def render(self):
# synchronise user groups/roles
User.sync_ldap_info(self.session)
ldap = LdapCache()
users_entity = {}
for chapter, members in ldap.list_chapters().iteritems():
for member in members:
users_entity.setdefault(member, []).append(chapter)
# keep only managed users for managers
# use all users for admin
overviews = {}
if self.user.is_admin or self.user.has_feature(
'chapter_overview_full'): # noqa
for _, target_chapter in self.chapter_leaders.items():
chapter_stats = self.get_chapter_stats(target_chapter,
users_entity) # noqa
overviews.update({target_chapter: chapter_stats})
elif self.user.is_manager:
# retrieve logged chapter leader
target_chapter = self.chapter_leaders[self.user.login]
chapter_stats = self.get_chapter_stats(target_chapter,
users_entity) # noqa
overviews = {target_chapter: chapter_stats}
else:
return HTTPFound(location=route_url('home', self.request))
return {'users_entity': users_entity, 'overviews': overviews}
def render(self):
settings = self.request.registry.settings
use_ldap = False
if 'pyvac.use_ldap' in settings:
use_ldap = asbool(settings.get('pyvac.use_ldap'))
user_attr = {}
users_teams = {}
active_users = []
if use_ldap:
# synchronise user groups/roles
User.sync_ldap_info(self.session)
ldap = LdapCache()
user_attr = ldap.get_users_units()
users_teams = {}
for team, members in ldap.list_teams().iteritems():
for member in members:
users_teams.setdefault(member, []).append(team)
active_users = ldap.list_active_users()
return {
u'user_count': User.find(self.session, count=True),
u'users': User.find(self.session, order_by=[User.dn]),
'use_ldap': use_ldap,
'ldap_info': user_attr,
'users_teams': users_teams,
'active_users': active_users,
}
def delete(self, account):
# cancel all associated requests for this user
requests = account.requests
for req in requests:
req.update_status('CANCELED')
# delete all request history entries for this user
# otherwise it will raise a integrity error
for entry in req.history:
self.session.delete(entry)
self.session.flush()
# cancel all request history entries in case there are entries in
# this table but without an existing request
histo_reqs = RequestHistory.by_user(self.session, account.id)
for entry in histo_reqs:
self.session.delete(entry)
self.session.flush()
# cancel associated password recovery attempts for this user
for item in account.recovery:
self.session.delete(item)
super(Delete, self).delete(account)
if account.ldap_user:
# delete in ldap
ldap = LdapCache()
try:
ldap.delete_user(account.dn)
except IndexError:
log.info('User %s seems already deleted in ldap' % account.dn)
def render(self):
from datetime import datetime
today = datetime.now()
end_date = datetime(today.year, 10, 31)
previsions = Request.get_previsions(self.session, end_date)
users_per_id = dict([(user.id, user)
for user in User.find(self.session)])
settings = self.request.registry.settings
use_ldap = False
if 'pyvac.use_ldap' in settings:
use_ldap = asbool(settings.get('pyvac.use_ldap'))
user_attr = {}
users_teams = {}
if use_ldap:
# synchronise user groups/roles
User.sync_ldap_info(self.session)
ldap = LdapCache()
user_attr = ldap.get_users_units()
users_teams = {}
for team, members in list(ldap.list_teams().items()):
for member in members:
users_teams.setdefault(member, []).append(team)
return {'users_per_id': users_per_id,
'use_ldap': use_ldap,
'ldap_info': user_attr,
'users_teams': users_teams,
'previsions': previsions,
'today': today,
'end_date': end_date,
}
def render(self):
# synchronise user groups/roles
User.sync_ldap_info(self.session)
ldap = LdapCache()
users_entity = {}
for team, members in list(ldap.list_teams().items()):
for member in members:
users_entity.setdefault(member, []).append(team)
# keep only managed users for managers
# use all users for admin
overviews = {}
if self.user.is_admin or self.user.has_feature('squad_overview_full'):
for _, target_squad in list(self.squad_leaders.items()):
squad_stats = self.get_squad_stats(target_squad, users_entity)
overviews.update({target_squad: squad_stats})
elif self.user.is_manager:
# retrieve logged squad leader
target_squad = self.squad_leaders[self.user.login]
squad_stats = self.get_squad_stats(target_squad, users_entity)
overviews = {target_squad: squad_stats}
else:
return HTTPFound(location=route_url('home', self.request))
return {'users_entity': users_entity, 'overviews': overviews}
