_data = ldap.search_user_by_dn(self.manager_dn) return user_data['email']
def get_admin(self, session): """ Get admin for country of user """ if not self.ldap_user: return self.get_admin_by_country(session, self.country) else: # retrieve from ldap ldap = LdapCache() return ldap.get_hr_by_country(self.country)
def delete(self, account): # cancel all associated requests for this user requests = Request.by_user(self.session, account) for req in requests: req.update_status('CANCELED') super(Delete, self).delete(account) if account.ldap_user: # delete in ldap ldap = LdapCache() ldap.delete_user(account.dn)
def by_ldap_credentials(cls, session, login, password): """ Get a user using ldap credentials """ ldap = LdapCache() user_data = ldap.authenticate(login, password) if user_data is not None: login = unicode(user_data['login']) user = User.by_login(session, login) # check what type of user it is group = u'user' # if it's a manager members should have him associated as such what = '(manager=%s)' % user_data['dn'] if len(ldap._search(what, None)) > 0: group = u'manager' # if it's an admin he should be in admin group what = '(member=%s)' % user_data['dn'] if len(ldap._search_admin(what, None)) > 0: group = u'admin' log.info('group found for %s: %s' % (login, group)) # create user if needed if not user: user = User.create_from_ldap(session, user_data, group) else: # update user with ldap informations in case it changed user.email = user_data['email'].decode('utf-8') user.firstname = user_data['firstname'].decode('utf-8') user.lastname = user_data['lastname'].decode('utf-8') user.manager_dn = user_data['manager_dn'].decode('utf-8') user.dn = user_data['dn'].decode('utf-8') user.role = group if 'ou' in user_data: user.ou = user_data['ou'].decode('utf-8') if 'uid' in user_data: user.uid = user_data['uid'].decode('utf-8') # handle update of groups if it has changed exists = [] group_ids = [Group.by_name(session, group).id] for ugroup in user.groups: exists.append(ugroup.id) if ugroup.id not in group_ids: # keep sudoer group info if ugroup.name != 'sudoer': user.groups.remove(ugroup) for group_id in group_ids: if group_id not in exists: user.groups.append(Group.by_id(session, group_id)) return user
def main(argv=sys.argv): if len(argv) != 2: usage(argv) config_uri = argv[1] setup_logging(config_uri) settings = get_appsettings(config_uri) LdapCache.configure(settings['pyvac.ldap.yaml']) ldap = LdapCache() engine = create_engine('pyvac', settings, scoped=False) populate(engine, ldap) dispose_engine('pyvac')
def configure_workers(sender=None, conf=None, **kwargs): # The Worker (child process of the celeryd) must have # it's own SQL Connection (A unix forking operation preserve fd) with open(sys.argv[1]) as fdesc: conf = yaml.load(fdesc, YAMLLoader) # XXX Register the database create_engine('pyvac', conf.get('databases').get('pyvac'), scoped=True) if conf.get('ldap'): LdapCache.configure(conf.get('ldap').get('conf')) SmtpCache.configure(conf.get('smtp')) # initialize configuration singleton ConfCache.configure(conf)
def delete(self, account): # cancel all associated requests for this user requests = Request.by_user(self.session, account) for req in requests: req.update_status('CANCELED') super(Delete, self).delete(account) if account.ldap_user: # delete in ldap ldap = LdapCache() try: ldap.delete_user(account.dn) except IndexError: log.info('User %s seems already deleted in ldap' % account.dn)
def save_model(self, account): super(Create, self).save_model(account) self.set_country(account) self.append_groups(account) self.assign_pools(account) if 'disable_rtt' in self.request.params: account.add_feature('disable_rtt', save=True) else: account.del_feature('disable_rtt', save=True) settings = self.request.registry.settings ldap = False if 'pyvac.use_ldap' in settings: ldap = asbool(settings.get('pyvac.use_ldap')) if ldap: # create in ldap r = self.request ldap = LdapCache() if 'ldappassword' not in r.params: raise MandatoryLdapPassword() uid = None if 'user.uid' in r.params and r.params['user.uid']: uid = r.params['user.uid'] try: new_dn = ldap.add_user(account, password=r.params['ldappassword'], unit=r.params.get('unit'), uid=uid) msg = ('User %s created in pyvac and ldap' % account.login) self.request.session.flash('info;%s' % msg) except ALREADY_EXISTS: # already exists in ldap, only retrieve the dn new_dn = 'cn=%s,c=%s,%s' % (account.login, account.country, ldap._base) msg = ( 'User %s already exists in ldap, created only in pyvac' % account.login) log.info(msg) self.request.session.flash('info;%s' % msg) # update dn account.dn = new_dn if self.user and not self.user.is_admin: self.redirect_route = 'list_request'
