def post(self, user_id=None, name=None):
user = User.get(self.session, user_id, name)
if not user:
return self.notfound()
if not self.check_access(self.session, self.current_user, user):
return self.forbidden()
form = UserEnableForm(self.request.arguments)
if not form.validate():
# TODO: add error message
return self.redirect("/users/{}?refresh=yes".format(user.name))
if user.role_user:
enable_service_account(
self.session,
actor=self.current_user,
preserve_membership=form.preserve_membership.data,
user=user)
else:
enable_user(self.session,
user,
self.current_user,
preserve_membership=form.preserve_membership.data)
self.session.commit()
AuditLog.log(self.session,
self.current_user.id,
'enable_user',
'Enabled user.',
on_user_id=user.id)
return self.redirect("/users/{}?refresh=yes".format(user.name))
def post(self, user_id=None, name=None):
user = User.get(self.session, user_id, name)
if not user:
return self.notfound()
if not self.check_access(self.session, self.current_user, user):
return self.forbidden()
form = UserEnableForm(self.request.arguments)
if not form.validate():
# TODO: add error message
return self.redirect("/users/{}?refresh=yes".format(user.name))
if user.role_user:
enable_service_account(self.session, actor=self.current_user,
preserve_membership=form.preserve_membership.data, user=user)
else:
enable_user(self.session, user, self.current_user,
preserve_membership=form.preserve_membership.data)
self.session.commit()
AuditLog.log(self.session, self.current_user.id, 'enable_user',
'Enabled user.', on_user_id=user.id)
return self.redirect("/users/{}?refresh=yes".format(user.name))
def enable_service_account(session, actor, service_account, owner):
# type: (Session, User, ServiceAccount, Group) -> None
"""Enables a service account and sets a new owner."""
enable_user(session, service_account.user, actor, preserve_membership=False)
add_service_account(session, owner, service_account)
AuditLog.log(session, actor.id, "enable_service_account", "Enabled service account.",
on_group_id=owner.id, on_user_id=service_account.user_id)
Counter.incr(session, "updates")
session.commit()
def enable_role_user(session, actor, preserve_membership, user=None, group=None):
# type: (Session, User, bool, User, Group) -> None
"""
Enabled all components of the service account corresponding to user/group.
Args:
session: the database session
actor: the User that is enabling the service account
preserve_membership: whether to preserve what groups the service account is in
user: the User component of the service account to be enabled
group: the Group component of the service account to be enabled
"""
acc = get_role_user(session, user, group)
enable_user(session, acc.user, actor, preserve_membership)
acc.group.enabled = True
acc.user.add(session)
acc.group.add(session)
def enable_role_user(session, actor, preserve_membership, user=None, group=None):
# type: (Session, User, bool, User, Group) -> None
"""
Enabled all components of the service account corresponding to user/group.
Args:
session: the database session
actor: the User that is enabling the service account
preserve_membership: whether to preserve what groups the service account is in
user: the User component of the service account to be enabled
group: the Group component of the service account to be enabled
"""
acc = get_role_user(session, user, group)
enable_user(session, acc.user, actor, preserve_membership)
acc.group.enabled = True
acc.user.add(session)
acc.group.add(session)
def post(self, *args: Any, **kwargs: Any) -> None:
name = self.get_path_argument("name")
user = User.get(self.session, name=name)
if not user:
return self.notfound()
form = UserEnableForm(self.request.arguments)
if not form.validate():
# TODO: add error message
return self.redirect("/users/{}?refresh=yes".format(user.name))
if form.preserve_membership.data:
if not self.check_access(self.session, self.current_user, user):
return self.forbidden()
else:
if not self.check_access_without_membership(
self.session, self.current_user, user):
return self.forbidden()
if user.role_user:
enable_role_user(
self.session,
actor=self.current_user,
preserve_membership=form.preserve_membership.data,
user=user,
)
else:
enable_user(
self.session,
user,
self.current_user,
preserve_membership=form.preserve_membership.data,
)
self.session.commit()
AuditLog.log(self.session,
self.current_user.id,
"enable_user",
"Enabled user.",
on_user_id=user.id)
return self.redirect("/users/{}?refresh=yes".format(user.name))
def user_command(args, settings, session_factory):
# type: (Namespace, CtlSettings, SessionFactory) -> None
session = session_factory.create_session()
if args.subcommand == "create":
for username in args.username:
user = User.get(session, name=username)
if not user:
logging.info("{}: No such user, creating...".format(username))
user = User.get_or_create(session,
username=username,
role_user=args.role_user)
session.commit()
else:
logging.info(
"{}: Already exists. Doing nothing.".format(username))
return
elif args.subcommand == "disable":
for username in args.username:
user = User.get(session, name=username)
if not user:
logging.info(
"{}: No such user. Doing nothing.".format(username))
elif not user.enabled:
logging.info(
"{}: User already disabled. Doing nothing.".format(
username))
else:
logging.info("{}: User found, disabling...".format(username))
try:
if user.role_user:
disable_role_user(session, user)
else:
disable_user(session, user)
AuditLog.log(
session,
user.id,
"disable_user",
"(Administrative) User disabled via grouper-ctl",
on_user_id=user.id,
)
session.commit()
except PluginRejectedDisablingUser as e:
logging.error("%s", e)
return
elif args.subcommand == "enable":
for username in args.username:
user = User.get(session, name=username)
if not user:
logging.info(
"{}: No such user. Doing nothing.".format(username))
elif user.enabled:
logging.info(
"{}: User not disabled. Doing nothing.".format(username))
else:
logging.info("{}: User found, enabling...".format(username))
if user.role_user:
enable_role_user(
session,
user,
preserve_membership=args.preserve_membership,
user=user)
else:
enable_user(session,
user,
user,
preserve_membership=args.preserve_membership)
AuditLog.log(
session,
user.id,
"enable_user",
"(Administrative) User enabled via grouper-ctl",
on_user_id=user.id,
)
session.commit()
return
# "add_public_key" and "set_metadata"
user = User.get(session, name=args.username)
if not user:
logging.error("{}: No such user. Doing nothing.".format(args.username))
