示例#1
0
    def setup_ldap(self):
        if not self.ldap_profile:
            return

        stool = getToolByName(self.site, 'portal_setup')
        stool = getToolByName(self.site, 'portal_setup')
        stool.runAllImportStepsFromProfile(
            'profile-{0}'.format(self.ldap_profile))

        # Configure credentials from JSON file at
        # ~/.opengever/ldap/{hostname}.json
        configure_ldap_credentials(self.site)

        acl_users = getToolByName(self.site, 'acl_users')
        plugins = acl_users.plugins

        # disable source_groups when using ldap
        for ptype in plugins.listPluginTypeInfo():
            try:
                plugins.deactivatePlugin(ptype['interface'],
                                         'source_groups')
            except KeyError:
                pass

        # deactivate recursive groups
        for ptype in plugins.listPluginTypeInfo():
            try:
                plugins.deactivatePlugin(ptype['interface'],
                                         'recursive_groups')
            except KeyError:
                pass

        # move ldap up
        plugins.movePluginsUp(IPropertiesPlugin, ('ldap',))
        plugins.movePluginsUp(IPropertiesPlugin, ('ldap',))
        plugins.movePluginsUp(IPropertiesPlugin, ('ldap',))

        if not self.is_development_setup:
            # Deactivate 'Authentication' capability for LDAP plugin
            # In production, auth will always be performed by CAS portal
            plugins.deactivatePlugin(IAuthenticationPlugin, 'ldap')
示例#2
0
    def setup_ldap(self):
        if not self.ldap_profile:
            return

        stool = getToolByName(self.site, 'portal_setup')
        stool = getToolByName(self.site, 'portal_setup')
        stool.runAllImportStepsFromProfile('profile-{0}'.format(
            self.ldap_profile))

        # Configure credentials from JSON file at
        # ~/.opengever/ldap/{hostname}.json
        configure_ldap_credentials(self.site)

        acl_users = getToolByName(self.site, 'acl_users')
        plugins = acl_users.plugins

        # disable source_groups when using ldap
        for ptype in plugins.listPluginTypeInfo():
            try:
                plugins.deactivatePlugin(ptype['interface'], 'source_groups')
            except KeyError:
                pass

        # deactivate recursive groups
        for ptype in plugins.listPluginTypeInfo():
            try:
                plugins.deactivatePlugin(ptype['interface'],
                                         'recursive_groups')
            except KeyError:
                pass

        # move ldap up
        plugins.movePluginsUp(IPropertiesPlugin, ('ldap', ))
        plugins.movePluginsUp(IPropertiesPlugin, ('ldap', ))
        plugins.movePluginsUp(IPropertiesPlugin, ('ldap', ))

        if not self.is_development_setup:
            # Deactivate 'Authentication' capability for LDAP plugin
            # In production, auth will always be performed by CAS portal
            plugins.deactivatePlugin(IAuthenticationPlugin, 'ldap')
示例#3
0
    def __call__(self):
        form = self.request.form
        session = create_session()

        policy_id = form['policy']
        client_registry = getUtility(IClientConfigurationRegistry)
        config = client_registry.get_policy(policy_id)

        # drop sql tables
        if form.get('first', False) and config.get('purge_sql', False):
            self.drop_sql_tables(session)

        ext_profiles = list(EXTENSION_PROFILES)
        if config.get('base_profile', None):
            ext_profiles.append(config.get('base_profile'))

        # create plone site
        site = addPloneSite(
            self.context,
            form['client_id'],
            title=form['title'],
            profile_id=_DEFAULT_PROFILE,
            extension_ids=ext_profiles,
            setup_content=False,
            default_language=config.get('language', 'de-ch'),
            )

        # ldap
        stool = getToolByName(site, 'portal_setup')
        if form.get('ldap', False):
            stool = getToolByName(site, 'portal_setup')
            stool.runAllImportStepsFromProfile('profile-%s' % form.get('ldap'))

            # Configure credentials from JSON file at
            # ~/.opengever/ldap/{hostname}.json
            configure_ldap_credentials(site)

            acl_users = getToolByName(site, 'acl_users')
            plugins = acl_users.plugins

            # disable source_groups when using ldap
            for ptype in plugins.listPluginTypeInfo():
                try:
                    plugins.deactivatePlugin(ptype['interface'],
                                             'source_groups')
                except KeyError:
                    pass

            # deactivate recursive groups
            for ptype in plugins.listPluginTypeInfo():
                try:
                    plugins.deactivatePlugin(ptype['interface'],
                                             'recursive_groups')
                except KeyError:
                    pass

