nik/FreedomBox
1
0
Fork 0
mirror of https://github.com/freedombox/FreedomBox.git synced 2026-04-29 10:10:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add group management to user editing form.

Browse Source
This commit is contained in:
James Valleroy 2015-07-11 22:06:36 -04:00 committed by Sunil Mohan Adapa
parent 197c95a7bf
commit 0eb3d35b5b
8 changed files with 104 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
actions/delete-ldap-user
View File

@ -1,4 +1,4 @@
#!/bin/sh #!/bin/bash
# #
# This file is part of Plinth. # This file is part of Plinth.
# #
@ -29,18 +29,19 @@ else
exit 1 exit 1
fi fi
cat <<EOF |ldapmodify -Y EXTERNAL -H ldapi:/// # update groups
dn: cn=admin,ou=groups,dc=thisbox results=$(ldapsearch 2>/dev/null -Y EXTERNAL -H ldapi:/// -b 'ou=groups,dc=thisbox' -LLL "(uniqueMember=uid=$username,ou=users,dc=thisbox)" dn | grep -v '^$')
while read -r line; do
cat <<EOF |ldapmodify -Y EXTERNAL -H ldapi:///
$line
changetype: modify changetype: modify
delete: uniqueMember delete: uniqueMember
uniqueMember: uid=$username,ou=users,dc=thisbox uniqueMember: uid=$username,ou=users,dc=thisbox
EOF EOF
if [ $? -eq 0 ]; then if [ $? -eq 65 ]; then
echo "Removed user from admin group" # Cannot have empty group, so just delete the group.
elif [ $? -eq 16 ]; then ldapdelete -Y EXTERNAL -H ldapi:/// "$line"
echo "User was not in admin group" fi
elif [ $? -eq 65 ]; then done <<< "$results"
echo "Cannot remove last LDAP admin user"
exit 2
fi

23
actions/get-ldap-user-groups Executable file
View File

@ -0,0 +1,23 @@
#!/bin/bash
#
# This file is part of Plinth.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
# Must be run as root.
username="$1"
ldapsearch 2>/dev/null -Y EXTERNAL -H ldapi:/// -b 'ou=groups,dc=thisbox' -LLL "(uniqueMember=uid=$username,ou=users,dc=thisbox)" cn | awk '/cn:/ { print $2 }'

18
actions/rename-ldap-user
View File

@ -35,23 +35,21 @@ else
exit 1 exit 1
fi fi
# check if user is admin # update groups
results=$(ldapsearch -Y EXTERNAL -H ldapi:/// -b 'cn=admin,ou=groups,dc=thisbox' -LLL "(uniqueMember=uid=$old_username,ou=users,dc=thisbox)" uniqueMember) results=$(ldapsearch 2>/dev/null -Y EXTERNAL -H ldapi:/// -b 'ou=groups,dc=thisbox' -LLL "(uniqueMember=uid=$old_username,ou=users,dc=thisbox)" dn | grep -v '^$')
if [ -z "$results" ]; then while read -r line; do
exit 0 cat <<EOF |ldapmodify -Y EXTERNAL -H ldapi:///
fi $line
cat <<EOF |ldapmodify -Y EXTERNAL -H ldapi:///
dn: cn=admin,ou=groups,dc=thisbox
changetype: modify changetype: modify
add: uniqueMember add: uniqueMember
uniqueMember: uid=$new_username,ou=users,dc=thisbox uniqueMember: uid=$new_username,ou=users,dc=thisbox
EOF EOF
cat <<EOF |ldapmodify -Y EXTERNAL -H ldapi:/// cat <<EOF |ldapmodify -Y EXTERNAL -H ldapi:///
dn: cn=admin,ou=groups,dc=thisbox $line
changetype: modify changetype: modify
delete: uniqueMember delete: uniqueMember
uniqueMember: uid=$old_username,ou=users,dc=thisbox uniqueMember: uid=$old_username,ou=users,dc=thisbox
EOF EOF
done <<< "$results"

3
plinth/modules/first_boot/forms.py
View File

@ -80,6 +80,9 @@ than 63 characters in length.'),
messages.error(self.request, messages.error(self.request,
_('Failed to add new user to admin group.')) _('Failed to add new user to admin group.'))
g = Group.objects.create(name='admin')
g.user_set.add(user)
self.login_user() self.login_user()
return user return user