return
# User must exist at this point.
if args.subcommand == "set_metadata":
logging.info("Setting %s metadata: %s=%s", args.username,
args.metadata_key, args.metadata_value)
if args.metadata_value == "":
args.metadata_value = None
set_user_metadata(session, user.id, args.metadata_key,
args.metadata_value)
session.commit()
elif args.subcommand == "add_public_key":
logging.info("Adding public key for user")
try:
pubkey = public_key.add_public_key(session, user, args.public_key)
except public_key.DuplicateKey:
logging.error("Key already in use")
return
except public_key.PublicKeyParseError:
logging.error("Public key appears to be invalid")
return
AuditLog.log(
session,
user.id,
"add_public_key",
"(Administrative) Added public key: {}".format(
pubkey.fingerprint_sha256),
on_user_id=user.id,
)
def user_command(args):
session = make_session()
if args.subcommand == "create":
for username in args.username:
user = User.get(session, name=username)
if not user:
logging.info("{}: No such user, creating...".format(username))
user = User.get_or_create(session,
username=username,
role_user=args.role_user)
session.commit()
else:
logging.info(
"{}: Already exists. Doing nothing.".format(username))
return
elif args.subcommand == "disable":
for username in args.username:
user = User.get(session, name=username)
if not user:
logging.info(
"{}: No such user. Doing nothing.".format(username))
elif not user.enabled:
logging.info(
"{}: User already disabled. Doing nothing.".format(
username))
else:
logging.info("{}: User found, disabling...".format(username))
try:
if user.role_user:
disable_role_user(session, user)
else:
disable_user(session, user)
AuditLog.log(
session,
user.id,
'disable_user',
'(Administrative) User disabled via grouper-ctl',
on_user_id=user.id)
session.commit()
except PluginRejectedDisablingUser as e:
logging.error(e.message)
return
elif args.subcommand == "enable":
for username in args.username:
user = User.get(session, name=username)
if not user:
logging.info(
"{}: No such user. Doing nothing.".format(username))
elif user.enabled:
logging.info(
"{}: User not disabled. Doing nothing.".format(username))
else:
logging.info("{}: User found, enabling...".format(username))
if user.role_user:
enable_role_user(
session,
user,
preserve_membership=args.preserve_membership,
user=user)
else:
enable_user(session,
user,
user,
preserve_membership=args.preserve_membership)
AuditLog.log(session,
user.id,
'enable_user',
'(Administrative) User enabled via grouper-ctl',
on_user_id=user.id)
session.commit()
return
# "add_public_key" and "set_metadata"
user = User.get(session, name=args.username)
if not user:
logging.error("{}: No such user. Doing nothing.".format(args.username))
return
# User must exist at this point.
if args.subcommand == "set_metadata":
print "Setting %s metadata: %s=%s" % (args.username, args.metadata_key,
args.metadata_value)
if args.metadata_value == "":
args.metadata_value = None
set_user_metadata(session, user.id, args.metadata_key,
args.metadata_value)
session.commit()
elif args.subcommand == "add_public_key":
print "Adding public key for user..."
try:
pubkey = public_key.add_public_key(session, user, args.public_key)
except public_key.DuplicateKey:
print "Key already in use."
return
except public_key.PublicKeyParseError:
print "Public key appears to be invalid."
