mgoetz/ldap_account_manager
Archived
2
2
Fork 0
Code Issues 9 Pull Requests Releases 2 Wiki Activity

Implement #22

Browse Source
This commit is contained in:
Götz 2019-04-10 23:30:47 +02:00
parent 824b15c161
commit 1e7063ecb4
4 changed files with 117 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
account_manager/forms.py
View File

@ -32,6 +32,10 @@ class UserDeleteListForm(forms.Form):
ldap_users = forms.ModelMultipleChoiceField(widget=forms.CheckboxSelectMultiple, queryset=LdapUser.objects.all()) ldap_users = forms.ModelMultipleChoiceField(widget=forms.CheckboxSelectMultiple, queryset=LdapUser.objects.all())
class UserGroupListForm(forms.Form):
groups = forms.ModelMultipleChoiceField(widget=forms.CheckboxSelectMultiple, queryset=LdapGroup.objects.all())
class AddLDAPGroupForm(forms.Form): class AddLDAPGroupForm(forms.Form):
name = forms.CharField(label='Name', max_length=400) name = forms.CharField(label='Name', max_length=400)
# TODO show only allowed user # TODO show only allowed user

9
account_manager/urls.py
View File

@ -20,7 +20,14 @@ urlpatterns = [
name='realm-user-detail'), name='realm-user-detail'),
path('realm/<int:realm_id>/user/<str:user_dn>/update/', account_manager.views.user_views.realm_user_update, path('realm/<int:realm_id>/user/<str:user_dn>/update/', account_manager.views.user_views.realm_user_update,
name='realm-user-update'), name='realm-user-update'),
path('realm/<int:realm_id>/user/<str:user_dn>/group/update/', account_manager.views.user_views.realm_user_group_update, path('realm/<int:realm_id>/user/<str:user_dn>/group/update/add/',
account_manager.views.user_views.realm_user_group_update_add,
name='realm-user-group-update-add'),
path('realm/<int:realm_id>/user/<str:user_dn>/group/update/delete/',
account_manager.views.user_views.realm_user_group_update_delete,
name='realm-user-group-update-delete'),
path('realm/<int:realm_id>/user/<str:user_dn>/group/update/',
account_manager.views.user_views.realm_user_group_update,
name='realm-user-group-update'), name='realm-user-group-update'),
path('realm/<int:realm_id>/user/delete/s/<str:user_dn>/', account_manager.views.user_views.realm_user_delete, path('realm/<int:realm_id>/user/delete/s/<str:user_dn>/', account_manager.views.user_views.realm_user_delete,
name='realm-user-delete'), name='realm-user-delete'),

68
account_manager/views/user_views.py
View File

@ -6,7 +6,8 @@ from django.core.exceptions import ObjectDoesNotExist
from django.shortcuts import render, redirect from django.shortcuts import render, redirect
from account_helper.models import Realm from account_helper.models import Realm
from account_manager.forms import AddLDAPUserForm, UserDeleteListForm, UpdateLDAPUserForm, AdminUpdateLDAPUserForm from account_manager.forms import AddLDAPUserForm, UserDeleteListForm, UpdateLDAPUserForm, AdminUpdateLDAPUserForm, \
UserGroupListForm
from account_manager.main_views import is_realm_admin from account_manager.main_views import is_realm_admin
from account_manager.models import LdapUser, LdapGroup from account_manager.models import LdapUser, LdapGroup
@ -164,8 +165,55 @@ def user_delete(request, realm_id, user_dn):
def realm_user_group_update(request, realm_id, user_dn): def realm_user_group_update(request, realm_id, user_dn):
realm = Realm.objects.get(id=realm_id) realm = Realm.objects.get(id=realm_id)
LdapUser.base_dn = f'ou=people,{realm.ldap_base_dn}' LdapUser.base_dn = f'ou=people,{realm.ldap_base_dn}'
LdapGroup.base_dn = f'ou=groups,{realm.ldap_base_dn}'
ldap_user = LdapUser.objects.get(dn=user_dn) ldap_user = LdapUser.objects.get(dn=user_dn)
return render(request, 'user/realm_user_update_groups.jinja2', {'realm': realm, 'user': ldap_user}) user_groups = LdapGroup.objects.filter(members=ldap_user.dn)
realm_groups = LdapGroup.objects.all()
realm_groups_available = []
for realm_group in realm_groups:
if realm_group not in user_groups:
realm_groups_available.append(realm_group)
return render(request, 'user/realm_user_update_groups.jinja2',
{'realm': realm, 'user': ldap_user, 'user_groups': user_groups,
'realm_groups': realm_groups_available})
@login_required
@is_realm_admin
def realm_user_group_update_add(request, realm_id, user_dn):
realm = Realm.objects.get(id=realm_id)
LdapUser.base_dn = f'ou=people,{realm.ldap_base_dn}'
LdapGroup.base_dn = f'ou=groups,{realm.ldap_base_dn}'
if request.method == 'POST':
form = UserGroupListForm(request.POST)
if form.is_valid():
group_names = form.cleaned_data['groups']
groups = []
for group_name in group_names:
groups.append(LdapGroup.objects.get(name=group_name))
ldap_add_user_to_groups(user_dn, groups)
return redirect('realm-user-group-update', realm.id, user_dn)
@login_required
@is_realm_admin
def realm_user_group_update_delete(request, realm_id, user_dn):
realm = Realm.objects.get(id=realm_id)
LdapUser.base_dn = f'ou=people,{realm.ldap_base_dn}'
LdapGroup.base_dn = f'ou=groups,{realm.ldap_base_dn}'
if request.method == 'POST':
form = UserGroupListForm(request.POST)
if form.is_valid():
group_names = form.cleaned_data['groups']
groups = []
for group_name in group_names:
groups.append(LdapGroup.objects.get(name=group_name))
ldap_remove_user_from_groups(user_dn, groups)
return redirect('realm-user-group-update', realm.id, user_dn)
def user_deleted(request, realm_id): def user_deleted(request, realm_id):
@ -191,9 +239,7 @@ def user_update_controller(request, realm, ldap_user, redirect_name, update_view
def user_delete_controller(ldap_user, realm): def user_delete_controller(ldap_user, realm):
LdapGroup.base_dn = f'ou=groups,{realm.ldap_base_dn}' LdapGroup.base_dn = f'ou=groups,{realm.ldap_base_dn}'
user_groups = LdapGroup.objects.filter(members__contains=ldap_user.dn) user_groups = LdapGroup.objects.filter(members__contains=ldap_user.dn)
for group in user_groups: ldap_remove_user_from_groups(ldap_user.dn, user_groups)
group.members.remove(ldap_user.dn)
group.save()
ldap_user.delete() ldap_user.delete()
try: try:
django_user = User.objects.get(username=ldap_user.username) django_user = User.objects.get(username=ldap_user.username)
@ -203,6 +249,18 @@ def user_delete_controller(ldap_user, realm):
return return
def ldap_remove_user_from_groups(ldap_user, user_groups):
for group in user_groups:
group.members.remove(ldap_user)
group.save()
def ldap_add_user_to_groups(ldap_user, user_groups):
for group in user_groups:
group.members.append(ldap_user)
group.save()
class LdapPasswordResetConfirmView(PasswordResetConfirmView): class LdapPasswordResetConfirmView(PasswordResetConfirmView):
def form_valid(self, form): def form_valid(self, form):
user = form.save() user = form.save()

