mgoetz/ldap_account_manager
Archived
2
2
Fork 0
Code Issues 9 Pull Requests Releases 2 Wiki Activity

Implement protected group deletion, Close #43

Browse Source
This commit is contained in:
Götz 2019-04-12 19:05:42 +02:00
parent f1cec8553a
commit 1f180f847c
5 changed files with 36 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
account_manager/views/group_views.py
View File

@ -87,6 +87,10 @@ def group_update(request, realm_id, group_dn):
group.members = [member.dn for member in members]
group.save()
return redirect('realm-group-detail', realm_id, group.dn)
elif 'members' not in form.cleaned_data:
return render(request, 'group/group_detail.jinja2',
{'form': form, 'realm': realm, 'group': group,
'extra_error': 'Gruppen dürfen nicht leer sein. Wenn du die Gruppe nicht mehr benutzen möchtest, solltest du Sie löschen'})
else:
members = LdapUser.objects.none()
if group.members:

27
account_manager/views/user_views.py
View File

@ -4,7 +4,7 @@ from django.contrib.auth.views import PasswordResetConfirmView, PasswordChangeVi
from django.contrib.sites.shortcuts import get_current_site
from django.core.exceptions import ObjectDoesNotExist
from django.shortcuts import render, redirect
from ldap import ALREADY_EXISTS
from ldap import ALREADY_EXISTS, OBJECT_CLASS_VIOLATION
from account_helper.models import Realm
from account_manager.forms import AddLDAPUserForm, UserDeleteListForm, UpdateLDAPUserForm, AdminUpdateLDAPUserForm, \
UserGroupListForm
@ -230,11 +230,18 @@ def user_delete(request, realm_id, user_dn):
@login_required
@is_realm_admin
def realm_user_group_update(request, realm_id, user_dn):
def realm_user_group_update(request, realm_id, user_dn, error=None):
realm = Realm.objects.get(id=realm_id)
ldap_user, realm_groups_available, user_groups = get_available_given_groups(realm, user_dn)
return render(request, 'user/realm_user_update_groups.jinja2',
{'realm': realm, 'user': ldap_user, 'user_groups': user_groups,
'realm_groups': realm_groups_available, 'extra_error': error})
def get_available_given_groups(realm, user_dn):
LdapUser.base_dn = f'ou=people,{realm.ldap_base_dn}'
LdapGroup.base_dn = f'ou=groups,{realm.ldap_base_dn}'
ldap_user = LdapUser.objects.get(dn=user_dn)
user_groups = LdapGroup.objects.filter(members=ldap_user.dn)
realm_groups = LdapGroup.objects.all()
@ -242,10 +249,7 @@ def realm_user_group_update(request, realm_id, user_dn):
for realm_group in realm_groups:
if realm_group not in user_groups:
realm_groups_available.append(realm_group)
return render(request, 'user/realm_user_update_groups.jinja2',
{'realm': realm, 'user': ldap_user, 'user_groups': user_groups,
'realm_groups': realm_groups_available})
return ldap_user, realm_groups_available, user_groups
@login_required
@ -280,7 +284,14 @@ def realm_user_group_update_delete(request, realm_id, user_dn):
groups = []
for group_name in group_names:
groups.append(LdapGroup.objects.get(name=group_name))
ldap_remove_user_from_groups(user_dn, groups)
try:
ldap_remove_user_from_groups(user_dn, groups)
except OBJECT_CLASS_VIOLATION as err:
ldap_user, realm_groups_available, user_groups = get_available_given_groups(realm, user_dn)
return render(request, 'user/realm_user_update_groups.jinja2',
{'realm': realm, 'user': ldap_user, 'user_groups': user_groups,
'realm_groups': realm_groups_available,
'extra_error': 'Bearbeiten fehlgeschlagen. Der Nutzer scheint der letzte in einer Gruppe zu sein. Bitte löschen Sie die Gruppe zuerst.'})
return redirect('realm-user-group-update', realm.id, user_dn)

1
templates/group/group_detail.jinja2
View File

@ -17,6 +17,7 @@
class="fas fa-trash"></i> <span class="d-sm-none d-md-inline-block">Gruppe löschen</span></a>
</div>
{% else %}
{{ mutils.get_warning_box(extra_error) }}
<form method="post">
<input type="hidden" name="csrfmiddlewaretoken" value="{{ csrf_token }}">
{{ mform.text_input(form.name) }}

9
templates/macros/utils_macros.jinja2
View File

@ -98,12 +98,15 @@
</td>
<td>{{ realm_wrapper.user_count }}</td>
<td>{{ realm_wrapper.group_count }}</td>
{# <td class="text-center">{% if user.active %}#}
{# <i class="fas fa-check-circle text-success"></i>{% else %}#}
{# <i class="far fa-times-circle text-warning"></i>{% endif %}</td>#}
</tr>
{% endfor %}
</tbody>
</table>
{% endmacro %}
{% macro get_warning_box(error_text) -%}
{% if error_text %}
<div class="alert alert-warning">{{ error_text }}</div>
{% endif %}
{% endmacro %}

8
templates/user/realm_user_update_groups.jinja2
View File

@ -1,12 +1,15 @@
{% extends 'realm/realm_detailed.jinja2' %}
{% import 'macros/form_macros.jinja2' as mform %}
{% import 'macros/utils_macros.jinja2' as mutils %}
{% block detail_content %}
<h3><span class="text-uppercase">{{ user.username }}</span> - Gruppenzuweisung ändern</h3>
{{ mutils.get_warning_box(extra_error) }}
<div class="row">
<div class="col-6">
<form method="post" action="{{ url('realm-user-group-update-delete', args = [realm.id, user.dn]) }}">
<button type="submit" class="btn btn-warning w-100 mb-2"><i class="fas fa-minus-square"></i> Entfernen</button>
<button type="submit" class="btn btn-warning w-100 mb-2"><i class="fas fa-minus-square"></i> Entfernen
</button>
<input type="hidden" name="csrfmiddlewaretoken" value="{{ csrf_token }}">
<ul>
@ -24,7 +27,8 @@
</div>
<div class="col-6">
<form method="post" action="{{ url('realm-user-group-update-add', args = [realm.id, user.dn]) }}">
<button type="submit" class="btn btn-success w-100 mb-2"><i class="fas fa-plus-square"></i> Hinzufügen</button>
<button type="submit" class="btn btn-success w-100 mb-2"><i class="fas fa-plus-square"></i> Hinzufügen
</button>
<input type="hidden" name="csrfmiddlewaretoken" value="{{ csrf_token }}">
<ul>
{% for realm_group in realm_groups %}