def save_model(self, account): super(Edit, self).update_model(account) self.set_country(account) self.append_groups(account) settings = self.request.registry.settings ldap = False if 'pyvac.use_ldap' in settings: ldap = asbool(settings.get('pyvac.use_ldap')) if ldap: # update in ldap r = self.request password = None if 'user.password' in r.params and r.params['user.password']: password = [hashPassword(r.params['user.password'])] unit = None if 'unit' in r.params and r.params['unit']: unit = r.params['unit'] ldap = LdapCache() ldap.update_user(account, password=password, unit=unit) # update teams uteams = {} for team, members in ldap.list_teams().iteritems(): for member in members: uteams.setdefault(member, []).append(team) user_teams = uteams.get(account.dn, []) # add to new teams for team in r.params.getall('teams'): members = ldap.get_team_members(team) if account.dn not in members: members.append(account.dn.encode('utf-8')) ldap.update_team(team, members) # remove from old teams for team in user_teams: if team not in r.params.getall('teams'): members = ldap.get_team_members(team) if account.dn in members: members.remove(account.dn) ldap.update_team(team, members) if self.user and not self.user.is_admin: self.redirect_route = 'list_request'
def render(self): passhash = self.request.matchdict["passhash"] entry = PasswordRecovery.by_hash(self.session, passhash) if not entry: return HTTPFound(location=route_url("login", self.request)) if entry.expired: msg = "This password recovery request have expired." self.request.session.flash("error;%s" % msg) self.session.delete(entry) else: errors = [] if "form.submitted" in self.request.params: r = self.request settings = self.request.registry.settings ldap = False if "pyvac.use_ldap" in settings: ldap = asbool(settings.get("pyvac.use_ldap")) if not len(r.params["user.password"]): errors.append(_(u"password cannot be empty")) if r.params["user.password"] != r.params["confirm_password"]: errors.append(_(u"passwords do not match")) if errors: self.request.session.flash("error;%s" % ",".join(errors)) if not errors: # change user password if ldap: # update in ldap password = [hashPassword(r.params["user.password"])] ldap = LdapCache() ldap.update_user(entry.user, password=password) else: # update locally entry.user.password = r.params["user.password"] msg = "Password successfully changed" self.request.session.flash("info;%s" % msg) self.session.delete(entry) return HTTPFound(location=route_url("login", self.request)) return {"user": entry.user}
def render(self): passhash = self.request.matchdict['passhash'] entry = PasswordRecovery.by_hash(self.session, passhash) if not entry: return HTTPFound(location=route_url('login', self.request)) if entry.expired: msg = 'This password recovery request have expired.' self.request.session.flash('error;%s' % msg) self.session.delete(entry) else: errors = [] if 'form.submitted' in self.request.params: r = self.request settings = self.request.registry.settings ldap = False if 'pyvac.use_ldap' in settings: ldap = asbool(settings.get('pyvac.use_ldap')) if not len(r.params['user.password']): errors.append(_(u'password cannot be empty')) if r.params['user.password'] != r.params['confirm_password']: errors.append(_(u'passwords do not match')) if errors: self.request.session.flash('error;%s' % ','.join(errors)) if not errors: # change user password if ldap: # update in ldap password = [hashPassword(r.params['user.password'])] ldap = LdapCache() ldap.update_user(entry.user, password=password) else: # update locally entry.user.password = r.params['user.password'] msg = 'Password successfully changed' self.request.session.flash('info;%s' % msg) self.session.delete(entry) return HTTPFound(location=route_url('login', self.request)) return {'user': entry.user}
def render(self): settings = self.request.registry.settings use_ldap = False if 'pyvac.use_ldap' in settings: use_ldap = asbool(settings.get('pyvac.use_ldap')) user_attr = {} if use_ldap: # synchronise user groups/roles User.sync_ldap_info(self.session) ldap = LdapCache() user_attr = ldap.get_users_units() return {u'user_count': User.find(self.session, count=True), u'users': User.find(self.session, order_by=[User.dn]), 'use_ldap': use_ldap, 'ldap_info': user_attr, }
