nik/FreedomBox
1
0
Fork 0
mirror of https://github.com/freedombox/FreedomBox.git synced 2026-03-11 09:04:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add group management to user editing form.

Browse Source
This commit is contained in:
James Valleroy 2015-07-11 22:06:36 -04:00 committed by Sunil Mohan Adapa
parent 197c95a7bf
commit 0eb3d35b5b
8 changed files with 104 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
actions/delete-ldap-user
View File

@ -1,4 +1,4 @@
#!/bin/sh
#!/bin/bash
#
# This file is part of Plinth.
#
@ -29,18 +29,19 @@ else
exit 1
fi
cat <<EOF |ldapmodify -Y EXTERNAL -H ldapi:///
dn: cn=admin,ou=groups,dc=thisbox
# update groups
results=$(ldapsearch 2>/dev/null -Y EXTERNAL -H ldapi:/// -b 'ou=groups,dc=thisbox' -LLL "(uniqueMember=uid=$username,ou=users,dc=thisbox)" dn | grep -v '^$')
while read -r line; do
cat <<EOF |ldapmodify -Y EXTERNAL -H ldapi:///
$line
changetype: modify
delete: uniqueMember
uniqueMember: uid=$username,ou=users,dc=thisbox
EOF
if [ $? -eq 0 ]; then
echo "Removed user from admin group"
elif [ $? -eq 16 ]; then
echo "User was not in admin group"
elif [ $? -eq 65 ]; then
echo "Cannot remove last LDAP admin user"
exit 2
fi
if [ $? -eq 65 ]; then
# Cannot have empty group, so just delete the group.
ldapdelete -Y EXTERNAL -H ldapi:/// "$line"
fi
done <<< "$results"

23
actions/get-ldap-user-groups Executable file
View File

@ -0,0 +1,23 @@
#!/bin/bash
#
# This file is part of Plinth.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
# Must be run as root.
username="$1"
ldapsearch 2>/dev/null -Y EXTERNAL -H ldapi:/// -b 'ou=groups,dc=thisbox' -LLL "(uniqueMember=uid=$username,ou=users,dc=thisbox)" cn | awk '/cn:/ { print $2 }'

18
actions/rename-ldap-user
View File

@ -35,23 +35,21 @@ else
exit 1
fi
# check if user is admin
results=$(ldapsearch -Y EXTERNAL -H ldapi:/// -b 'cn=admin,ou=groups,dc=thisbox' -LLL "(uniqueMember=uid=$old_username,ou=users,dc=thisbox)" uniqueMember)
# update groups
results=$(ldapsearch 2>/dev/null -Y EXTERNAL -H ldapi:/// -b 'ou=groups,dc=thisbox' -LLL "(uniqueMember=uid=$old_username,ou=users,dc=thisbox)" dn | grep -v '^$')
if [ -z "$results" ]; then
exit 0
fi
cat <<EOF |ldapmodify -Y EXTERNAL -H ldapi:///
dn: cn=admin,ou=groups,dc=thisbox
while read -r line; do
cat <<EOF |ldapmodify -Y EXTERNAL -H ldapi:///
$line
changetype: modify
add: uniqueMember
uniqueMember: uid=$new_username,ou=users,dc=thisbox
EOF
cat <<EOF |ldapmodify -Y EXTERNAL -H ldapi:///
dn: cn=admin,ou=groups,dc=thisbox
cat <<EOF |ldapmodify -Y EXTERNAL -H ldapi:///
$line
changetype: modify
delete: uniqueMember
uniqueMember: uid=$old_username,ou=users,dc=thisbox
EOF
done <<< "$results"

3
plinth/modules/first_boot/forms.py
View File

@ -80,6 +80,9 @@ than 63 characters in length.'),
messages.error(self.request,
_('Failed to add new user to admin group.'))
g = Group.objects.create(name='admin')
g.user_set.add(user)
self.login_user()
return user

