class AddLdapGroupForm(forms.Form): name = forms.RegexField( label="Name", max_length=64, regex='^%s$' % (get_groupname_re_rule(),), help_text=_("Required. 30 characters or fewer. May only contain letters, " "numbers, hyphens or underscores."), error_messages={'invalid': _("Whitespaces and ':' not allowed") }) dn = forms.BooleanField(label=_("Distinguished name"), help_text=_("Whether or not the group should be imported by " "distinguished name."), initial=False, required=False) import_members = forms.BooleanField(label=_('Import new members'), help_text=_('Import unimported or new users from the group.'), initial=False, required=False) ensure_home_directories = forms.BooleanField(label=_('Create home directories'), help_text=_('Create home directories for every member imported, if members are being imported.'), initial=True, required=False) def clean(self): cleaned_data = super(AddLdapGroupForm, self).clean() name = cleaned_data.get("name") dn = cleaned_data.get("dn") if not dn: if name is not None and len(name) > 30: msg = _('Too long: 30 characters or fewer and not %(name)s') % dict(name=(len(name),)) errors = self._errors.setdefault('name', ErrorList()) errors.append(msg) raise forms.ValidationError(msg) return cleaned_data
class GroupEditForm(forms.ModelForm): """ Form to manipulate a group. This manages the group name and its membership. """ GROUPNAME = re.compile('^%s$' % get_groupname_re_rule()) class Meta: model = Group fields = ("name",) def clean_name(self): # Note that the superclass doesn't have a clean_name method. data = self.cleaned_data["name"] if not self.GROUPNAME.match(data): raise forms.ValidationError(_("Group name may only contain letters, " + "numbers, hyphens or underscores.")) return data def __init__(self, *args, **kwargs): super(GroupEditForm, self).__init__(*args, **kwargs) if self.instance.id: self.fields['name'].widget.attrs['readonly'] = True initial_members = User.objects.filter(groups=self.instance).order_by('username') initial_perms = HuePermission.objects.filter(grouppermission__group=self.instance).order_by('app','description') else: initial_members = [] initial_perms = [] self.fields["members"] = _make_model_field(_("members"), initial_members, User.objects.order_by('username')) self.fields["permissions"] = _make_model_field(_("permissions"), initial_perms, HuePermission.objects.order_by('app','description')) def _compute_diff(self, field_name): current = set(self.fields[field_name].initial_objs) updated = set(self.cleaned_data[field_name]) delete = current.difference(updated) add = updated.difference(current) return delete, add def save(self): super(GroupEditForm, self).save() self._save_members() self._save_permissions() def _save_members(self): delete_membership, add_membership = self._compute_diff("members") for user in delete_membership: user.groups.remove(self.instance) user.save() for user in add_membership: user.groups.add(self.instance) user.save() def _save_permissions(self): delete_permission, add_permission = self._compute_diff("permissions") for perm in delete_permission: GroupPermission.objects.get(group=self.instance, hue_permission=perm).delete() for perm in add_permission: GroupPermission.objects.create(group=self.instance, hue_permission=perm)
def validate_groupname(groupname_pattern): validator = re.compile(r"^%s$" % get_groupname_re_rule()) assert groupname_pattern is not None, _("Group name required.") assert len(groupname_pattern) <= 80, _("Group name must be 80 characters or fewer.") assert validator.match(groupname_pattern), _( "Group name can be any character as long as it's 80 characters or fewer." )
def validate_groupname(groupname_pattern): validator = re.compile(r"^%s$" % get_groupname_re_rule()) if not groupname_pattern: raise ValidationError(_('Group name required.')) if len(groupname_pattern) > 80: raise ValidationError(_('Group name must be 80 characters or fewer.')) if not validator.match(groupname_pattern): raise ValidationError(_("Group name can be any character as long as it's 80 characters or fewer."))