def update_view(self, model, view): settings = self.request.registry.settings ldap = False if 'pyvac.use_ldap' in settings: ldap = asbool(settings.get('pyvac.use_ldap')) if view['errors']: self.request.session.flash('error;%s' % ','.join(view['errors'])) view['groups'] = Group.all(self.session, order_by=Group.name) view['managers'] = User.by_role(self.session, 'manager') if ldap: ldap = LdapCache() login = self.get_model().login view['ldap_user'] = {} if login: try: view['ldap_user'] = ldap.search_user_by_login(login) except UnknownLdapUser: msg = 'Unknown ldap user %s' % login self.request.session.flash('error;%s' % msg) view['managers'] = ldap.list_manager() view['units'] = ldap.list_ou() view['teams'] = ldap.list_teams() uteams = {} for team, members in view['teams'].iteritems(): for member in members: uteams.setdefault(member, []).append(team) view['user_teams'] = uteams.get(view['ldap_user'].get('dn'), []) view['countries'] = Countries.all(self.session, order_by=Countries.name) # generate a random password for the user, he must change it later password = randomstring() log.debug('temporary password generated: %s' % password) view['password'] = password view['view_name'] = self.__class__.__name__.lower() view['myself'] = (self.user.id == self.get_model().id)
def save_model(self, account): super(Create, self).save_model(account) self.set_country(account) self.append_groups(account) settings = self.request.registry.settings ldap = False if 'pyvac.use_ldap' in settings: ldap = asbool(settings.get('pyvac.use_ldap')) if ldap: # create in ldap r = self.request ldap = LdapCache() if 'ldappassword' not in r.params: raise MandatoryLdapPassword() new_dn = ldap.add_user(account, password=r.params['ldappassword'], unit=r.params['unit']) # update dn account.dn = new_dn if self.user and not self.user.is_admin: self.redirect_route = 'list_request'
def update_view(self, model, view): settings = self.request.registry.settings ldap = False if 'pyvac.use_ldap' in settings: ldap = asbool(settings.get('pyvac.use_ldap')) if view['errors']: self.request.session.flash('error;%s' % ','.join(view['errors'])) view['groups'] = Group.all(self.session, order_by=Group.name) view['managers'] = User.by_role(self.session, 'manager') view['countries'] = Countries.all(self.session, order_by=Countries.name) if ldap: ldap = LdapCache() login = self.get_model().login view['ldap_user'] = {} if login: try: view['ldap_user'] = ldap.search_user_by_login(login) except UnknownLdapUser: msg = 'Unknown ldap user %s' % login self.request.session.flash('error;%s' % msg) view['managers'] = ldap.list_manager() view['units'] = ldap.list_ou() view['teams'] = ldap.list_teams() uteams = {} for team, members in view['teams'].iteritems(): for member in members: uteams.setdefault(member, []).append(team) view['user_teams'] = uteams.get(view['ldap_user'].get('dn'), []) # generate a random password for the user, he must change it later password = randomstring() log.debug('temporary password generated: %s' % password) view['password'] = password view['view_name'] = self.__class__.__name__.lower() view['myself'] = (self.user.id == self.get_model().id) jpeg = view['ldap_user'].get('jpegPhoto') if jpeg: view['ldap_user']['photo'] = base64.b64encode(jpeg) partial_time_tooltip = """\ This value will be used to compute how much RTT you will acquire. Example: If you use 2/5, you will acquire 0.4 RTT instead of 1 RTT. This has no effect on CP acquisition. """ view['partial_time_tooltip'] = partial_time_tooltip
def render(self): req_list = {'requests': [], 'conflicts': {}} requests = [] if self.user.is_admin: country = self.user.country requests = Request.all_for_admin_per_country(self.session, country) # check if admin user is also a manager, in this case merge all # requests requests_manager = Request.by_manager(self.session, self.user) # avoid duplicate entries req_to_add = [ req for req in requests_manager if req not in requests ] requests.extend(req_to_add) elif self.user.is_super: requests = Request.by_manager(self.session, self.user) req_list['requests'] = requests # always add our requests for req in Request.by_user(self.session, self.user): if req not in req_list['requests']: req_list['requests'].append(req) # split requests by past/next today = datetime.now() if self.user.is_admin: # for admin, display request from 1st of month today = today.replace(day=1) past_req = [ req for req in req_list['requests'] if req.date_to < today and req.status not in ['PENDING', 'ACCEPTED_MANAGER'] ] next_req = [req for req in req_list['requests'] if req not in past_req] req_list['past'] = past_req req_list['next'] = next_req # only retrieve conflicts for super users # only retrieve conflicts for next requests, not past ones if req_list['next'] and self.user.is_super: conflicts = {} settings = self.request.registry.settings use_ldap = False if 'pyvac.use_ldap' in settings: use_ldap = asbool(settings.get('pyvac.use_ldap')) if use_ldap: ldap = LdapCache() users_teams = {} for team, members in ldap.list_teams().iteritems(): for member in members: users_teams.setdefault(member, []).append(team) conflicts = self.get_conflict_by_teams(req_list['next'], users_teams) else: conflicts = self.get_conflict(req_list['next']) req_list['conflicts'] = conflicts return req_list
