def __check_object_class(self, lo, object_class, fallback): obj = self.get_udm_object(lo) if not obj: raise noObject('Could not read %r' % (self.dn, )) if 'ucsschoolSchool' in obj.oldattr: return object_class in obj.oldattr.get('objectClass', []) return fallback(self.school, self.dn)
def get_by_import_id_or_username(cls, connection, source_uid, record_uid, username, superordinate=None): """ Retrieve a LegacyImportUser. Will find it using either source_uid and record_uid or if unset with the username. :param connection: uldap object :param source_uid: str: source DB identifier :param record_uid: str: source record identifier :param username: str: username :param superordinate: str: superordinate :return: object of ImportUser subclass from LDAP or raises noObject """ oc_filter = cls.get_ldap_filter_for_user_role() filter_s = filter_format( "(&{ocs}" "(|" "(&(ucsschoolSourceUID=%s)(ucsschoolRecordUID=%s))" "(&(!(ucsschoolSourceUID=*))(!(ucsschoolRecordUID=*))(uid=%s))" "))".format(ocs=oc_filter), (source_uid, record_uid, username)) obj = cls.get_only_udm_obj(connection, filter_s, superordinate=superordinate) if not obj: raise noObject("No {} with source_uid={!r} and record_uid={!r} or username={!r} found.".format( cls.config.get("user_role", "user"), source_uid, record_uid, username)) return cls.from_udm_obj(obj, None, connection)
def get_by_import_id(cls, connection, source_uid, record_uid, superordinate=None): """ Retrieve an ImportUser. :param connection: uldap object :param source_uid: str: source DB identifier :param record_uid: str: source record identifier :param superordinate: str: superordinate :return: object of ImportUser subclass from LDAP or raises noObject """ oc_filter = cls.get_ldap_filter_for_user_role() filter_s = filter_format( "(&{}(ucsschoolSourceUID=%s)(ucsschoolRecordUID=%s))".format( oc_filter), (source_uid, record_uid)) obj = cls.get_only_udm_obj(connection, filter_s, superordinate=superordinate) if not obj: raise noObject( "No {} with source_uid={!r} and record_uid={!r} found.".format( cls.config.get("user_role", "user"), source_uid, record_uid)) return cls.from_udm_obj(obj, None, connection)
def _read_user(self, userstr, ldap_user_read=None): match = self.USER_REGEX.match(userstr) if not match or not userstr: raise AttributeError('invalid key "%s"' % userstr) username = match.groupdict()['username'] if not username: raise AttributeError('username missing: %s' % userstr) lo = ldap_user_read try: userobj = User.get_only_udm_obj( lo, filter_format('uid=%s', (username, ))) if userobj is None: raise noObject(username) user = User.from_udm_obj(userobj, None, lo) except (noObject, MultipleObjectsError): MODULE.info('Unknown user "%s"' % username) dict.__setitem__(self, userstr, UserInfo('', '')) return blacklisted_groups = set([ x.strip().lower() for x in ucr.get( 'ucsschool/umc/computerroom/hide_screenshots/groups', 'Domain Admins').split(',') ]) users_groupmemberships = set( [explode_dn(x, True)[0].lower() for x in userobj['groups']]) MODULE.info('UserMap: %s: hide screenshots for following groups: %s' % ( username, blacklisted_groups, )) MODULE.info('UserMap: %s: user is member of following groups: %s' % ( username, users_groupmemberships, )) hide_screenshot = bool(blacklisted_groups & users_groupmemberships) if ucr.is_true('ucsschool/umc/computerroom/hide_screenshots/teachers', True) and user.is_teacher(lo): MODULE.info('UserMap: %s: is teacher hiding screenshot' % (username, )) hide_screenshot = True MODULE.info('UserMap: %s: hide_screenshot=%r' % (username, hide_screenshot)) dict.__setitem__( self, userstr, UserInfo(user.dn, username, isTeacher=user.is_teacher(lo), hide_screenshot=hide_screenshot))
