def get_data(self): users = [] domain_context = self.request.session.get('domain_context', None) if policy.check((("identity", "identity:list_users"),), self.request): try: if is_m1_user_admin(self.request): ksclient = get_admin_ksclient() users = ksclient.users.list() else: users = api.keystone.user_list(self.request, domain=domain_context) except Exception: exceptions.handle(self.request, _('Unable to retrieve user list.')) elif policy.check((("identity", "identity:get_user"),), self.request): try: if is_m1_user_admin(self.request): ksclient = get_admin_ksclient() user = ksclient.users.get(self.request.user.id) user = api.keystone.VERSIONS.upgrade_v2_user(user) else: user = api.keystone.user_get(self.request, self.request.user.id) users.append(user) except Exception: exceptions.handle(self.request, _('Unable to retrieve user information.')) else: msg = _("Insufficient privilege level to view user information.") messages.info(self.request, msg) return users
def action(self, request, obj_id): if obj_id == request.user.id: messages.info(request, _('You cannot disable the user you are ' 'currently logged in as.')) return if self.enabled: if is_m1_user_admin(request): ksclient = get_admin_ksclient() if api.keystone.VERSIONS.active < 3: ksclient.users.update_enabled(obj_id, False) else: ksclient.users.update(obj_id, enabled=False) else: api.keystone.user_update_enabled(request, obj_id, False) self.current_past_action = DISABLE else: if is_m1_user_admin(request): ksclient = get_admin_ksclient() if api.keystone.VERSIONS.active < 3: ksclient.users.update_enabled(obj_id, True) else: ksclient.users.update(obj_id, enabled=True) else: api.keystone.user_update_enabled(request, obj_id, True) self.current_past_action = ENABLE
def get_context_data(self, **kwargs): context = super(DetailView, self).get_context_data(**kwargs) user = self.get_data() tenant = self.get_tenant(user.project_id) table = project_tables.UsersTable(self.request) domain_id = getattr(user, "domain_id", None) domain_name = '' if api.keystone.VERSIONS.active >= 3: try: if is_m1_user_admin(self.request): ksclient = get_admin_ksclient() domain = ksclient.domains.get(domain_id) else: domain = api.keystone.domain_get(self.request, domain_id) domain_name = domain.name except Exception: exceptions.handle(self.request, _('Unable to retrieve project domain.')) context["user"] = user if tenant: context["tenant_name"] = tenant.name context["domain_id"] = domain_id context["domain_name"] = domain_name context["url"] = self.get_redirect_url() context["actions"] = table.render_row_actions(user) return context
def get_initial(self): try: user = self.get_object() domain_id = getattr(user, "domain_id", None) domain_name = '' except Exception as e: print '********' print e print '********' # Retrieve the domain name where the project belong if api.keystone.VERSIONS.active >= 3: try: if is_m1_user_admin(self.request): ksclient = get_admin_ksclient() domain = ksclient.domains.get(domain_id) else: domain = api.keystone.domain_get(self.request, domain_id) domain_name = domain.name except Exception: exceptions.handle(self.request, _('Unable to retrieve project domain.')) return {'domain_id': domain_id, 'domain_name': domain_name, 'id': user.id, 'name': user.name, 'project': user.project_id, 'email': getattr(user, 'email', None), 'first_name': getattr(user, 'first_name', None), 'last_name': getattr(user, 'last_name', None), 'phone': getattr(user, 'phone', None)}
def get_data(self, request, user_id): if is_m1_user_admin(request): ksclient = get_admin_ksclient() user = ksclient.users.get(user_id) user_info = api.keystone.VERSIONS.upgrade_v2_user(user) else: user_info = api.keystone.user_get(request, user_id, admin=True) return user_info
def __init__(self, request, *args, **kwargs): super(BaseUserForm, self).__init__(request, *args, **kwargs) # Populate project choices project_choices = [] # If the user is already set (update action), list only projects which # the user has access to. user_id = kwargs['initial'].get('id', None) domain_id = kwargs['initial'].get('domain_id', None) if is_m1_user_admin(request): ksclient = get_admin_ksclient() page_size = utils.get_page_size(request) limit = None marker = None filters = None paginate = False if paginate: limit = page_size + 1 has_more = False # if requesting the projects for the current user, # return the list from the cache if user_id == request.user.id: projects = request.user.authorized_tenants elif api.keystone.VERSIONS.active < 3: projects = ksclient.tenants.list(limit, marker) if paginate and len(projects) > page_size: projects.pop(-1) has_more = True else: kwargs = {"domain": domain_id, "user": user_id} if filters is not None: kwargs.update(filters) projects = ksclient.projects.list(**kwargs) else: projects, has_more = api.keystone.tenant_list(request, domain=domain_id, user=user_id) for project in projects: if project.enabled: project_choices.append((project.id, project.name)) if not project_choices: project_choices.insert(0, ('', _("No available projects"))) elif len(project_choices) > 1: project_choices.insert(0, ('', _("Select a project"))) self.fields['project'].choices = project_choices
