def __check_object_class(self, lo, object_class, fallback):
obj = self.get_udm_object(lo)
if not obj:
raise noObject('Could not read %r' % (self.dn, ))
if 'ucsschoolSchool' in obj.oldattr:
return object_class in obj.oldattr.get('objectClass', [])
return fallback(self.school, self.dn)
def get_by_import_id_or_username(cls, connection, source_uid, record_uid, username, superordinate=None):
"""
Retrieve a LegacyImportUser.
Will find it using either source_uid and record_uid or if unset
with the username.
:param connection: uldap object
:param source_uid: str: source DB identifier
:param record_uid: str: source record identifier
:param username: str: username
:param superordinate: str: superordinate
:return: object of ImportUser subclass from LDAP or raises noObject
"""
oc_filter = cls.get_ldap_filter_for_user_role()
filter_s = filter_format(
"(&{ocs}"
"(|"
"(&(ucsschoolSourceUID=%s)(ucsschoolRecordUID=%s))"
"(&(!(ucsschoolSourceUID=*))(!(ucsschoolRecordUID=*))(uid=%s))"
"))".format(ocs=oc_filter),
(source_uid, record_uid, username))
obj = cls.get_only_udm_obj(connection, filter_s, superordinate=superordinate)
if not obj:
raise noObject("No {} with source_uid={!r} and record_uid={!r} or username={!r} found.".format(
cls.config.get("user_role", "user"), source_uid, record_uid, username))
return cls.from_udm_obj(obj, None, connection)
def get_by_import_id(cls,
connection,
source_uid,
record_uid,
superordinate=None):
"""
Retrieve an ImportUser.
:param connection: uldap object
:param source_uid: str: source DB identifier
:param record_uid: str: source record identifier
:param superordinate: str: superordinate
:return: object of ImportUser subclass from LDAP or raises noObject
"""
oc_filter = cls.get_ldap_filter_for_user_role()
filter_s = filter_format(
"(&{}(ucsschoolSourceUID=%s)(ucsschoolRecordUID=%s))".format(
oc_filter), (source_uid, record_uid))
obj = cls.get_only_udm_obj(connection,
filter_s,
superordinate=superordinate)
if not obj:
raise noObject(
"No {} with source_uid={!r} and record_uid={!r} found.".format(
cls.config.get("user_role", "user"), source_uid,
record_uid))
return cls.from_udm_obj(obj, None, connection)
def _read_user(self, userstr, ldap_user_read=None):
match = self.USER_REGEX.match(userstr)
if not match or not userstr:
raise AttributeError('invalid key "%s"' % userstr)
username = match.groupdict()['username']
if not username:
raise AttributeError('username missing: %s' % userstr)
lo = ldap_user_read
try:
userobj = User.get_only_udm_obj(
lo, filter_format('uid=%s', (username, )))
if userobj is None:
raise noObject(username)
user = User.from_udm_obj(userobj, None, lo)
except (noObject, MultipleObjectsError):
MODULE.info('Unknown user "%s"' % username)
dict.__setitem__(self, userstr, UserInfo('', ''))
return
blacklisted_groups = set([
x.strip().lower() for x in ucr.get(
'ucsschool/umc/computerroom/hide_screenshots/groups',
'Domain Admins').split(',')
])
users_groupmemberships = set(
[explode_dn(x, True)[0].lower() for x in userobj['groups']])
MODULE.info('UserMap: %s: hide screenshots for following groups: %s' %
(
username,
blacklisted_groups,
))
MODULE.info('UserMap: %s: user is member of following groups: %s' % (
username,
users_groupmemberships,
))
hide_screenshot = bool(blacklisted_groups & users_groupmemberships)
if ucr.is_true('ucsschool/umc/computerroom/hide_screenshots/teachers',
True) and user.is_teacher(lo):
MODULE.info('UserMap: %s: is teacher hiding screenshot' %
(username, ))
hide_screenshot = True
MODULE.info('UserMap: %s: hide_screenshot=%r' %
(username, hide_screenshot))
dict.__setitem__(
self, userstr,
UserInfo(user.dn,
username,
isTeacher=user.is_teacher(lo),
hide_screenshot=hide_screenshot))
def get_user_object(userdn, password):
lo, po = get_user_connection(userdn, password)
if not lo:
return
try:
# try to open the user object
user = udm_objects.get(users_module, None, lo, po, userdn)
if not user:
raise udm_errors.noObject()
user.open()
return user
except (udm_errors.base, LDAPError) as exc:
CORE.warn('Failed to open UDM user object %s: %s' % (userdn, exc))
def add_teacher_to_classes(self,
request,
ldap_machine_write=None,
ldap_user_read=None,
ldap_position=None):
teacher = request.options['$dn$']
classes = set(request.options['classes'])
try:
teacher = Teacher.from_dn(teacher, None, ldap_machine_write)
if not teacher.is_teacher(ldap_machine_write):
raise udm_exceptions.noObject()
except udm_exceptions.noObject:
raise UMC_Error('The user is not a teacher.')