def render(self): duration = 1 def fmt_req_type(req): label = ' %s' % req.label if req.label else '' if duration and req.days > 1: label = '%s (until %s)' % (label, req.date_to.strftime('%d/%m/%Y')) return '%s%s' % (req.type, label) order_by = (User.country_id.asc(), User.id) users = User.find(self.session, order_by=order_by) users = [user for user in users if user.login not in self.ignore_users] requests = Request.get_active(self.session) data_off = dict([(req.user.login, fmt_req_type(req)) for req in requests]) data = { 'users': [], } users_teams = {} settings = self.request.registry.settings use_ldap = False if 'pyvac.use_ldap' in settings: use_ldap = asbool(settings.get('pyvac.use_ldap')) if use_ldap: ldap_users = {} # synchronise user groups/roles # User.sync_ldap_info(self.session) ldap = LdapCache() ldap_users = ldap.list_users() # discard users which should be deleted users = [user for user in users if user.dn in ldap_users] teams = ldap.list_teams() data['teams'] = teams.keys() for team, members in teams.iteritems(): for member in members: users_teams.setdefault(member, []).append(team) for user in users: uteams = users_teams.get(user.dn, []) item = { 'name': user.name, 'email': user.email, 'bu': user.country, 'nickname': user.nickname or '-', 'teams': ', '.join(uteams) if uteams else '-', } item['vacation'] = data_off.get(user.login) item['status'] = 'off' if item['vacation'] else 'on' if use_ldap: ldap_user = ldap_users[user.dn] jpeg = ldap_user.get('jpegPhoto') photo = None if jpeg: photo = base64.b64encode(jpeg) item['photo'] = photo item['mobile'] = ldap_user.get('mobile', '-') data['users'].append(item) return {'data': data}
def save_model(self, account): super(Edit, self).update_model(account) self.set_country(account) self.append_groups(account) if 'disable_rtt' in self.request.params: account.add_feature('disable_rtt', save=True) else: account.del_feature('disable_rtt', save=True) settings = self.request.registry.settings ldap = False if 'pyvac.use_ldap' in settings: ldap = asbool(settings.get('pyvac.use_ldap')) if ldap: # update in ldap r = self.request password = None if 'user.password' in r.params and r.params['user.password']: password = [hashPassword(r.params['user.password'])] unit = None if 'unit' in r.params and r.params['unit']: unit = r.params['unit'] arrival_date = None if 'arrival_date' in r.params and r.params['arrival_date']: # cast to datetime arrival_date = datetime.strptime(r.params['arrival_date'], '%d/%m/%Y') uid = None if 'user.uid' in r.params and r.params['user.uid']: uid = r.params['user.uid'] if (r.params.get('remove_photo', 'no') == 'yes'): photo = '' else: try: r.params['photofile'].file.seek(0) photo = r.params['photofile'].file.read() except: photo = None if photo: log.info('uploading photo size: %d' % len(photo)) mobile = None if 'mobile' in r.params: mobile = r.params['mobile'] ldap = LdapCache() ldap.update_user(account, password=password, unit=unit, arrival_date=arrival_date, uid=uid, photo=photo, mobile=mobile) # only for admins if self.user.is_admin: # update teams uteams = {} for team, members in ldap.list_teams().iteritems(): for member in members: uteams.setdefault(member, []).append(team) user_teams = uteams.get(account.dn, []) # add to new teams for team in r.params.getall('teams'): members = ldap.get_team_members(team) if account.dn not in members: members.append(account.dn.encode('utf-8')) ldap.update_team(team, members) # remove from old teams for team in user_teams: if team not in r.params.getall('teams'): members = ldap.get_team_members(team) if account.dn in members: members.remove(account.dn) ldap.update_team(team, members) # update role for user in LDAP old_role = account.role if 'ldap_role' in r.params: new_role = r.params['ldap_role'] if old_role != new_role: log.info('LDAP role changed: %s -> %s' % (old_role, new_role)) if new_role == 'manager': ldap.add_manager(account.dn) elif old_role == 'manager': ldap.remove_manager(account.dn) if new_role == 'admin': ldap.add_admin(account.dn) elif old_role == 'admin': ldap.remove_admin(account.dn) if self.user and not self.user.is_admin: self.redirect_route = 'list_request'