def validate_groupname(groupname_pattern): validator = re.compile(r"^%s$" % get_groupname_re_rule()) assert groupname_pattern is not None, _('Group name required.') assert len(groupname_pattern) <= 80, _( 'Group name must be 80 characters or fewer.') assert validator.match(groupname_pattern), _( "Group name can be any character as long as it's 80 characters or fewer." )
class AddLdapGroupsForm(forms.Form): groupname_pattern = forms.RegexField( label=_t("Name"), max_length=80, regex='^%s$' % get_groupname_re_rule(), help_text=_t("Required. 80 characters or fewer."), error_messages={'invalid': _t("80 characters or fewer.")}) dn = forms.BooleanField( label=_t("Distinguished name"), help_text=_t("Whether or not the group should be imported by " "distinguished name."), initial=False, required=False) import_members = forms.BooleanField( label=_t('Import new members'), help_text=_t('Import unimported or new users from the group.'), initial=False, required=False) ensure_home_directories = forms.BooleanField( label=_t('Create home directories'), help_text=_t( 'Create home directories for every member imported, if members are being imported.' ), initial=True, required=False) import_members_recursive = forms.BooleanField( label=_t('Import new members from all subgroups'), help_text=_t('Import unimported or new users from the all subgroups.'), initial=False, required=False) def __init__(self, *args, **kwargs): super(AddLdapGroupsForm, self).__init__(*args, **kwargs) self.fields['server'] = forms.ChoiceField(choices=get_server_choices(), required=False) def clean(self): cleaned_data = super(AddLdapGroupsForm, self).clean() groupname_pattern = cleaned_data.get("groupname_pattern") dn = cleaned_data.get("dn") if not dn: if groupname_pattern is not None and len(groupname_pattern) > 80: msg = _('Too long: 80 characters or fewer and not %s' ) % groupname_pattern errors = self._errors.setdefault('groupname_pattern', ErrorList()) errors.append(msg) raise forms.ValidationError(msg) return cleaned_data
class AuditLoggingMiddleware(object): username_re = get_username_re_rule() groupname_re = get_groupname_re_rule() operations = { '/accounts/login': '******', '/accounts/logout': 'USER_LOGOUT', '/useradmin/users/add_ldap_users': 'ADD_LDAP_USERS', '/useradmin/users/add_ldap_groups': 'ADD_LDAP_GROUPS', '/useradmin/users/sync_ldap_users_groups': 'SYNC_LDAP_USERS_GROUPS', '/useradmin/users/new': 'CREATE_USER', '/useradmin/groups/new': 'CREATE_GROUP', '/useradmin/users/delete': 'DELETE_USER', '/useradmin/groups/delete': 'DELETE_GROUP' } operation_patterns = { '/useradmin/permissions/edit/(?P<app>.*)/(?P<priv>.*)': 'EDIT_PERMISSION', '/useradmin/users/edit/(?P<username>%s)' % (username_re, ): 'EDIT_USER', '/useradmin/groups/edit/(?P<name>%s)' % (groupname_re, ): 'EDIT_GROUP' } process_view_operations = ('USER_LOGOUT', 'DELETE_USER') def __init__(self): from desktop.conf import AUDIT_EVENT_LOG_DIR, SERVER_USER self.impersonator = SERVER_USER.get() if not AUDIT_EVENT_LOG_DIR.get(): LOG.info('Unloading AuditLoggingMiddleware') raise exceptions.MiddlewareNotUsed def process_view(self, request, view_func, view_args, view_kwargs): try: operation = self._get_operation(request.path) if operation in self.process_view_operations: self._log_message(operation, request) except Exception, e: LOG.error('Could not audit the request: %s' % e) return None
# Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. from django.conf.urls import url from desktop.lib.django_util import get_username_re_rule, get_groupname_re_rule from useradmin import views as useradmin_views from useradmin import api as useradmin_api username_re = get_username_re_rule() groupname_re = get_groupname_re_rule() urlpatterns = [ url(r'^$', useradmin_views.list_users, name="useradmin.views.list_users"), url(r'^users/?$', useradmin_views.list_users, name="useradmin.views.list_users"), url(r'^groups/?$', useradmin_views.list_groups, name="useradmin.views.list_groups"), url(r'^permissions/?$', useradmin_views.list_permissions, name="useradmin.views.list_permissions"), url(r'^configurations/?