def get_data(self, session, country):
now = datetime.now()
th_trial, th_good = self.trial_thresholds[country]
ldap = LdapCache()
arrivals = ldap.list_arrivals_country(country)
matched = []
for user_dn, dt in list(arrivals.items()):
if not dt:
continue
dt_trial_threshold = dt + relativedelta(months=th_trial)
dt_good = dt + relativedelta(months=th_good)
if (now > dt_trial_threshold) and not (now > dt_good):
matched.append((user_dn, dt))
datas = []
for user_dn, dt in matched:
user = User.by_dn(session, user_dn)
if not user:
self.log.info('user not found: %s' % user_dn)
continue
if user.country not in self.countries:
continue
data = {'user_id': user.id}
param = json.dumps(OrderedDict(data))
rem = CoreReminder.by_type_param(session, 'trial_threshold', param)
if not rem:
data['duration'] = th_trial
data['subject'] = self.subject
datas.append(data)
return datas
def update_view(self, model, view):
settings = self.request.registry.settings
ldap = False
if 'pyvac.use_ldap' in settings:
ldap = asbool(settings.get('pyvac.use_ldap'))
if view['errors']:
self.request.session.flash('error;%s' % ','.join(view['errors']))
view['groups'] = Group.all(self.session, order_by=Group.name)
view['managers'] = User.by_role(self.session, 'manager')
view['countries'] = Countries.all(self.session,
order_by=Countries.name)
if ldap:
ldap = LdapCache()
login = self.get_model().login
view['ldap_user'] = {}
if login:
try:
view['ldap_user'] = ldap.search_user_by_login(login)
except UnknownLdapUser:
msg = 'Unknown ldap user %s' % login
self.request.session.flash('error;%s' % msg)
view['managers'] = ldap.list_manager()
view['units'] = ldap.list_ou()
view['teams'] = ldap.list_teams()
uteams = {}
for team, members in view['teams'].iteritems():
for member in members:
uteams.setdefault(member, []).append(team)
view['user_teams'] = uteams.get(view['ldap_user'].get('dn'), [])
# generate a random password for the user, he must change it later
password = randomstring()
log.debug('temporary password generated: %s' % password)
view['password'] = password
view['view_name'] = self.__class__.__name__.lower()
view['myself'] = (self.user.id == self.get_model().id)
jpeg = view['ldap_user'].get('jpegPhoto')
if jpeg:
view['ldap_user']['photo'] = base64.b64encode(jpeg)
partial_time_tooltip = """\
This value will be used to compute how much RTT you will acquire.
Example: If you use 2/5, you will acquire 0.4 RTT instead of 1 RTT.
This has no effect on CP acquisition.
"""
view['partial_time_tooltip'] = partial_time_tooltip
def main(argv=sys.argv):
if len(argv) != 2:
usage(argv)
config_uri = argv[1]
setup_logging(config_uri)
settings = get_appsettings(config_uri)
LdapCache.configure(settings['pyvac.ldap.yaml'])
ldap = LdapCache()
engine = create_engine('pyvac', settings, scoped=False)
populate(engine, ldap)
dispose_engine('pyvac')
def save_model(self, account):
super(Create, self).save_model(account)
self.set_country(account)
self.append_groups(account)
self.assign_pools(account)
if 'disable_rtt' in self.request.params:
account.add_feature('disable_rtt', save=True)
else:
account.del_feature('disable_rtt', save=True)
settings = self.request.registry.settings
ldap = False
if 'pyvac.use_ldap' in settings:
ldap = asbool(settings.get('pyvac.use_ldap'))
if ldap:
# create in ldap
r = self.request
ldap = LdapCache()
if 'ldappassword' not in r.params:
raise MandatoryLdapPassword()
uid = None
if 'user.uid' in r.params and r.params['user.uid']:
uid = r.params['user.uid']
try:
new_dn = ldap.add_user(account,
password=r.params['ldappassword'],
unit=r.params.get('unit'),
uid=uid)
msg = ('User %s created in pyvac and ldap' % account.login)
self.request.session.flash('info;%s' % msg)
except ALREADY_EXISTS:
# already exists in ldap, only retrieve the dn
new_dn = 'cn=%s,c=%s,%s' % (account.login, account.country,
ldap._base)
msg = (
'User %s already exists in ldap, created only in pyvac' %
account.login)
log.info(msg)
self.request.session.flash('info;%s' % msg)
# update dn
account.dn = new_dn
if self.user and not self.user.is_admin:
self.redirect_route = 'list_request'
def render(self):
passhash = self.request.matchdict['passhash']
entry = PasswordRecovery.by_hash(self.session, passhash)
if not entry:
return HTTPFound(location=route_url('login', self.request))
if entry.expired:
msg = 'This password recovery request have expired.'
