def post(self, user_id=None, name=None): user = User.get(self.session, user_id, name) if not user: return self.notfound() if not self.check_access(self.session, self.current_user, user): return self.forbidden() form = UserEnableForm(self.request.arguments) if not form.validate(): # TODO: add error message return self.redirect("/users/{}?refresh=yes".format(user.name)) if user.role_user: enable_service_account( self.session, actor=self.current_user, preserve_membership=form.preserve_membership.data, user=user) else: enable_user(self.session, user, self.current_user, preserve_membership=form.preserve_membership.data) self.session.commit() AuditLog.log(self.session, self.current_user.id, 'enable_user', 'Enabled user.', on_user_id=user.id) return self.redirect("/users/{}?refresh=yes".format(user.name))
def post(self, user_id=None, name=None): user = User.get(self.session, user_id, name) if not user: return self.notfound() if not self.check_access(self.session, self.current_user, user): return self.forbidden() form = UserEnableForm(self.request.arguments) if not form.validate(): # TODO: add error message return self.redirect("/users/{}?refresh=yes".format(user.name)) if user.role_user: enable_service_account(self.session, actor=self.current_user, preserve_membership=form.preserve_membership.data, user=user) else: enable_user(self.session, user, self.current_user, preserve_membership=form.preserve_membership.data) self.session.commit() AuditLog.log(self.session, self.current_user.id, 'enable_user', 'Enabled user.', on_user_id=user.id) return self.redirect("/users/{}?refresh=yes".format(user.name))
def enable_service_account(session, actor, service_account, owner): # type: (Session, User, ServiceAccount, Group) -> None """Enables a service account and sets a new owner.""" enable_user(session, service_account.user, actor, preserve_membership=False) add_service_account(session, owner, service_account) AuditLog.log(session, actor.id, "enable_service_account", "Enabled service account.", on_group_id=owner.id, on_user_id=service_account.user_id) Counter.incr(session, "updates") session.commit()
def enable_role_user(session, actor, preserve_membership, user=None, group=None): # type: (Session, User, bool, User, Group) -> None """ Enabled all components of the service account corresponding to user/group. Args: session: the database session actor: the User that is enabling the service account preserve_membership: whether to preserve what groups the service account is in user: the User component of the service account to be enabled group: the Group component of the service account to be enabled """ acc = get_role_user(session, user, group) enable_user(session, acc.user, actor, preserve_membership) acc.group.enabled = True acc.user.add(session) acc.group.add(session)
def post(self, *args: Any, **kwargs: Any) -> None: name = self.get_path_argument("name") user = User.get(self.session, name=name) if not user: return self.notfound() form = UserEnableForm(self.request.arguments) if not form.validate(): # TODO: add error message return self.redirect("/users/{}?refresh=yes".format(user.name)) if form.preserve_membership.data: if not self.check_access(self.session, self.current_user, user): return self.forbidden() else: if not self.check_access_without_membership( self.session, self.current_user, user): return self.forbidden() if user.role_user: enable_role_user( self.session, actor=self.current_user, preserve_membership=form.preserve_membership.data, user=user, ) else: enable_user( self.session, user, self.current_user, preserve_membership=form.preserve_membership.data, ) self.session.commit() AuditLog.log(self.session, self.current_user.id, "enable_user", "Enabled user.", on_user_id=user.id) return self.redirect("/users/{}?refresh=yes".format(user.name))
def user_command(args, settings, session_factory): # type: (Namespace, CtlSettings, SessionFactory) -> None session = session_factory.create_session() if args.subcommand == "create": for username in args.username: user = User.get(session, name=username) if not user: logging.info("{}: No such user, creating...".format(username)) user = User.get_or_create(session, username=username, role_user=args.role_user) session.commit() else: logging.info( "{}: Already exists. Doing nothing.".format(username)) return elif args.subcommand == "disable": for username in args.username: user = User.get(session, name=username) if not user: logging.info( "{}: No such user. Doing nothing.".format(username)) elif not user.enabled: logging.info( "{}: User already disabled. Doing nothing.".format( username)) else: logging.info("{}: User found, disabling...".format(username)) try: if user.role_user: disable_role_user(session, user) else: disable_user(session, user) AuditLog.log( session, user.id, "disable_user", "(Administrative) User