def get_object(self): try: if is_m1_user_admin(self.request): ksclient = get_admin_ksclient() user = ksclient.users.get(self.kwargs['user_id']) return api.keystone.VERSIONS.upgrade_v2_user(user) else: return api.keystone.user_get(self.request, self.kwargs['user_id'], admin=True) except Exception: redirect = reverse("horizon:identity:xusers:index") exceptions.handle(self.request, _('Unable to retrieve user information.'), redirect=redirect)
def get_tenant(self, project_id): tenant = None if project_id: try: if is_m1_user_admin(self.request): ksclient = get_admin_ksclient() #FIXME: Need to add Keystone V3 code also tenant = ksclient.tenants.get(project_id) else: tenant = api.keystone.tenant_get(self.request, project_id) except Exception as e: msg = ('Failed to get tenant %(project_id)s: %(reason)s' % {'project_id': project_id, 'reason': e}) LOG.error(msg) return tenant
def get_data(self): try: user_id = self.kwargs['user_id'] #user = api.keystone.user_get(self.request, user_id) if is_m1_user_admin(self.request): ksclient = get_admin_ksclient() user = ksclient.users.get(user_id) user = api.keystone.VERSIONS.upgrade_v2_user(user) else: user = api.keystone.user_get(self.request, user_id) except Exception: redirect = self.get_redirect_url() exceptions.handle(self.request, _('Unable to retrieve user details.'), redirect=redirect) return user
def handle(self, request, data): user_id = data.pop('id') password = data.pop('password') admin_password = None # Throw away the password confirmation, we're done with it. data.pop('confirm_password', None) # Verify admin password before changing user password if getattr(settings, 'ENFORCE_PASSWORD_CHECK', False): admin_password = data.pop('admin_password') if not api.keystone.user_verify_admin_password( request, admin_password): self.api_error(_('The admin password is incorrect.')) return False try: if is_m1_user_admin(request): ksclient = get_admin_ksclient() if api.keystone.VERSIONS.active < 3: response = ksclient.users.update_password( user_id, password) else: response = ksclient.users.update(user_id, password=password) else: response = api.keystone.user_update_password( request, user_id, password) if user_id == request.user.id: return utils.logout_with_message( request, _('Password changed. Please log in to continue.'), redirect=False) messages.success(request, _('User password has been updated successfully.')) except Exception: response = exceptions.handle(request, ignore=True) messages.error(request, _('Unable to update the user password.')) if isinstance(response, http.HttpResponse): return response else: return True
def get_form_kwargs(self): kwargs = super(CreateView, self).get_form_kwargs() try: if is_m1_user_admin(self.request): ksclient = get_admin_ksclient() roles = ksclient.roles.list() else: roles = api.keystone.role_list(self.request) except Exception: redirect = reverse("horizon:identity:xusers:index") exceptions.handle(self.request, _("Unable to retrieve user roles."), redirect=redirect) roles.sort(key=operator.attrgetter("id")) kwargs['roles'] = roles return kwargs
def update_cell(self, request, datum, user_id, cell_name, new_cell_value): try: user_obj = datum setattr(user_obj, cell_name, new_cell_value) kwargs = {} attr_to_keyword_map = { 'name': 'name', 'description': 'description', 'email': 'email', 'enabled': 'enabled', 'project_id': 'project' } for key in attr_to_keyword_map: value = getattr(user_obj, key, None) keyword_name = attr_to_keyword_map[key] if value is not None: kwargs[keyword_name] = value if is_m1_user_admin(request): ksclient = get_admin_ksclient() if api.keystone.VERSIONS.active < 3: project = kwargs.pop('project') user = ksclient.users.update(user_obj, **kwargs) ksclient.users.update_tenant(user, project) user.tenantId = project user_roles = ksclient.roles.roles_for_user(user, project) if not user_roles: messages.warning(request, _('User %s has no role defined for ' 'that project.') % kwargs.get('name', None)) else: ksclient.users.update(user_obj, **kwargs) else: api.keystone.user_update(request, user_obj, **kwargs) except horizon_exceptions.Conflict: message = _("This name is already taken.") messages.warning(request, message) raise django_exceptions.ValidationError(message) except Exception: horizon_exceptions.handle(request, ignore=True) return False return True