self.request.session.flash('error;%s' % msg)
self.session.delete(entry)
else:
errors = []
if 'form.submitted' in self.request.params:
r = self.request
settings = self.request.registry.settings
ldap = False
if 'pyvac.use_ldap' in settings:
ldap = asbool(settings.get('pyvac.use_ldap'))
if not len(r.params['user.password']):
errors.append(_(u'password cannot be empty'))
if r.params['user.password'] != r.params['confirm_password']:
errors.append(_(u'passwords do not match'))
if errors:
self.request.session.flash('error;%s' % ','.join(errors))
if not errors:
# change user password
if ldap:
# update in ldap
password = [hashPassword(r.params['user.password'])]
ldap = LdapCache()
ldap.update_user(entry.user, password=password)
else:
# update locally
entry.user.password = r.params['user.password']
msg = 'Password successfully changed'
self.request.session.flash('info;%s' % msg)
self.session.delete(entry)
return HTTPFound(location=route_url('login', self.request))
return {'user': entry.user}
def render(self):
req_list = {'requests': [], 'conflicts': {}}
requests = []
if self.user.is_admin:
country = self.user.country
requests = Request.all_for_admin_per_country(self.session, country)
# check if admin user is also a manager, in this case merge all
# requests
requests_manager = Request.by_manager(self.session, self.user)
# avoid duplicate entries
req_to_add = [
req for req in requests_manager if req not in requests
]
requests.extend(req_to_add)
elif self.user.is_super:
requests = Request.by_manager(self.session, self.user)
req_list['requests'] = requests
# always add our requests
for req in Request.by_user(self.session, self.user):
if req not in req_list['requests']:
req_list['requests'].append(req)
# split requests by past/next
today = datetime.now()
if self.user.is_admin:
# for admin, display request from 1st of month
today = today.replace(day=1)
past_req = [
req for req in req_list['requests'] if req.date_to < today
and req.status not in ['PENDING', 'ACCEPTED_MANAGER']
]
next_req = [req for req in req_list['requests'] if req not in past_req]
req_list['past'] = past_req
req_list['next'] = next_req
# only retrieve conflicts for super users
# only retrieve conflicts for next requests, not past ones
if req_list['next'] and self.user.is_super:
conflicts = {}
settings = self.request.registry.settings
use_ldap = False
if 'pyvac.use_ldap' in settings:
use_ldap = asbool(settings.get('pyvac.use_ldap'))
if use_ldap:
ldap = LdapCache()
users_teams = {}
for team, members in ldap.list_teams().iteritems():
for member in members:
users_teams.setdefault(member, []).append(team)
conflicts = self.get_conflict_by_teams(req_list['next'],
users_teams)
else:
conflicts = self.get_conflict(req_list['next'])
req_list['conflicts'] = conflicts
return req_list
def render(self):
duration = 1
def fmt_req_type(req):
label = ' %s' % req.label if req.label else ''
if duration and req.days > 1:
label = '%s (until %s)' % (label,
req.date_to.strftime('%d/%m/%Y'))
return '%s%s' % (req.type, label)
order_by = (User.country_id.asc(), User.id)
users = User.find(self.session, order_by=order_by)
users = [user for user in users if user.login not in self.ignore_users]
requests = Request.get_active(self.session)
data_off = dict([(req.user.login, fmt_req_type(req))
for req in requests])
data = {
'users': [],
}
users_teams = {}
settings = self.request.registry.settings
use_ldap = False
if 'pyvac.use_ldap' in settings:
use_ldap = asbool(settings.get('pyvac.use_ldap'))
if use_ldap:
ldap_users = {}
# synchronise user groups/roles
# User.sync_ldap_info(self.session)
ldap = LdapCache()
ldap_users = ldap.list_users()
# discard users which should be deleted
users = [user for user in users if user.dn in ldap_users]
teams = ldap.list_teams()
data['teams'] = teams.keys()
for team, members in teams.iteritems():
for member in members:
users_teams.setdefault(member, []).append(team)
for user in users:
uteams = users_teams.get(user.dn, [])
item = {
'name': user.name,
'email': user.email,
'bu': user.country,
'nickname': user.nickname or '-',
'teams': ', '.join(uteams) if uteams else '-',
}
item['vacation'] = data_off.get(user.login)
item['status'] = 'off' if item['vacation'] else 'on'
if use_ldap:
ldap_user = ldap_users[user.dn]
jpeg = ldap_user.get('jpegPhoto')
photo = None
if jpeg:
photo = base64.b64encode(jpeg)
item['photo'] = photo
item['mobile'] = ldap_user.get('mobile', '-')