75
plinth/modules/users/forms.py
View File

@ -17,25 +17,37 @@
from django import forms from django import forms
from django.contrib import messages from django.contrib import messages
from django.contrib.auth.models import User from django.contrib.auth.models import User, Group
from django.contrib.auth.forms import UserCreationForm, SetPasswordForm from django.contrib.auth.forms import UserCreationForm, SetPasswordForm
from django.core.exceptions import ObjectDoesNotExist
from gettext import gettext as _ from gettext import gettext as _
from plinth import actions from plinth import actions
from plinth.errors import ActionError from plinth.errors import ActionError
GROUP_CHOICES = (
('admin', 'admin'),
('wiki', 'wiki'),
)
class CreateUserForm(UserCreationForm): class CreateUserForm(UserCreationForm):
"""Custom user create form. """Custom user create form.
Include option to also create LDAP user. Include options to add user to groups.
""" """
add_ldap_user = forms.BooleanField( groups = forms.MultipleChoiceField(
label=_('Also create an LDAP user'), choices=GROUP_CHOICES,
label=_('Groups'),
required=False, required=False,
help_text=_('This will allow the new user to log in to various ' help_text=_('Select which services should be available to the new '
'services that support single sign-on through LDAP.')) 'user. The user will be able to log in to services that '
'support single sign-on through LDAP, if they are in the '
'appropriate group.<br /><br />'
'Users in the admin group will be able to log in to all '
'services. They can also log in to the system through SSH '
'and have administrative privileges (sudo).'))
def __init__(self, request, *args, **kwargs): def __init__(self, request, *args, **kwargs):
"""Initialize the form with extra request argument.""" """Initialize the form with extra request argument."""
@ -47,22 +59,30 @@ class CreateUserForm(UserCreationForm):
user = super(CreateUserForm, self).save(commit) user = super(CreateUserForm, self).save(commit)
if commit: if commit:
if self.cleaned_data['add_ldap_user']: try:
try: actions.superuser_run(
actions.superuser_run( 'create-ldap-user',
'create-ldap-user', [user.get_username(), self.cleaned_data['password1']])
[user.get_username(), self.cleaned_data['password1']]) except ActionError:
except ActionError: messages.error(self.request,
messages.error(self.request, _('Creating LDAP user failed.'))
_('Creating LDAP user failed.'))
for group in self.cleaned_data['groups']:
try: try:
actions.superuser_run( actions.superuser_run(
'add-ldap-user-to-group', 'add-ldap-user-to-group',
[user.get_username(), 'admin']) [user.get_username(), group])
except ActionError: except ActionError:
messages.error(self.request, messages.error(
_('Failed to add new user to admin group.')) self.request,
_('Failed to add new user to %s group.') % group)
try:
g = Group.objects.get(name=group)
except ObjectDoesNotExist:
g = Group.objects.create(name=group)
g.user_set.add(user)
return user return user
@ -96,6 +116,27 @@ class UserUpdateForm(forms.ModelForm):
messages.error(self.request, messages.error(self.request,
_('Renaming LDAP user failed.')) _('Renaming LDAP user failed.'))
output = actions.superuser_run('get-ldap-user-groups',
[user.get_username()])
old_groups = output.strip().split('\n')
new_groups = user.groups.values_list('name', flat=True)
for old_group in old_groups:
if old_group not in new_groups:
try:
actions.superuser_run('remove-ldap-user-from-group',
[user.get_username(), old_group])
except ActionError:
messages.error(self.request,
_('Failed to add user to group.'))
for new_group in new_groups:
if new_group not in old_groups:
try:
actions.superuser_run('add-ldap-user-to-group',
[user.get_username(), new_group])
except ActionError:
messages.error(self.request,
_('Failed to remove user from group.'))
return user return user

6
plinth/modules/users/templates/users_change_password.html
View File

@ -31,12 +31,6 @@
{{ form|bootstrap }} {{ form|bootstrap }}
{% if is_ldap_user %}
<p>This user is also an LDAP user and password for LDAP user will also
be updated.
</p>
{% endif %}
<input type="submit" class="btn btn-primary" value="Save Password"/> <input type="submit" class="btn btn-primary" value="Save Password"/>
</form> </form>

4
plinth/modules/users/templates/users_delete.html
View File

@ -24,10 +24,6 @@
<h3>Delete User <em>{{ object.username }}</em></h3> <h3>Delete User <em>{{ object.username }}</em></h3>
{% if is_ldap_user %}
<p>This user is also an LDAP user. LDAP user will also be deleted.</p>
{% endif %}
<p>Delete user permanently?</p> <p>Delete user permanently?</p>
<form class="form" method="post"> <form class="form" method="post">

4
plinth/modules/users/templates/users_update.html
View File

@ -46,10 +46,6 @@
{{ form|bootstrap }} {{ form|bootstrap }}
{% if is_ldap_user %}
<p>This user is also an LDAP user.</p>
{% endif %}
<input type="submit" class="btn btn-primary" value="Save Changes"/> <input type="submit" class="btn btn-primary" value="Save Changes"/>
</form> </form>