def includeme(config): """ Pyramid includeme file for the :class:`pyramid.config.Configurator` """ ldap = False settings = config.registry.settings if 'pyvac.celery.yaml' in settings: configure(settings['pyvac.celery.yaml']) if 'pyvac.use_ldap' in settings: ldap = asbool(settings['pyvac.use_ldap']) if ldap: LdapCache.configure(settings['pyvac.ldap.yaml']) # call includeme for models configuration config.include('pyvac.models') # call includeme for request views configuration config.include('pyvac.views.request') # call includeme for account views configuration config.include('pyvac.views.account') # call includeme for credentials views configuration config.include('pyvac.views.credentials') # Jinja configuration # We don't use jinja2 filename, .html instead config.add_renderer('.html', renderer_factory) # helpers config.add_subscriber(add_urlhelpers, IBeforeRender) # i18n config.add_translation_dirs('locale/') config.set_locale_negotiator(locale_negotiator) # Javascript + Media config.add_static_view('static', 'static', cache_max_age=3600) config.add_route( u'login', u'/login', ) config.add_view(u'pyvac.views.credentials.Login', route_name=u'login', renderer=u'templates/login.html') config.add_route(u'logout', u'/logout') config.add_view(u'pyvac.views.credentials.Logout', route_name=u'logout', permission=u'user_view') config.add_route('sudo', '/sudo') config.add_view(u'pyvac.views.credentials.Sudo', route_name=u'sudo', permission=u'sudo_view', renderer='templates/sudo.html') # Home page config.add_route(u'index', u'/') config.add_view(u'pyvac.views.Index', route_name=u'index') config.add_route('home', '/home') config.add_view(u'pyvac.views.Home', route_name=u'home', renderer='templates/home.html', permission=u'user_view') # Forbidden config.add_view(u'pyvac.views.base.forbidden_view', context=Forbidden) # Internal error config.add_view(u'pyvac.views.base.exception_view', context=Exception) # Forgot password config.add_route( u'reset_password', u'/reset', ) config.add_view(u'pyvac.views.credentials.ResetPassword', route_name=u'reset_password', renderer=u'templates/password/reset.html') # Change password config.add_route(u'change_password', u'/password/{passhash}') config.add_view(u'pyvac.views.credentials.ChangePassword', route_name=u'change_password', renderer=u'templates/password/change.html') # Request submit config.add_route('request_send', u'/pyvac/request_send', request_method=u'POST') config.add_view(u'pyvac.views.request.Send', route_name=u'request_send', renderer='json', permission=u'user_view') # Manager view config.add_route(u'list_request', u'/pyvac/request') config.add_view(u'pyvac.views.request.List', route_name=u'list_request', renderer=u'templates/request/list.html', permission=u'user_view') config.add_route('request_accept', u'/pyvac/request_accept', request_method=u'POST') config.add_view(u'pyvac.views.request.Accept', route_name=u'request_accept', renderer='json', permission=u'manager_view') config.add_route('request_refuse', u'/pyvac/request_refuse', request_method=u'POST') config.add_view(u'pyvac.views.request.Refuse', route_name=u'request_refuse', renderer='json', permission=u'manager_view') config.add_route('request_cancel', u'/pyvac/request_cancel', request_method=u'POST') config.add_view(u'pyvac.views.request.Cancel', route_name=u'request_cancel', renderer='json', permission=u'user_view') # Pool history config.add_route('pool_history', u'/pyvac/pool_history/{user_id}', request_method=u'GET') config.add_view(u'pyvac.views.request.PoolHistory', route_name=u'pool_history', renderer=u'templates/request/pool_history.html', permission=u'user_view') config.add_route('request_history', u'/pyvac/request_history/{req_id}', request_method=u'GET') config.add_view(u'pyvac.views.request.History', route_name=u'request_history', renderer=u'templates/request/history.html', permission=u'user_view') # Admin view config.add_route(u'list_account', u'/pyvac/account') config.add_view(u'pyvac.views.account.List', route_name=u'list_account', renderer=u'templates/account/list.html', permission=u'admin_view') config.add_route(u'list_user_pool', u'/pyvac/pool_users') config.add_view(u'pyvac.views.account.ListPool', route_name=u'list_user_pool', renderer=u'templates/account/pool.html', permission=u'admin_view') config.add_route(u'create_account', u'/pyvac/account/new') config.add_view(u'pyvac.views.account.Create', route_name=u'create_account', renderer=u'templates/account/create.html', permission=u'admin_view') config.add_route(u'edit_account', u'/pyvac/account/{user_id}') config.add_view(u'pyvac.views.account.Edit', route_name=u'edit_account', renderer=u'templates/account/edit.html', permission=u'user_view') config.add_route(u'delete_account', u'/pyvac/delete/account/{user_id}') config.add_view(u'pyvac.views.account.Delete', route_name=u'delete_account', renderer=u'templates/account/delete.html', permission=u'admin_view') # who's