disabled via grouper-ctl", on_user_id=user.id, ) session.commit() except PluginRejectedDisablingUser as e: logging.error("%s", e) return elif args.subcommand == "enable": for username in args.username: user = User.get(session, name=username) if not user: logging.info( "{}: No such user. Doing nothing.".format(username)) elif user.enabled: logging.info( "{}: User not disabled. Doing nothing.".format(username)) else: logging.info("{}: User found, enabling...".format(username)) if user.role_user: enable_role_user( session, user, preserve_membership=args.preserve_membership, user=user) else: enable_user(session, user, user, preserve_membership=args.preserve_membership) AuditLog.log( session, user.id, "enable_user", "(Administrative) User enabled via grouper-ctl", on_user_id=user.id, ) session.commit() return # "add_public_key" and "set_metadata" user = User.get(session, name=args.username) if not user: logging.error("{}: No such user. Doing nothing.".format(args.username)) return # User must exist at this point. if args.subcommand == "set_metadata": logging.info("Setting %s metadata: %s=%s", args.username, args.metadata_key, args.metadata_value) if args.metadata_value == "": args.metadata_value = None set_user_metadata(session, user.id, args.metadata_key, args.metadata_value) session.commit() elif args.subcommand == "add_public_key": logging.info("Adding public key for user") try: pubkey = public_key.add_public_key(session, user, args.public_key) except public_key.DuplicateKey: logging.error("Key already in use") return except public_key.PublicKeyParseError: logging.error("Public key appears to be invalid") return AuditLog.log( session, user.id, "add_public_key", "(Administrative) Added public key: {}".format( pubkey.fingerprint_sha256), on_user_id=user.id, )
def user_command(args): session = make_session() if args.subcommand == "create": for username in args.username: user = User.get(session, name=username) if not user: logging.info("{}: No such user, creating...".format(username)) user = User.get_or_create(session, username=username, role_user=args.role_user) session.commit() else: logging.info( "{}: Already exists. Doing nothing.".format(username)) return elif args.subcommand == "disable": for username in args.username: user = User.get(session, name=username) if not user: logging.info( "{}: No such user. Doing nothing.".format(username)) elif not user.enabled: logging.info( "{}: User already disabled. Doing nothing.".format( username)) else: logging.info("{}: User found, disabling...".format(username)) try: if user.role_user: disable_role_user(session, user) else: disable_user(session, user) AuditLog.log( session, user.id, 'disable_user', '(Administrative) User disabled via grouper-ctl', on_user_id=user.id) session.commit() except PluginRejectedDisablingUser as e: logging.error(e.message) return elif args.subcommand == "enable": for username in args.username: user = User.get(session, name=username) if not user: logging.info( "{}: No such user. Doing nothing.".format(username)) elif user.enabled: logging.info( "{}: User not disabled. Doing nothing.".format(username)) else: logging.info("{}: User found, enabling...".format(username)) if user.role_user: enable_role_user( session, user, preserve_membership=args.preserve_membership, user=user) else: enable_user(session, user, user, preserve_membership=args.preserve_membership) AuditLog.log(session, user.id, 'enable_user', '(Administrative) User enabled via grouper-ctl', on_user_id=user.id) session.commit() return # "add_public_key" and "set_metadata" user = User.get(session, name=args.username) if not user: logging.error("{}: No such user. Doing nothing.".format(args.username)) return # User must exist at this point. if args.subcommand == "set_metadata": print "Setting %s metadata: %s=%s" % (args.username, args.metadata_key, args.metadata_value) if args.metadata_value == "": args.metadata_value = None set_user_metadata(session, user.id, args.metadata_key, args.metadata_value) session.commit() elif args.subcommand == "add_public_key": print "Adding public key for user..." try: pubkey = public_key.add_public_key(session, user, args.public_key) except public_key.DuplicateKey: print "Key already in use." return except public_key.PublicKeyParseError: print "Public key appears to be invalid." return AuditLog.log(session, user.id, 'add_public_key', '(Administrative) Added public key: {}'.format( pubkey.fingerprint), on_user_id=user.id)