75
plinth/modules/users/forms.py
View File

@ -17,25 +17,37 @@
from django import forms
from django.contrib import messages
from django.contrib.auth.models import User
from django.contrib.auth.models import User, Group
from django.contrib.auth.forms import UserCreationForm, SetPasswordForm
from django.core.exceptions import ObjectDoesNotExist
from gettext import gettext as _
from plinth import actions
from plinth.errors import ActionError
GROUP_CHOICES = (
('admin', 'admin'),
('wiki', 'wiki'),
)
class CreateUserForm(UserCreationForm):
"""Custom user create form.
Include option to also create LDAP user.
Include options to add user to groups.
"""
add_ldap_user = forms.BooleanField(
label=_('Also create an LDAP user'),
groups = forms.MultipleChoiceField(
choices=GROUP_CHOICES,
label=_('Groups'),
required=False,
help_text=_('This will allow the new user to log in to various '
'services that support single sign-on through LDAP.'))
help_text=_('Select which services should be available to the new '
'user. The user will be able to log in to services that '
'support single sign-on through LDAP, if they are in the '
'appropriate group.<br /><br />'
'Users in the admin group will be able to log in to all '
'services. They can also log in to the system through SSH '
'and have administrative privileges (sudo).'))
def __init__(self, request, *args, **kwargs):
"""Initialize the form with extra request argument."""
@ -47,22 +59,30 @@ class CreateUserForm(UserCreationForm):
user = super(CreateUserForm, self).save(commit)
if commit:
if self.cleaned_data['add_ldap_user']:
try:
actions.superuser_run(
'create-ldap-user',
[user.get_username(), self.cleaned_data['password1']])
except ActionError:
messages.error(self.request,
_('Creating LDAP user failed.'))
try:
actions.superuser_run(
'create-ldap-user',
[user.get_username(), self.cleaned_data['password1']])
except ActionError:
messages.error(self.request,
_('Creating LDAP user failed.'))
for group in self.cleaned_data['groups']:
try:
actions.superuser_run(
'add-ldap-user-to-group',
[user.get_username(), 'admin'])
[user.get_username(), group])
except ActionError:
messages.error(self.request,
_('Failed to add new user to admin group.'))
messages.error(
self.request,
_('Failed to add new user to %s group.') % group)
try:
g = Group.objects.get(name=group)
except ObjectDoesNotExist:
g = Group.objects.create(name=group)
g.user_set.add(user)
return user
@ -96,6 +116,27 @@ class UserUpdateForm(forms.ModelForm):
messages.error(self.request,
_('Renaming LDAP user failed.'))
output = actions.superuser_run('get-ldap-user-groups',
[user.get_username()])
old_groups = output.strip().split('\n')
new_groups = user.groups.values_list('name', flat=True)
for old_group in old_groups:
if old_group not in new_groups:
try:
actions.superuser_run('remove-ldap-user-from-group',
[user.get_username(), old_group])
except ActionError:
messages.error(self.request,
_('Failed to add user to group.'))
for new_group in new_groups:
if new_group not in old_groups:
try:
actions.superuser_run('add-ldap-user-to-group',
[user.get_username(), new_group])
except ActionError:
messages.error(self.request,
_('Failed to remove user from group.'))
return user

6
plinth/modules/users/templates/users_change_password.html
View File

@ -31,12 +31,6 @@
{{ form|bootstrap }}
{% if is_ldap_user %}
<p>This user is also an LDAP user and password for LDAP user will also
be updated.
</p>
{% endif %}
<input type="submit" class="btn btn-primary" value="Save Password"/>
</form>

4
plinth/modules/users/templates/users_delete.html
View File

@ -24,10 +24,6 @@
<h3>Delete User <em>{{ object.username }}</em></h3>
{% if is_ldap_user %}
<p>This user is also an LDAP user. LDAP user will also be deleted.</p>
{% endif %}
<p>Delete user permanently?</p>
<form class="form" method="post">

4
plinth/modules/users/templates/users_update.html
View File

@ -46,10 +46,6 @@
{{ form|bootstrap }}
{% if is_ldap_user %}
<p>This user is also an LDAP user.</p>
{% endif %}
<input type="submit" class="btn btn-primary" value="Save Changes"/>
</form>