- Only admins can now edit the groups of any user
- Only admins can mark any user as active or not
- Refactored all occurrences of admin checks to its own utility function
In a following pull request, we are expected to solve the cache timing
issue. So, show a generic error message instead of one that suggests a
timing problem.
When editing an existing user, error is being thrown due to restricted
usernames check. This is due to the username matching existing
username.
Also:
- Raise the validation error on the field instead of the entire form.
- Send error code along with validation error message.
- End the validation error message with a full stop for consistency.
- Allow setting multiple SSH keys one per line (which is already
allowed, but advertise it better).
- Use mkhomedir_helper to create the user's home directory. Avoid
security and accuracy complexities of creating a home directory.
- Allow homes that don't exist in /home.
- Merge all ldap actions into one action.
- Setup ldapscripts using augeas.
- Use the default mechanisms used by ldapscripts.
- Remove adding admin users to 'sudo' group. Mixing LDAP groups and
local groups is not a good practice. 'admin' LDAP group will be added
to sudoers in another patch to freedombox-setup.
- Make all users posixAccount and all groups posixGroup for simplicity.
Shell access can be restricted in other ways.
- Work around ldapscripts not able to set password using SASL auth.
- Work around ldapscripts having issues with current locale.
- Create groups on first boot a bit more safely
- Use get_or_create instead of get() and create()
- Fix issue with not showing a full list of groups in user modify page
when there is are no users for that group.
- If during an action, user does not exist ignore.
- If during an action, return a non-zero exist status.
- Catch an errors during actions as exceptions.
- Display a message that corresponding POSIX operation failed.
- allows editing users (currently the groups and username)
- allows any logged-in user to change the passwords of any other users
- improved url highlighting of subsubmenu