def get_user_object(userdn, password): lo, po = get_user_connection(userdn, password) if not lo: return try: # try to open the user object user = udm_objects.get(users_module, None, lo, po, userdn) if not user: raise udm_errors.noObject() user.open() return user except (udm_errors.base, LDAPError) as exc: CORE.warn('Failed to open UDM user object %s: %s' % (userdn, exc))
def add_teacher_to_classes(self, request, ldap_machine_write=None, ldap_user_read=None, ldap_position=None): teacher = request.options['$dn$'] classes = set(request.options['classes']) try: teacher = Teacher.from_dn(teacher, None, ldap_machine_write) if not teacher.is_teacher(ldap_machine_write): raise udm_exceptions.noObject() except udm_exceptions.noObject: raise UMC_Error('The user is not a teacher.') original_classes = set([ x.dn for x in SchoolClass.get_all( ldap_machine_write, request.options['school'], filter_format('uniqueMember=%s', (teacher.dn, ))) ]) classes_to_remove = original_classes - classes classes_to_add = classes - original_classes failed = [] for classdn in (classes_to_add | classes_to_remove): try: class_ = SchoolClass.from_dn(classdn, teacher.school, ldap_machine_write) except udm_exceptions.noObject: failed.append(classdn) continue if classdn in classes_to_add and teacher.dn not in class_.users: class_.users.append(teacher.dn) elif classdn in classes_to_remove and teacher.dn in class_.users: class_.users.remove(teacher.dn) try: if not class_.modify(ldap_machine_write): failed.append(classdn) except udm_exceptions.base as exc: MODULE.error('Could not add teacher %s to class %s: %s' % (teacher.dn, classdn, exc)) failed.append(classdn) self.finished(request.id, not any(failed))
def _get_user_obj(self): try: # make sure that the UDM users/user module could be initiated if not users_module: raise udm_errors.base('UDM module users/user could not be initiated') # open an LDAP connection with the user password and credentials lo = udm_uldap.access(host = ucr.get('ldap/server/name'), base = ucr.get('ldap/base'), port = int(ucr.get('ldap/server/port', '7389')), binddn = self.__user_dn, bindpw = self.__password, follow_referral=True) # try to open the user object userObj = udm_objects.get(users_module, None, lo, self.po, self.__user_dn) if not userObj: raise udm_errors.noObject() userObj.open() return userObj except udm_errors.noObject as e: CORE.warn('Failed to open UDM user object for user %s' % (self.__username)) except (udm_errors.base, ldap.LDAPError) as e: CORE.warn('Failed to open UDM user object %s: %s' % (self.__user_dn, e)) return None
def _set(self, room, ldap_user_read=None): lo = ldap_user_read room_dn = room try: # room DN ldap.dn.str2dn(room) except ldap.DECODING_ERROR: # room name room_dn = None # got a name instead of a DN try: if room_dn: computerroom = ComputerRoom.from_dn(room, ITALC_Manager.SCHOOL, lo) else: computerroom = ComputerRoom.get_only_udm_obj( lo, filter_format('cn=%s-%s', (ITALC_Manager.SCHOOL, room))) if computerroom is None: raise noObject(computerroom) computerroom = ComputerRoom.from_udm_obj( computerroom, ITALC_Manager.SCHOOL, lo) except noObject: raise ITALC_Error('Unknown computer room') except MultipleObjectsError as exc: raise ITALC_Error( 'Did not find exactly 1 group for the room (count: %d)' % len(exc.objs)) ITALC_Manager.ROOM = computerroom.get_relative_name() ITALC_Manager.ROOM_DN = computerroom.dn computers = list(computerroom.get_computers(lo)) if not computers: raise ITALC_Error('There are no computers in the selected room.') for computer in computers: try: comp = ITALC_Computer(computer.get_udm_object(lo)) self.__setitem__(comp.name, comp) except ITALC_Error as exc: MODULE.warn('Computer could not be added: %s' % (exc, ))