$', useradmin_views.list_configurations, name="useradmin.views.list_configurations"), url(r'^users/edit/(?P<username>%s)$' % (username_re,), useradmin_views.edit_user, name="useradmin.views.edit_user"), url(r'^users/add_ldap_users$', useradmin_views.add_ldap_users, name="useradmin.views.add_ldap_users"), url(r'^users/add_ldap_groups$', useradmin_views.add_ldap_groups, name="useradmin.views.add_ldap_groups"), url(r'^users/sync_ldap_users_groups$', useradmin_views.sync_ldap_users_groups, name="useradmin_views_sync_ldap_users_groups"), url(r'^groups/edit/(?P<name>%s)$' % (groupname_re,), useradmin_views.edit_group, name="useradmin.views.edit_group"), url(r'^permissions/edit/(?P<app>.+?)/(?P<priv>.+?)/?$', useradmin_views.edit_permission, name="useradmin.views.edit_permission"), url(r'^users/new$', useradmin_views.edit_user, name="useradmin.views.edit_user"),
# "License"); you may not use this file except in compliance # with the License. You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. from django.conf.urls.defaults import patterns, url from desktop.lib.django_util import get_username_re_rule, get_groupname_re_rule username_re = get_username_re_rule() groupname_re = get_groupname_re_rule() urlpatterns = patterns('useradmin.views', url(r'^$', 'list_users'), url(r'^users$', 'list_users'), url(r'^groups$', 'list_groups'), url(r'^permissions$', 'list_permissions'), url(r'^users/edit/(?P<username>%s)$' % (username_re,), 'edit_user'), url(r'^users/add_ldap_users$', 'add_ldap_users'), url(r'^users/add_ldap_groups$', 'add_ldap_groups'), url(r'^users/sync_ldap_users_groups$', 'sync_ldap_users_groups'), url(r'^groups/edit/(?P<name>%s)$' % (groupname_re,), 'edit_group'), url(r'^permissions/edit/(?P<app>.*)/(?P<priv>.*)$', 'edit_permission'), url(r'^users/new$', 'edit_user', name="useradmin.new"), url(r'^groups/new$', 'edit_group', name="useradmin.new_group"),
class GroupEditForm(forms.ModelForm): """ Form to manipulate a group. This manages the group name and its membership. """ GROUPNAME = re.compile('^%s$' % get_groupname_re_rule()) class Meta(object): model = Group fields = ["name"] if ENABLE_ORGANIZATIONS.get(): fields.append("organization") def __init__(self, *args, **kwargs): super(GroupEditForm, self).__init__(*args, **kwargs) if self.instance.id: self.fields['name'].widget.attrs['readonly'] = True initial_members = User.objects.filter( groups=self.instance).order_by( 'email' if ENABLE_ORGANIZATIONS.get() else 'username') initial_perms = HuePermission.objects.filter( grouppermission__group=self.instance).order_by( 'app', 'description') else: initial_members = [] initial_perms = [] self.fields["members"] = _make_model_field( _("members"), initial_members, User.objects.order_by('username')) self.fields["permissions"] = _make_model_field( _("permissions"), initial_perms, HuePermission.objects.order_by('app', 'description')) if 'organization' in self.fields: self.fields['organization'] = forms.ChoiceField( choices=((get_user_request_organization().id, get_user_request_organization()), ), initial=get_user_request_organization()) def _compute_diff(self, field_name): current = set(self.fields[field_name].initial_objs) updated = set(self.cleaned_data[field_name]) delete = current.difference(updated) add = updated.difference(current) return delete, add def save(self): super(GroupEditForm, self).save() self._save_members() self._save_permissions() def clean_name(self): # Note that the superclass doesn't have a clean_name method. data = self.cleaned_data["name"] if not self.GROUPNAME.match(data): raise forms.ValidationError( _("Group name may only contain letters, numbers, hyphens or underscores." )) return data def clean_organization(self): try: return Organization.objects.get( id=int(self.cleaned_data.get('organization'))) except: LOG.exception('The organization does not exist.') return None def _save_members(self): delete_membership, add_membership = self._compute_diff("members") for user in delete_membership: user.groups.remove(self.instance) user.save() for user in add_membership: user.groups.add(self.instance) user.save() def _save_permissions(self): delete_permission, add_permission = self._compute_diff("permissions") for perm in delete_permission: GroupPermission.objects.get(group=self.instance, hue_permission=perm).delete() for perm in add_permission: GroupPermission.objects.create(group=self.instance, hue_permission=perm)