def handle(self, request, data): user = data.pop('id') data.pop('domain_id') data.pop('domain_name') try: if "email" in data: data['email'] = data['email'] or None if is_m1_user_admin(request): ksclient = get_admin_ksclient() ksclient.users.update(user, **data) if api.keystone.VERSIONS.active < 3: project = data.pop('project') user = ksclient.users.update(user, **data) response = ksclient.users.update_tenant(user, project) user.tenantId = project user_roles = ksclient.roles.roles_for_user(user, project) if not user_roles: messages.warning( request, _('User %s has no role defined for ' 'that project.') % data.get('name', None)) else: response = ksclient.users.update(user, **data) else: response = api.keystone.user_update(request, user, **data) messages.success(request, _('User has been updated successfully.')) except exceptions.Conflict: msg = _('User name "%s" is already used.') % data['name'] messages.error(request, msg) return False except Exception: response = exceptions.handle(request, ignore=True) messages.error(request, _('Unable to update the user.')) if isinstance(response, http.HttpResponse): return response else: return True
def get_initial(self): # Set the domain of the user #Haven't replaced the below line as keystonelcient call wasn't #seen inside get_default_domain method() within keystone.py file domain = api.keystone.get_default_domain(self.request) if is_m1_user_admin(self.request): default = None default_role = None ksclient = get_admin_ksclient() default = getattr(settings, "OPENSTACK_KEYSTONE_DEFAULT_ROLE", None) roles = ksclient.roles.list() for role in roles: if role.id == default or role.name == default: default_role = role break else: default_role = api.keystone.get_default_role(self.request) return {'domain_id': domain.id, 'domain_name': domain.name, 'role_id': getattr(default_role, "id", None)}
def delete(self, request, obj_id): if is_m1_user_admin(request): ksclient = get_admin_ksclient() ksclient.users.delete(obj_id) else: api.keystone.user_delete(request, obj_id)
def handle(self, request, data): domain = api.keystone.get_default_domain(self.request) try: LOG.info('Creating user with name "%s"' % data['name']) desc = data["description"] if "email" in data: data['email'] = data['email'] or None if is_m1_user_admin(request): ksclient = get_admin_ksclient() if api.keystone.VERSIONS.active < 3: new_user = ksclient.users.create(name=data['name'], \ password=data['password'], \ tenant_id=data['project'], \ email=data['email'], \ enabled=data['enabled']) else: new_user = ksclient.users.create(name=data['name'], \ password=data['password'], \ project=data['project'], \ email=data['email'], \ enabled=data['enabled'], \ domain=domain.id, \ description=desc) else: new_user = \ api.keystone.user_create(request, name=data['name'], email=data['email'], description=desc, password=data['password'], project=data['project'] or None, enabled=data['enabled'], domain=domain.id) messages.success( request, _('User "%s" was successfully created.') % data['name']) if data['project'] and data['role_id']: if is_m1_user_admin(request): ksclient = get_admin_ksclient() roles = [] if api.keystone.VERSIONS.active < 3: roles = ksclient.roles.roles_for_user( new_user.id, data['project']) else: roles = ksclient.roles.list(user=new_user.id, \ domain=domain.id, \ project = data['project']) else: roles = api.keystone.roles_for_user( request, new_user.id, data['project']) or [] assigned = [ role for role in roles if role.id == str(data['role_id']) ] if not assigned: try: if is_m1_user_admin(request): ksclient = get_admin_ksclient() if api.keystone.VERSIONS.active < 3: ksclient.roles.add_user_role( new_user.id, data['role_id'], data['project']) else: ksclient.roles.grant(data['role_id'], user=new_user.id, project=data['project'], domain=domain.id) else: api.keystone.add_tenant_user_role( request, data['project'], new_user.id, data['role_id']) except Exception: exceptions.handle( request, _('Unable to add user ' 'to primary project.')) return new_user except exceptions.Conflict: msg = _('User name "%s" is already used.') % data['name'] messages.error(request, msg) except Exception: exceptions.handle(request, _('Unable to create user.'))