original_classes = set([
x.dn for x in SchoolClass.get_all(
ldap_machine_write, request.options['school'],
filter_format('uniqueMember=%s', (teacher.dn, )))
])
classes_to_remove = original_classes - classes
classes_to_add = classes - original_classes
failed = []
for classdn in (classes_to_add | classes_to_remove):
try:
class_ = SchoolClass.from_dn(classdn, teacher.school,
ldap_machine_write)
except udm_exceptions.noObject:
failed.append(classdn)
continue
if classdn in classes_to_add and teacher.dn not in class_.users:
class_.users.append(teacher.dn)
elif classdn in classes_to_remove and teacher.dn in class_.users:
class_.users.remove(teacher.dn)
try:
if not class_.modify(ldap_machine_write):
failed.append(classdn)
except udm_exceptions.base as exc:
MODULE.error('Could not add teacher %s to class %s: %s' %
(teacher.dn, classdn, exc))
failed.append(classdn)
self.finished(request.id, not any(failed))
def _get_user_obj(self):
try:
# make sure that the UDM users/user module could be initiated
if not users_module:
raise udm_errors.base('UDM module users/user could not be initiated')
# open an LDAP connection with the user password and credentials
lo = udm_uldap.access(host = ucr.get('ldap/server/name'), base = ucr.get('ldap/base'), port = int(ucr.get('ldap/server/port', '7389')), binddn = self.__user_dn, bindpw = self.__password, follow_referral=True)
# try to open the user object
userObj = udm_objects.get(users_module, None, lo, self.po, self.__user_dn)
if not userObj:
raise udm_errors.noObject()
userObj.open()
return userObj
except udm_errors.noObject as e:
CORE.warn('Failed to open UDM user object for user %s' % (self.__username))
except (udm_errors.base, ldap.LDAPError) as e:
CORE.warn('Failed to open UDM user object %s: %s' % (self.__user_dn, e))
return None
def _set(self, room, ldap_user_read=None):
lo = ldap_user_read
room_dn = room
try: # room DN
ldap.dn.str2dn(room)
except ldap.DECODING_ERROR: # room name
room_dn = None # got a name instead of a DN
try:
if room_dn:
computerroom = ComputerRoom.from_dn(room, ITALC_Manager.SCHOOL,
lo)
else:
computerroom = ComputerRoom.get_only_udm_obj(
lo, filter_format('cn=%s-%s',
(ITALC_Manager.SCHOOL, room)))
if computerroom is None:
raise noObject(computerroom)
computerroom = ComputerRoom.from_udm_obj(
computerroom, ITALC_Manager.SCHOOL, lo)
except noObject:
raise ITALC_Error('Unknown computer room')
except MultipleObjectsError as exc:
raise ITALC_Error(
'Did not find exactly 1 group for the room (count: %d)' %
len(exc.objs))
ITALC_Manager.ROOM = computerroom.get_relative_name()
ITALC_Manager.ROOM_DN = computerroom.dn
computers = list(computerroom.get_computers(lo))
if not computers:
raise ITALC_Error('There are no computers in the selected room.')
for computer in computers:
try:
comp = ITALC_Computer(computer.get_udm_object(lo))
self.__setitem__(comp.name, comp)
except ITALC_Error as exc:
MODULE.warn('Computer could not be added: %s' % (exc, ))
