nik/FreedomBox
1
0
Fork 0
mirror of https://github.com/freedombox/FreedomBox.git synced 2026-02-04 08:13:38 +00:00
Code Issues Packages Projects Releases Wiki Activity
FreedomBox/plinth/modules/users/__init__.py
Alice Kile 0b5b384651
app: Separate app enable/disable form from config form 
- Introduce new API to mark an app that it can't be disabled.

- Mark jsxc, storage, config, upgrade and firewall apps as can't be disabled.

- Fixed functional tests

- Replaced AppForm with forms.Form in all modules' forms.py.

- Remove app.template.js.

- Remove unused styles.

- Remove app status checks in form_valid of Deluge, Diaspora, Matrix, Ejabberd,
MediaWiki, Storage, Transmission, Quassel

- Purge unused is_enabled context variables (Ikiwiki)

- ejabberd: Minor cleanup in template

- jsxc: Cleanup unneeded overrides

- tahoe: Cleanup unnecessary overrides

Tests performed:

- For all apps affected, test enable/disable button works and submitting
configuration form works: with changes updates message and without changes
'settings unchanged' message.
  - avahi
  - bind
  - cockpit
  - SKIP: coquelicot
  - datetime
  - deluge
  - SKIP: diaspora
  - ejabberd
  - gitweb
  - i2p
  - infinoted
  - ikiwiki
  - matrixsynapse
  - mediawiki
  - minetest
  - minidlna
  - mldonkey
  - mumble
  - pagekite
  - privoxy
  - quassel
  - radicale
  - roundcube
  - SKIP: samba
  - searx
  - SKIP: shaarli
  - shadowsocks
  - ssh
  - tahoe
  - transmission
  - FAIL: tt-rss (not installable)
  - wireguard
- Deluge test that configuration changes when app is disabled work
- Quassel test that setting the domain works when app is diabled
- Transmission test that setting the domain works when app is diabled
- Ikiwiki create form works properly
- Enable/disable button appears as expected when enabled and when disabled
- Enable/disable button works without Javascript
- Functional tests work for affected apps, Tor and OpenVPN
- AppForm is removed from developer documentation
  - Forms reference
  - Customizing tutorial
- Test all apps using directory select form
  - Transmission
  - Deluge
- Visit each template that overrides block configuration and ensure that it is
loaded properly and the display is as expected.
- All apps that use AppView that are not tested above should not have an
enable/disable button. That is JSXC, update, config, firewall, storage, users.

Signed-off-by: Alice Kile <buoyantair@protonmail.com>
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
2020-03-29 09:42:31 +03:00

158 lines
4.3 KiB
Python
Raw Blame History

# SPDX-License-Identifier: AGPL-3.0-or-later
"""
FreedomBox app to manage users.
"""
import grp
import subprocess
from django.utils.translation import ugettext_lazy as _
from plinth import actions
from plinth import app as app_module
from plinth import cfg, menu
from plinth.daemon import Daemon
from plinth.utils import format_lazy
version = 3
is_essential = True
managed_packages = [
'ldapscripts', 'ldap-utils', 'libnss-ldapd', 'libpam-ldapd', 'nscd',
'nslcd', 'samba-common-bin', 'slapd', 'tdb-tools'
]
managed_services = ['slapd']
first_boot_steps = [
{
'id': 'users_firstboot',
'url': 'users:firstboot',
'order': 1
},
]
_description = [
_('Create and managed user accounts. These accounts serve as centralized '
'authentication mechanism for most apps. Some apps further require a '
'user account to be part of a group to authorize the user to access the '
'app.'),
format_lazy(
_('Any user may login to {box_name} web interface to see a list of '
'apps relevant to them in the home page. However, only users of '
'the <em>admin</em> group may alter apps or system settings.'),
box_name=_(cfg.box_name))
]
# All FreedomBox user groups
groups = dict()
app = None
class UsersApp(app_module.App):
"""FreedomBox app for users and groups management."""
app_id = 'users'
can_be_disabled = False
def __init__(self):
"""Create components for the app."""
super().__init__()
info = app_module.Info(app_id=self.app_id, version=version,
is_essential=is_essential,
name=_('Users and Groups'), icon='fa-users',
description=_description, manual_page='Users')
self.add(info)
menu_item = menu.Menu('menu-users', info.name, None, info.icon,
'users:index', parent_url_name='system')
self.add(menu_item)
daemon = Daemon('daemon-users', managed_services[0],
listen_ports=[(389, 'tcp4'), (389, 'tcp6')])
self.add(daemon)
def diagnose(self):
"""Run diagnostics and return the results."""
results = super().diagnose()
results.append(_diagnose_ldap_entry('dc=thisbox'))
results.append(_diagnose_ldap_entry('ou=people'))
results.append(_diagnose_ldap_entry('ou=groups'))
return results
def init():
"""Initialize the user module."""
global app
app = UsersApp()
app.set_enabled(True)
def setup(helper, old_version=None):
"""Install and configure the module."""
helper.install(managed_packages)
if not old_version:
helper.call('post', actions.superuser_run, 'users', ['first-setup'])
helper.call('post', actions.superuser_run, 'users', ['setup'])
create_group('freedombox-share')
def _diagnose_ldap_entry(search_item):
"""Diagnose that an LDAP entry exists."""
result = 'failed'
try:
subprocess.check_output(
['ldapsearch', '-x', '-b', 'dc=thisbox', search_item])
result = 'passed'
except subprocess.CalledProcessError:
pass
return [
_('Check LDAP entry "{search_item}"').format(search_item=search_item),
result
]
def create_group(group):
"""Add an LDAP group."""
actions.superuser_run('users', options=['create-group', group])
def remove_group(group):
"""Remove an LDAP group."""
actions.superuser_run('users', options=['remove-group', group])
def register_group(group):
groups[group[0]] = group[1]
def get_last_admin_user():
"""If there is only one admin user return its name else return None."""
output = actions.superuser_run('users', ['get-group-users', 'admin'])
admin_users = output.strip().split('\n')
if len(admin_users) == 1 and admin_users[0]:
return admin_users[0]
return None
def add_user_to_share_group(username, service=None):
"""Add user to the freedombox-share group."""
try:
group_members = grp.getgrnam('freedombox-share').gr_mem
except KeyError:
group_members = []
if username not in group_members:
actions.superuser_run(
'users', ['add-user-to-group', username, 'freedombox-share'])
if service:
actions.superuser_run('service', ['restart', service])
Reference in New Issue View Git Blame Copy Permalink