def user_command(args): session = make_session() if args.subcommand == "create": for username in args.username: user = User.get(session, name=username) if not user: logging.info("{}: No such user, creating...".format(username)) user = User.get_or_create(session, username=username, role_user=args.role_user) session.commit() else: logging.info("{}: Already exists. Doing nothing.".format(username)) return elif args.subcommand == "disable": for username in args.username: user = User.get(session, name=username) if not user: logging.info("{}: No such user. Doing nothing.".format(username)) elif not user.enabled: logging.info("{}: User already disabled. Doing nothing.".format(username)) else: logging.info("{}: User found, disabling...".format(username)) if user.role_user: disable_service_account(session, user) else: disable_user(session, user) session.commit() return elif args.subcommand == "enable": for username in args.username: user = User.get(session, name=username) if not user: logging.info("{}: No such user. Doing nothing.".format(username)) elif user.enabled: logging.info("{}: User not disabled. Doing nothing.".format(username)) else: logging.info("{}: User found, enabling...".format(username)) if user.role_user: enable_service_account(session, user, preserve_membership=args.preserve_membership, user=user) else: enable_user(session, user, user, preserve_membership=args.preserve_membership) session.commit() return # "add_public_key" and "set_metadata" user = User.get(session, name=args.username) if not user: logging.error("{}: No such user. Doing nothing.".format(args.username)) return # User must exist at this point. if args.subcommand == "set_metadata": print "Setting %s metadata: %s=%s" % (args.username, args.metadata_key, args.metadata_value) if args.metadata_value == "": args.metadata_value = None set_user_metadata(session, user.id, args.metadata_key, args.metadata_value) session.commit() elif args.subcommand == "add_public_key": print "Adding public key for user..." try: pubkey = public_key.add_public_key(session, user, args.public_key) except public_key.DuplicateKey: print "Key already in use." return except public_key.PublicKeyParseError: print "Public key appears to be invalid." return AuditLog.log(session, user.id, 'add_public_key', '(Administrative) Added public key: {}'.format(pubkey.fingerprint), on_user_id=user.id)
def user_command(args, settings, session_factory): # type: (Namespace, CtlSettings, SessionFactory) -> None session = session_factory.create_session() if args.subcommand == "create": for username in args.username: user = User.get(session, name=username) if not user: logging.info("{}: No such user, creating...".format(username)) user = User.get_or_create(session, username=username, role_user=args.role_user) session.commit() else: logging.info("{}: Already exists. Doing nothing.".format(username)) return elif args.subcommand == "disable": for username in args.username: user = User.get(session, name=username) if not user: logging.info("{}: No such user. Doing nothing.".format(username)) elif not user.enabled: logging.info("{}: User already disabled. Doing nothing.".format(username)) else: logging.info("{}: User found, disabling...".format(username)) try: if user.role_user: disable_role_user(session, user) else: disable_user(session, user) AuditLog.log( session, user.id, "disable_user", "(Administrative) User disabled via grouper-ctl", on_user_id=user.id, ) session.commit() except PluginRejectedDisablingUser as e: logging.error("%s", e) return elif args.subcommand == "enable": for username in args.username: user = User.get(session, name=username) if not user: logging.info("{}: No such user. Doing nothing.".format(username)) elif user.enabled: logging.info("{}: User not disabled. Doing nothing.".format(username)) else: logging.info("{}: User found, enabling...".format(username)) if user.role_user: enable_role_user( session, user, preserve_membership=args.preserve_membership, user=user ) else: enable_user(session, user, user, preserve_membership=args.preserve_membership) AuditLog.log( session, user.id, "enable_user", "(Administrative) User enabled via grouper-ctl", on_user_id=user.id, ) session.commit() return # "add_public_key" and "set_metadata" user = User.get(session, name=args.username) if not user: logging.error("{}: No such user. Doing nothing.".format(args.username)) return # User must exist at this point. if args.subcommand == "set_metadata": logging.info( "Setting %s metadata: %s=%s", args.username, args.metadata_key, args.metadata_value ) if args.metadata_value == "": args.metadata_value = None set_user_metadata(session, user.id, args.metadata_key, args.metadata_value) session.commit() elif args.subcommand == "add_public_key": logging.info("Adding public key for user") try: pubkey = public_key.add_public_key(session, user, args.public_key) except public_key.DuplicateKey: logging.error("Key already in use") return except public_key.PublicKeyParseError: logging.error("Public key appears to be invalid") return AuditLog.log( session, user.id, "add_public_key", "(Administrative) Added public key: {}".format(pubkey.fingerprint_sha256), on_user_id=user.id, )