55
templates/user/realm_user_update_groups.jinja2
View File

@ -2,18 +2,47 @@
{% import 'macros/form_macros.jinja2' as mform %} {% import 'macros/form_macros.jinja2' as mform %}
{% block detail_content %} {% block detail_content %}
<h3><span class="text-uppercase">{{ user.username }}</span> - Gruppen Zuweisung ändern</h3> <h3><span class="text-uppercase">{{ user.username }}</span> - Gruppenzuweisung ändern</h3>
<form method="post"> <div class="row">
<input type="hidden" name="csrfmiddlewaretoken" value="{{ csrf_token }}"> <div class="col-6">
{# {{ mform.text_input(form.username) }}#} <form method="post" action="{{ url('realm-user-group-update-delete', args = [realm.id, user.dn]) }}">
{# {{ mform.email_input(form.email) }}#} <button type="submit" class="btn btn-warning w-100 mb-2">Entfernen</button>
{# {{ mform.password_input(form.password) }}#} <input type="hidden" name="csrfmiddlewaretoken" value="{{ csrf_token }}">
{# {{ mform.text_input(form.first_name) }}#} <ul>
{# {{ mform.text_input(form.last_name) }}#}
<div class="d-flex mt-4"> {% for user_group in user_groups %}
<button type="submit" class="btn btn-primary mr-auto p-2">Speichern</button> <li><input type="checkbox"
<a href="{{ url('realm-user-detail', args = [realm.id, user.dn]) }}" class="custom-control-input"
class="btn btn-secondary p-2">Abbrechen</a> id="user_group_{{ loop.index }}"
value="{{ user_group.name }}"
name="groups"
><label class="custom-control-label"
for="user_group_{{ loop.index }}">{{ user_group.name }}</label></li>
{% endfor %}
</ul>
</form>
</div> </div>
</form> <div class="col-6">
<form method="post" action="{{ url('realm-user-group-update-add', args = [realm.id, user.dn]) }}">
<button type="submit" class="btn btn-success w-100 mb-2">Hinzufügen</button>
<input type="hidden" name="csrfmiddlewaretoken" value="{{ csrf_token }}">
<ul>
{% for realm_group in realm_groups %}
<li><input type="checkbox"
class="custom-control-input"
id="realm_group_{{ loop.index }}"
value="{{ realm_group.name }}"
name="groups"
><label class="custom-control-label"
for="realm_group_{{ loop.index }}">{{ realm_group.name }}</label></li>
{% endfor %}
</ul>
</form>
</div>
</div>
<div class="mt-4">
<a href="{{ url('realm-user-detail', args = [realm.id, user.dn]) }}"
class="btn btn-primary p-2 float-right w-25">Fertig</a>
</div>
{% endblock %} {% endblock %}