who config.add_route( u'whoswho', u'/who', ) config.add_view(u'pyvac.views.account.Whoswho', route_name=u'whoswho', renderer=u'templates/whoswho.html') config.add_route(u'export_request', u'/pyvac/export') config.add_view(u'pyvac.views.request.Export', route_name=u'export_request', renderer=u'templates/request/export.html', permission=u'admin_view') config.add_route(u'request_export', u'/pyvac/exported', request_method=u'POST') config.add_view(u'pyvac.views.request.Exported', route_name=u'request_export', renderer=u'templates/request/exported.html', permission=u'admin_view') config.add_route(u'prevision_request', u'/pyvac/prevision') config.add_view(u'pyvac.views.request.Prevision', route_name=u'prevision_request', renderer=u'templates/request/prevision.html', permission=u'admin_view') if ldap: config.add_route(u'squad_overview', u'/pyvac/squad_overview') config.add_view(u'pyvac.views.request.SquadOverview', route_name=u'squad_overview', renderer=u'templates/request/squad_overview.html', permission=u'manager_view') config.add_route(u'chapter_overview', u'/pyvac/chapter_overview') config.add_view(u'pyvac.views.request.ChapterOverview', route_name=u'chapter_overview', renderer=u'templates/request/chapter_overview.html', permission=u'manager_view') config.add_route(u'manager_overview', u'/pyvac/manager_overview') config.add_view(u'pyvac.views.request.ManagerOverview', route_name=u'manager_overview', renderer=u'templates/request/manager_overview.html', permission=u'manager_view') # Pool managment config.add_route(u'list_pools', u'/pyvac/pool') config.add_view(u'pyvac.views.pool.List', route_name=u'list_pools', renderer=u'templates/pool/list.html', permission=u'admin_view') config.add_route(u'create_pool', u'/pyvac/pool/new') config.add_view(u'pyvac.views.pool.Create', route_name=u'create_pool', renderer=u'templates/pool/create.html', permission=u'admin_view') config.add_route(u'edit_pool', u'/pyvac/pool/{pool_id}') config.add_view(u'pyvac.views.pool.Edit', route_name=u'edit_pool', renderer=u'templates/pool/edit.html', permission=u'user_view') config.add_route(u'delete_pool', u'/pyvac/delete/pool/{pool_id}') config.add_view(u'pyvac.views.pool.Delete', route_name=u'delete_pool', renderer=u'templates/pool/delete.html', permission=u'admin_view') # Holiday request config.add_route('list_holiday', u'/pyvac/list_holiday', request_method=u'POST') config.add_view(u'pyvac.views.holiday.List', route_name=u'list_holiday', renderer='json', permission=u'user_view') # Retrieve today vacations config.add_route('request_off', u'/pyvac/off', request_method=u'GET') config.add_view(u'pyvac.views.request.Off', route_name=u'request_off', renderer='json') # Retrieve today vacations (HTML) config.add_route(u'request_off_html', u'/pyvac/off.html') config.add_view(u'pyvac.views.base.ViewBase', route_name=u'request_off_html', renderer=u'templates/off.html')
def save_model(self, account): super(Edit, self).update_model(account) self.set_country(account) self.append_groups(account) if 'disable_rtt' in self.request.params: account.add_feature('disable_rtt', save=True) else: account.del_feature('disable_rtt', save=True) settings = self.request.registry.settings ldap = False if 'pyvac.use_ldap' in settings: ldap = asbool(settings.get('pyvac.use_ldap')) if ldap: # update in ldap r = self.request password = None if 'user.password' in r.params and r.params['user.password']: password = [hashPassword(r.params['user.password'])] unit = None if 'unit' in r.params and r.params['unit']: unit = r.params['unit'] arrival_date = None if 'arrival_date' in r.params and r.params['arrival_date']: # cast to datetime arrival_date = datetime.strptime(r.params['arrival_date'], '%d/%m/%Y') uid = None if 'user.uid' in r.params and r.params['user.uid']: uid = r.params['user.uid'] if (r.params.get('remove_photo', 'no') == 'yes'): photo = '' else: try: photo = r.POST['photofile'].file.read() except: photo = None ldap = LdapCache() ldap.update_user(account, password=password, unit=unit, arrival_date=arrival_date, uid=uid, photo=photo) # update teams uteams = {} for team, members in ldap.list_teams().iteritems(): for member in members: uteams.setdefault(member, []).append(team) user_teams = uteams.get(account.dn, []) # add to new teams for team in r.params.getall('teams'): members = ldap.get_team_members(team) if account.dn not in members: members.append(account.dn.encode('utf-8')) ldap.update_team(team, members) # remove from old teams for team in user_teams: if team not in r.params.getall('teams'): members = ldap.get_team_members(team) if account.dn in members: members.remove(account.dn) ldap.update_team(team, members) if self.user and not self.user.is_admin: self.redirect_route = 'list_request'