data['users'].append(item)
return {'data': data}
def save_model(self, account):
super(Edit, self).update_model(account)
self.set_country(account)
self.append_groups(account)
if 'disable_rtt' in self.request.params:
account.add_feature('disable_rtt', save=True)
else:
account.del_feature('disable_rtt', save=True)
settings = self.request.registry.settings
ldap = False
if 'pyvac.use_ldap' in settings:
ldap = asbool(settings.get('pyvac.use_ldap'))
if ldap:
# update in ldap
r = self.request
password = None
if 'user.password' in r.params and r.params['user.password']:
password = [hashPassword(r.params['user.password'])]
unit = None
if 'unit' in r.params and r.params['unit']:
unit = r.params['unit']
arrival_date = None
if 'arrival_date' in r.params and r.params['arrival_date']:
# cast to datetime
arrival_date = datetime.strptime(r.params['arrival_date'],
'%d/%m/%Y')
uid = None
if 'user.uid' in r.params and r.params['user.uid']:
uid = r.params['user.uid']
if (r.params.get('remove_photo', 'no') == 'yes'):
photo = ''
else:
try:
r.params['photofile'].file.seek(0)
photo = r.params['photofile'].file.read()
except:
photo = None
if photo:
log.info('uploading photo size: %d' % len(photo))
mobile = None
if 'mobile' in r.params:
mobile = r.params['mobile']
ldap = LdapCache()
ldap.update_user(account,
password=password,
unit=unit,
arrival_date=arrival_date,
uid=uid,
photo=photo,
mobile=mobile)
# only for admins
if self.user.is_admin:
# update teams
uteams = {}
for team, members in ldap.list_teams().iteritems():
for member in members:
uteams.setdefault(member, []).append(team)
user_teams = uteams.get(account.dn, [])
# add to new teams
for team in r.params.getall('teams'):
members = ldap.get_team_members(team)
if account.dn not in members:
members.append(account.dn.encode('utf-8'))
ldap.update_team(team, members)
# remove from old teams
for team in user_teams:
if team not in r.params.getall('teams'):
members = ldap.get_team_members(team)
if account.dn in members:
members.remove(account.dn)
ldap.update_team(team, members)
# update role for user in LDAP
old_role = account.role
if 'ldap_role' in r.params:
new_role = r.params['ldap_role']
if old_role != new_role:
log.info('LDAP role changed: %s -> %s' %
(old_role, new_role))
if new_role == 'manager':
ldap.add_manager(account.dn)
elif old_role == 'manager':
ldap.remove_manager(account.dn)
if new_role == 'admin':
ldap.add_admin(account.dn)
elif old_role == 'admin':
ldap.remove_admin(account.dn)
if self.user and not self.user.is_admin:
self.redirect_route = 'list_request'
def save_model(self, account):
super(Edit, self).update_model(account)
self.set_country(account)
self.append_groups(account)
if 'disable_rtt' in self.request.params:
account.add_feature('disable_rtt', save=True)
else:
account.del_feature('disable_rtt', save=True)
settings = self.request.registry.settings
ldap = False
if 'pyvac.use_ldap' in settings:
ldap = asbool(settings.get('pyvac.use_ldap'))
if ldap:
# update in ldap
r = self.request
password = None
if 'user.password' in r.params and r.params['user.password']:
password = [hashPassword(r.params['user.password'])]
unit = None
if 'unit' in r.params and r.params['unit']:
unit = r.params['unit']
arrival_date = None
if 'arrival_date' in r.params and r.params['arrival_date']:
# cast to datetime
arrival_date = datetime.strptime(r.params['arrival_date'],
'%d/%m/%Y')
uid = None
if 'user.uid' in r.params and r.params['user.uid']:
uid = r.params['user.uid']
if (r.params.get('remove_photo', 'no') == 'yes'):
photo = ''
else:
try:
photo = r.POST['photofile'].file.read()
except:
photo = None
ldap = LdapCache()
ldap.update_user(account,
password=password,
unit=unit,
arrival_date=arrival_date,
uid=uid,
photo=photo)
# update teams
uteams = {}
for team, members in ldap.list_teams().iteritems():
for member in members:
uteams.setdefault(member, []).append(team)
user_teams = uteams.get(account.dn, [])
# add to new teams
for team in r.params.getall('teams'):
members = ldap.get_team_members(team)
if account.dn not in members:
members.append(account.dn.encode('utf-8'))
ldap.update_team(team, members)
# remove from old teams
for team in user_teams:
if team not in r.params.getall('teams'):
members = ldap.get_team_members(team)
if account.dn in members:
members.remove(account.dn)
ldap.update_team(team, members)
if self.user and not self.user.is_admin:
self.redirect_route = 'list_request'