            # move ldap up
            plugins.movePluginsUp(IPropertiesPlugin, ('ldap',))
            plugins.movePluginsUp(IPropertiesPlugin, ('ldap',))
            plugins.movePluginsUp(IPropertiesPlugin, ('ldap',))

        if form.get('first', False) and form.get('import_users', False):
            print '===== SYNC LDAP ===='

            class Object(object):
                pass

            # Import LDAP users and groups
            options = Object()
            options.site_root = '/' + form['client_id']
            options.update_syncstamp = False
            sync_ldap.run_import(self.context, options)

        if form.get('configsql'):
            # register the client in the ogds
            # is the client already configured? -> delete it
            clients = session.query(Client).filter_by(
                client_id=form['client_id']).all()
            if clients:
                session.delete(clients[0])

            # groups must exist
            users_groups = session.query(Group).filter_by(
                groupid=form['group'])
            inbox_groups = session.query(Group).filter_by(
                groupid=form['inbox_group'])

            try:
                users_group = users_groups[0]
            except IndexError:
                raise SetupError("User group '%s' could not be found." %
                                 form['group'])

            try:
                inbox_group = inbox_groups[0]
            except IndexError:
                raise SetupError("Inbox group '%s' could not be found." %
                                 form['inbox_group'])

            active = bool(form.get('active', False))

            client = Client(form['client_id'],
                            enabled=active,
                            title=form['title'],
                            ip_address=form['ip_address'],
                            site_url=form['site_url'],
                            public_url=form['public_url'],
                            )

            client.users_group = users_group
            client.inbox_group = inbox_group

            session.add(client)

        # create the admin user in the ogds if he not exist
        # and add it to the specified user_group
        # so we avoid a constraintError in the choice fields

        if session.query(User).filter_by(userid=ADMIN_USER_ID).count() == 0:
            og_admin_user = User(ADMIN_USER_ID, firstname='OG',
                        lastname='Administrator', active=True)
            session.add(og_admin_user)
        else:
            og_admin_user = session.query(User).filter_by(
                userid=ADMIN_USER_ID).first()
            og_admin_user.active = True

        users_group = session.query(Group).filter_by(
            groupid=form['group']).first()

        if og_admin_user not in users_group.users:
            users_group.users.append(og_admin_user)

        # set the client id in the registry
        client_id = form['client_id'].decode('utf-8')
        registry = getUtility(IRegistry)
        proxy = registry.forInterface(IClientConfiguration)
        proxy.client_id = form['client_id'].decode('utf-8')

        # set the mail domain in the registry
        registry = getUtility(IRegistry)
        proxy = registry.forInterface(IMailSettings)
        proxy.mail_domain = form['mail_domain'].decode('utf-8')
        mail_from_address = self.get_mail_from_address()
        site.manage_changeProperties({'email_from_address': mail_from_address,
                                    'email_from_name': client_id})

        # set global Member role for the client users group
        site.acl_users.portal_role_manager.assignRoleToPrincipal(
            'Member', form['group'])

        # set global Member role for readers group
        if form['reader_group']:
            site.acl_users.portal_role_manager.assignRoleToPrincipal(
                'Member', form['reader_group'])

        # set Role Manager role for rolemanager group
        if form['rolemanager_group']:
            site.acl_users.portal_role_manager.assignRoleToPrincipal(
                'Role Manager', form['rolemanager_group'])

        # provide the repository root for opengever.setup:default
        repository_root = config.get('repository_root', None)
        if repository_root:
            self.request.set('repository_root', repository_root)

        # import the defaul generic setup profiles if needed
        stool = getToolByName(site, 'portal_setup')
        for profile in config.get('additional_profiles', ()):
            stool.runAllImportStepsFromProfile('profile-%s' % profile)

        # set the site title
        site.manage_changeProperties(title=form['title'])

        # REALLY set the language - the plone4 addPloneSite is really
        # buggy with languages.
        langCP = getAdapter(site, ILanguageSelectionSchema)
        langCP.default_language = 'de-ch'

        # the og_admin_user is not longer used so we set him to inactive
        og_admin_user.active = False

        return 'ok'
示例#4
0
    def __call__(self):
        form = self.request.form
        session = create_session()

        policy_id = form['policy']
        client_registry = getUtility(IClientConfigurationRegistry)
        config = client_registry.get_policy(policy_id)

        # drop sql tables
        if form.get('first', False) and config.get('purge_sql', False):
            self.drop_sql_tables(session)

        ext_profiles = list(EXTENSION_PROFILES)
        if config.get('base_profile', None):
            ext_profiles.append(config.get('base_profile'))

        # create plone site
        site = addPloneSite(
            self.context,
            form['client_id'],
            title=form['title'],
            profile_id=_DEFAULT_PROFILE,
            extension_ids=ext_profiles,
            setup_content=False,
            default_language=config.get('language', 'de-ch'),
        )

        # ldap
        stool = getToolByName(site, 'portal_setup')
        if form.get('ldap', False):
            stool = getToolByName(site, 'portal_setup')
            stool.runAllImportStepsFromProfile('profile-%s' % form.get('ldap'))