def render(self): req_list = {'requests': [], 'conflicts': {}} requests = [] if self.user.is_admin: country = self.user.country requests = Request.all_for_admin_per_country(self.session, country) # check if admin user is also a manager, in this case merge all # requests requests_manager = Request.by_manager(self.session, self.user) # avoid duplicate entries req_to_add = [req for req in requests_manager if req not in requests] requests.extend(req_to_add) elif self.user.is_super: requests = Request.by_manager(self.session, self.user) req_list['requests'] = requests # always add our requests for req in Request.by_user(self.session, self.user): if req not in req_list['requests']: req_list['requests'].append(req) # split requests by past/next today = datetime.now() past_req = [req for req in req_list['requests'] if req.date_to < today and req.status != 'PENDING'] next_req = [req for req in req_list['requests'] if req not in past_req] req_list['past'] = past_req req_list['next'] = next_req # only retrieve conflicts for super users # only retrieve conflicts for next requests, not past ones if req_list['next'] and self.user.is_super: conflicts = {} settings = self.request.registry.settings use_ldap = False if 'pyvac.use_ldap' in settings: use_ldap = asbool(settings.get('pyvac.use_ldap')) if use_ldap: ldap = LdapCache() users_teams = {} for team, members in ldap.list_teams().iteritems(): for member in members: users_teams.setdefault(member, []).append(team) conflicts = self.get_conflict_by_teams(req_list['next'], users_teams) else: conflicts = self.get_conflict(req_list['next']) req_list['conflicts'] = conflicts return req_list
def render(self): req_list = {'requests': [], 'conflicts': {}} requests = [] if self.user.is_admin: country = self.user.country requests = Request.all_for_admin_per_country(self.session, country) # check if admin user is also a manager, in this case merge all # requests requests_manager = Request.by_manager(self.session, self.user) # avoid duplicate entries req_to_add = [req for req in requests_manager if req not in requests] requests.extend(req_to_add) elif self.user.is_super: requests = Request.by_manager(self.session, self.user) if requests: conflicts = {} settings = self.request.registry.settings use_ldap = False if 'pyvac.use_ldap' in settings: use_ldap = asbool(settings.get('pyvac.use_ldap')) if use_ldap: ldap = LdapCache() users_teams = {} for team, members in ldap.list_teams().iteritems(): for member in members: users_teams.setdefault(member, []).append(team) for req in requests: user_teams = users_teams.get(req.user.dn, []) matched = {} # for all requests in conflict with current req for req2 in Request.in_conflict(self.session, req): # if we have some match between request teams # and conflicting request teams conflict_teams = users_teams.get(req2.user.dn, []) common_set = set(conflict_teams) & set(user_teams) if common_set: for team in common_set: if team not in matched: matched[team] = [] matched[team].append(req2.summary) req.conflict = matched if req.conflict: for team in req.conflict: if req.id not in conflicts: conflicts[req.id] = {} conflicts[req.id][team] = ('\n'.join([team] + req.conflict[team])) else: for req in requests: req.conflict = [req2.summary for req2 in Request.in_conflict_ou(self.session, req)] if req.conflict: conflicts[req.id] = '\n'.join(req.conflict) req_list['requests'] = requests req_list['conflicts'] = conflicts # always add our requests for req in Request.by_user(self.session, self.user): if req not in req_list['requests']: req_list['requests'].append(req) return req_list