return
AuditLog.log(session,
user.id,
'add_public_key',
'(Administrative) Added public key: {}'.format(
pubkey.fingerprint),
on_user_id=user.id)
def user_command(args):
session = make_session()
if args.subcommand == "create":
for username in args.username:
user = User.get(session, name=username)
if not user:
logging.info("{}: No such user, creating...".format(username))
user = User.get_or_create(session, username=username, role_user=args.role_user)
session.commit()
else:
logging.info("{}: Already exists. Doing nothing.".format(username))
return
elif args.subcommand == "disable":
for username in args.username:
user = User.get(session, name=username)
if not user:
logging.info("{}: No such user. Doing nothing.".format(username))
elif not user.enabled:
logging.info("{}: User already disabled. Doing nothing.".format(username))
else:
logging.info("{}: User found, disabling...".format(username))
if user.role_user:
disable_service_account(session, user)
else:
disable_user(session, user)
session.commit()
return
elif args.subcommand == "enable":
for username in args.username:
user = User.get(session, name=username)
if not user:
logging.info("{}: No such user. Doing nothing.".format(username))
elif user.enabled:
logging.info("{}: User not disabled. Doing nothing.".format(username))
else:
logging.info("{}: User found, enabling...".format(username))
if user.role_user:
enable_service_account(session, user,
preserve_membership=args.preserve_membership, user=user)
else:
enable_user(session, user, user, preserve_membership=args.preserve_membership)
session.commit()
return
# "add_public_key" and "set_metadata"
user = User.get(session, name=args.username)
if not user:
logging.error("{}: No such user. Doing nothing.".format(args.username))
return
# User must exist at this point.
if args.subcommand == "set_metadata":
print "Setting %s metadata: %s=%s" % (args.username, args.metadata_key, args.metadata_value)
if args.metadata_value == "":
args.metadata_value = None
set_user_metadata(session, user.id, args.metadata_key, args.metadata_value)
session.commit()
elif args.subcommand == "add_public_key":
print "Adding public key for user..."
try:
pubkey = public_key.add_public_key(session, user, args.public_key)
except public_key.DuplicateKey:
print "Key already in use."
return
except public_key.PublicKeyParseError:
print "Public key appears to be invalid."
return
AuditLog.log(session, user.id, 'add_public_key',
'(Administrative) Added public key: {}'.format(pubkey.fingerprint),
on_user_id=user.id)
def user_command(args, settings, session_factory):
# type: (Namespace, CtlSettings, SessionFactory) -> None
session = session_factory.create_session()
if args.subcommand == "create":
for username in args.username:
user = User.get(session, name=username)
if not user:
logging.info("{}: No such user, creating...".format(username))
user = User.get_or_create(session, username=username, role_user=args.role_user)
session.commit()
else:
logging.info("{}: Already exists. Doing nothing.".format(username))
return
elif args.subcommand == "disable":
for username in args.username:
user = User.get(session, name=username)
if not user:
logging.info("{}: No such user. Doing nothing.".format(username))
elif not user.enabled:
logging.info("{}: User already disabled. Doing nothing.".format(username))
else:
logging.info("{}: User found, disabling...".format(username))
try:
if user.role_user:
disable_role_user(session, user)
else:
disable_user(session, user)
AuditLog.log(
session,
user.id,
"disable_user",
"(Administrative) User disabled via grouper-ctl",
on_user_id=user.id,
)
session.commit()
except PluginRejectedDisablingUser as e:
logging.error("%s", e)
return
elif args.subcommand == "enable":
for username in args.username:
user = User.get(session, name=username)
if not user:
logging.info("{}: No such user. Doing nothing.".format(username))
elif user.enabled:
logging.info("{}: User not disabled. Doing nothing.".format(username))
else:
logging.info("{}: User found, enabling...".format(username))
if user.role_user:
enable_role_user(
session, user, preserve_membership=args.preserve_membership, user=user
)
else:
enable_user(session, user, user, preserve_membership=args.preserve_membership)
AuditLog.log(
session,
user.id,
"enable_user",
"(Administrative) User enabled via grouper-ctl",
on_user_id=user.id,
)
session.commit()
return
# "add_public_key" and "set_metadata"
user = User.get(session, name=args.username)
if not user:
logging.error("{}: No such user. Doing nothing.".format(args.username))
return
# User must exist at this point.
if args.subcommand == "set_metadata":
logging.info(
"Setting %s metadata: %s=%s", args.username, args.metadata_key, args.metadata_value
)
if args.metadata_value == "":
args.metadata_value = None
set_user_metadata(session, user.id, args.metadata_key, args.metadata_value)
session.commit()
elif args.subcommand == "add_public_key":
logging.info("Adding public key for user")
try:
pubkey = public_key.add_public_key(session, user, args.public_key)
except public_key.DuplicateKey:
logging.error("Key already in use")
return
except public_key.PublicKeyParseError:
logging.error("Public key appears to be invalid")
return
AuditLog.log(
session,
user.id,
"add_public_key",
"(Administrative) Added public key: {}".format(pubkey.fingerprint_sha256),
on_user_id=user.id,
)