            # Configure credentials from JSON file at
            # ~/.opengever/ldap/{hostname}.json
            configure_ldap_credentials(site)

            acl_users = getToolByName(site, 'acl_users')
            plugins = acl_users.plugins

            # disable source_groups when using ldap
            for ptype in plugins.listPluginTypeInfo():
                try:
                    plugins.deactivatePlugin(ptype['interface'],
                                             'source_groups')
                except KeyError:
                    pass

            # deactivate recursive groups
            for ptype in plugins.listPluginTypeInfo():
                try:
                    plugins.deactivatePlugin(ptype['interface'],
                                             'recursive_groups')
                except KeyError:
                    pass

            # move ldap up
            plugins.movePluginsUp(IPropertiesPlugin, ('ldap', ))
            plugins.movePluginsUp(IPropertiesPlugin, ('ldap', ))
            plugins.movePluginsUp(IPropertiesPlugin, ('ldap', ))

        if form.get('first', False) and form.get('import_users', False):
            print '===== SYNC LDAP ===='

            class Object(object):
                pass

            # Import LDAP users and groups
            options = Object()
            options.site_root = '/' + form['client_id']
            options.update_syncstamp = False
            sync_ldap.run_import(self.context, options)

        if form.get('configsql'):
            # register the client in the ogds
            # is the client already configured? -> delete it
            clients = session.query(Client).filter_by(
                client_id=form['client_id']).all()
            if clients:
                session.delete(clients[0])

            # groups must exist
            users_groups = session.query(Group).filter_by(
                groupid=form['group'])
            inbox_groups = session.query(Group).filter_by(
                groupid=form['inbox_group'])

            try:
                users_group = users_groups[0]
            except IndexError:
                raise SetupError("User group '%s' could not be found." %
                                 form['group'])

            try:
                inbox_group = inbox_groups[0]
            except IndexError:
                raise SetupError("Inbox group '%s' could not be found." %
                                 form['inbox_group'])

            active = bool(form.get('active', False))

            client = Client(
                form['client_id'],
                enabled=active,
                title=form['title'],
                ip_address=form['ip_address'],
                site_url=form['site_url'],
                public_url=form['public_url'],
            )

            client.users_group = users_group
            client.inbox_group = inbox_group

            session.add(client)

        # create the admin user in the ogds if he not exist
        # and add it to the specified user_group
        # so we avoid a constraintError in the choice fields

        if session.query(User).filter_by(userid=ADMIN_USER_ID).count() == 0:
            og_admin_user = User(ADMIN_USER_ID,
                                 firstname='OG',
                                 lastname='Administrator',
                                 active=True)
            session.add(og_admin_user)
        else:
            og_admin_user = session.query(User).filter_by(
                userid=ADMIN_USER_ID).first()
            og_admin_user.active = True

        users_group = session.query(Group).filter_by(
            groupid=form['group']).first()

        if og_admin_user not in users_group.users:
            users_group.users.append(og_admin_user)

        # set the client id in the registry
        client_id = form['client_id'].decode('utf-8')
        registry = getUtility(IRegistry)
        proxy = registry.forInterface(IClientConfiguration)
        proxy.client_id = form['client_id'].decode('utf-8')

        # set the mail domain in the registry
        registry = getUtility(IRegistry)
        proxy = registry.forInterface(IMailSettings)
        proxy.mail_domain = form['mail_domain'].decode('utf-8')
        mail_from_address = self.get_mail_from_address()
        site.manage_changeProperties({
            'email_from_address': mail_from_address,
            'email_from_name': client_id
        })

        # set global Member role for the client users group
        site.acl_users.portal_role_manager.assignRoleToPrincipal(
            'Member', form['group'])

        # set global Member role for readers group
        if form['reader_group']:
            site.acl_users.portal_role_manager.assignRoleToPrincipal(
                'Member', form['reader_group'])

        # set Role Manager role for rolemanager group
        if form['rolemanager_group']:
            site.acl_users.portal_role_manager.assignRoleToPrincipal(
                'Role Manager', form['rolemanager_group'])

        # provide the repository root for opengever.setup:default
        repository_root = config.get('repository_root', None)
        if repository_root:
            self.request.set('repository_root', repository_root)

        # import the defaul generic setup profiles if needed
        stool = getToolByName(site, 'portal_setup')
        for profile in config.get('additional_profiles', ()):
            stool.runAllImportStepsFromProfile('profile-%s' % profile)

        # set the site title
        site.manage_changeProperties(title=form['title'])

        # REALLY set the language - the plone4 addPloneSite is really
        # buggy with languages.
        langCP = getAdapter(site, ILanguageSelectionSchema)
        langCP.default_language = 'de-ch'

        # the og_admin_user is not longer used so we set him to inactive
        og_admin_user.active = False

        return 'ok'