def includeme(config): """ Pyramid includeme file for the :class:`pyramid.config.Configurator` """ settings = config.registry.settings if 'pyvac.celery.yaml' in settings: configure(settings['pyvac.celery.yaml']) if 'pyvac.use_ldap' in settings: ldap = asbool(settings['pyvac.use_ldap']) if ldap: LdapCache.configure(settings['pyvac.ldap.yaml']) # Jinja configuration # We don't use jinja2 filename, .html instead config.add_renderer('.html', renderer_factory) # helpers config.add_subscriber(add_urlhelpers, IBeforeRender) # i18n config.add_translation_dirs('locale/') config.set_locale_negotiator(locale_negotiator) # Javascript + Media config.add_static_view('static', 'static', cache_max_age=3600) config.add_route(u'login', u'/login',) config.add_view(u'pyvac.views.credentials.Login', route_name=u'login', renderer=u'templates/login.html') config.add_route(u'logout', u'/logout') config.add_view(u'pyvac.views.credentials.Logout', route_name=u'logout', permission=u'user_view') config.add_route('sudo', '/sudo') config.add_view(u'pyvac.views.credentials.Sudo', route_name=u'sudo', permission=u'sudo_view', renderer='templates/sudo.html') # Home page config.add_route(u'index', u'/') config.add_view(u'pyvac.views.Index', route_name=u'index') config.add_route('home', '/home') config.add_view(u'pyvac.views.Home', route_name=u'home', renderer='templates/home.html', permission=u'user_view') # Forbidden config.add_view(u'pyvac.views.base.forbidden_view', context=Forbidden) # Internal error config.add_view(u'pyvac.views.base.exception_view', context=Exception) # Forgot password config.add_route(u'reset_password', u'/reset',) config.add_view(u'pyvac.views.credentials.ResetPassword', route_name=u'reset_password', renderer=u'templates/password/reset.html') # Change password config.add_route(u'change_password', u'/password/{passhash}') config.add_view(u'pyvac.views.credentials.ChangePassword', route_name=u'change_password', renderer=u'templates/password/change.html') # Request submit config.add_route('request_send', u'/pyvac/request_send', request_method=u'POST') config.add_view(u'pyvac.views.request.Send', route_name=u'request_send', renderer='json', permission=u'user_view') # Manager view config.add_route(u'list_request', u'/pyvac/request') config.add_view(u'pyvac.views.request.List', route_name=u'list_request', renderer=u'templates/request/list.html', permission=u'user_view') config.add_route('request_accept', u'/pyvac/request_accept', request_method=u'POST') config.add_view(u'pyvac.views.request.Accept', route_name=u'request_accept', renderer='json', permission=u'manager_view') config.add_route('request_refuse', u'/pyvac/request_refuse', request_method=u'POST') config.add_view(u'pyvac.views.request.Refuse', route_name=u'request_refuse', renderer='json', permission=u'manager_view') config.add_route('request_cancel', u'/pyvac/request_cancel', request_method=u'POST') config.add_view(u'pyvac.views.request.Cancel', route_name=u'request_cancel', renderer='json', permission=u'user_view') # Pool history config.add_route('pool_history', u'/pyvac/pool_history/{user_id}', request_method=u'GET') config.add_view(u'pyvac.views.request.PoolHistory', route_name=u'pool_history', renderer=u'templates/request/pool_history.html', permission=u'user_view') # Admin view config.add_route(u'list_account', u'/pyvac/account') config.add_view(u'pyvac.views.account.List', route_name=u'list_account', renderer=u'templates/account/list.html', permission=u'admin_view') config.add_route(u'create_account', u'/pyvac/account/new') config.add_view(u'pyvac.views.account.Create', route_name=u'create_account', renderer=u'templates/account/create.html', permission=u'admin_view') config.add_route(u'edit_account', u'/pyvac/account/{user_id}') config.add_view(u'pyvac.views.account.Edit', route_name=u'edit_account', renderer=u'templates/account/edit.html', permission=u'user_view') config.add_route(u'delete_account', u'/pyvac/delete/account/{user_id}') config.add_view(u'pyvac.views.account.Delete', route_name=u'delete_account', renderer=u'templates/account/delete.html', permission=u'admin_view') config.add_route(u'export_request', u'/pyvac/export') config.add_view(u'pyvac.views.request.Export', route_name=u'export_request', renderer=u'templates/request/export.html', permission=u'admin_view') config.add_route(u'request_export', u'/pyvac/exported', request_method=u'POST') config.add_view(u'pyvac.views.request.Exported', route_name=u'request_export', renderer=u'templates/request/exported.html', permission=u'admin_view') config.add_route(u'prevision_request', u'/pyvac/prevision') config.add_view(u'pyvac.views.request.Prevision', route_name=u'prevision_request', renderer=u'templates/request/prevision.html', permission=u'admin_view') # Holiday request config.add_route('list_holiday', u'/pyvac/list_holiday', request_method=u'POST') config.add_view(u'pyvac.views.holiday.List', route_name=u'list_holiday', renderer='json', permission=u'user_view') # Retrieve today vacations config.add_route('request_off', u'/pyvac/off', request_method=u'GET') config.add_view(u'pyvac.views.request.Off', route_name=u'request_off', renderer='json')