From 1f180f847cb5460bec171dd055876130088f9941 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20G=C3=B6tz?=
 <michael-guenther.goetz@stud.uni-bamberg.de>
Date: Fri, 12 Apr 2019 19:05:42 +0200
Subject: [PATCH] Implement protected group deletion, Close #43

---
 account_manager/views/group_views.py          |  4 +++
 account_manager/views/user_views.py           | 27 +++++++++++++------
 templates/group/group_detail.jinja2           |  1 +
 templates/macros/utils_macros.jinja2          |  9 ++++---
 .../user/realm_user_update_groups.jinja2      |  8 ++++--
 5 files changed, 36 insertions(+), 13 deletions(-)

diff --git a/account_manager/views/group_views.py b/account_manager/views/group_views.py
index a47643b..e3f0fae 100644
--- a/account_manager/views/group_views.py
+++ b/account_manager/views/group_views.py
@@ -87,6 +87,10 @@ def group_update(request, realm_id, group_dn):
             group.members = [member.dn for member in members]
             group.save()
             return redirect('realm-group-detail', realm_id, group.dn)
+        elif 'members' not in form.cleaned_data:
+            return render(request, 'group/group_detail.jinja2',
+                          {'form': form, 'realm': realm, 'group': group,
+                           'extra_error': 'Gruppen dürfen nicht leer sein. Wenn du die Gruppe nicht mehr benutzen möchtest, solltest du Sie löschen'})
     else:
         members = LdapUser.objects.none()
         if group.members:
diff --git a/account_manager/views/user_views.py b/account_manager/views/user_views.py
index d7cd238..8e53d8a 100644
--- a/account_manager/views/user_views.py
+++ b/account_manager/views/user_views.py
@@ -4,7 +4,7 @@ from django.contrib.auth.views import PasswordResetConfirmView, PasswordChangeVi
 from django.contrib.sites.shortcuts import get_current_site
 from django.core.exceptions import ObjectDoesNotExist
 from django.shortcuts import render, redirect
-from ldap import ALREADY_EXISTS
+from ldap import ALREADY_EXISTS, OBJECT_CLASS_VIOLATION
 from account_helper.models import Realm
 from account_manager.forms import AddLDAPUserForm, UserDeleteListForm, UpdateLDAPUserForm, AdminUpdateLDAPUserForm, \
     UserGroupListForm
@@ -230,11 +230,18 @@ def user_delete(request, realm_id, user_dn):
 
 @login_required
 @is_realm_admin
-def realm_user_group_update(request, realm_id, user_dn):
+def realm_user_group_update(request, realm_id, user_dn, error=None):
     realm = Realm.objects.get(id=realm_id)
+    ldap_user, realm_groups_available, user_groups = get_available_given_groups(realm, user_dn)
+
+    return render(request, 'user/realm_user_update_groups.jinja2',
+                  {'realm': realm, 'user': ldap_user, 'user_groups': user_groups,
+                   'realm_groups': realm_groups_available, 'extra_error': error})
+
+
+def get_available_given_groups(realm, user_dn):
     LdapUser.base_dn = f'ou=people,{realm.ldap_base_dn}'
     LdapGroup.base_dn = f'ou=groups,{realm.ldap_base_dn}'
-
     ldap_user = LdapUser.objects.get(dn=user_dn)
     user_groups = LdapGroup.objects.filter(members=ldap_user.dn)
     realm_groups = LdapGroup.objects.all()
@@ -242,10 +249,7 @@ def realm_user_group_update(request, realm_id, user_dn):
     for realm_group in realm_groups:
         if realm_group not in user_groups:
             realm_groups_available.append(realm_group)
-
-    return render(request, 'user/realm_user_update_groups.jinja2',
-                  {'realm': realm, 'user': ldap_user, 'user_groups': user_groups,
-                   'realm_groups': realm_groups_available})
+    return ldap_user, realm_groups_available, user_groups
 
 
 @login_required
@@ -280,7 +284,14 @@ def realm_user_group_update_delete(request, realm_id, user_dn):
             groups = []
             for group_name in group_names:
                 groups.append(LdapGroup.objects.get(name=group_name))
-            ldap_remove_user_from_groups(user_dn, groups)
+            try:
+                ldap_remove_user_from_groups(user_dn, groups)
+            except OBJECT_CLASS_VIOLATION as err:
+                ldap_user, realm_groups_available, user_groups = get_available_given_groups(realm, user_dn)
+                return render(request, 'user/realm_user_update_groups.jinja2',
+                              {'realm': realm, 'user': ldap_user, 'user_groups': user_groups,
+                               'realm_groups': realm_groups_available,
+                               'extra_error': 'Bearbeiten fehlgeschlagen. Der Nutzer scheint der letzte in einer Gruppe zu sein. Bitte löschen Sie die Gruppe zuerst.'})
     return redirect('realm-user-group-update', realm.id, user_dn)
 
 
diff --git a/templates/group/group_detail.jinja2 b/templates/group/group_detail.jinja2
index 60dd3d3..5409e64 100644
--- a/templates/group/group_detail.jinja2
+++ b/templates/group/group_detail.jinja2
@@ -17,6 +17,7 @@
                     class="fas fa-trash"></i> <span class="d-sm-none d-md-inline-block">Gruppe löschen</span></a>
         </div>
     {% else %}
+        {{ mutils.get_warning_box(extra_error) }}
         <form method="post">
             <input type="hidden" name="csrfmiddlewaretoken" value="{{ csrf_token }}">
             {{ mform.text_input(form.name) }}
diff --git a/templates/macros/utils_macros.jinja2 b/templates/macros/utils_macros.jinja2
index 8cd4bfd..e0440fe 100644
--- a/templates/macros/utils_macros.jinja2
+++ b/templates/macros/utils_macros.jinja2
@@ -98,12 +98,15 @@
                 </td>
                 <td>{{ realm_wrapper.user_count }}</td>
                 <td>{{ realm_wrapper.group_count }}</td>
-                {#                <td class="text-center">{% if user.active %}#}
-                {#                    <i class="fas fa-check-circle text-success"></i>{% else %}#}
-                {#                    <i class="far fa-times-circle text-warning"></i>{% endif %}</td>#}
             </tr>
         {% endfor %}
         </tbody>
     </table>
 {% endmacro %}
 
+{% macro get_warning_box(error_text) -%}
+    {% if error_text %}
+        <div class="alert alert-warning">{{ error_text }}</div>
+    {% endif %}
+{% endmacro %}
+
diff --git a/templates/user/realm_user_update_groups.jinja2 b/templates/user/realm_user_update_groups.jinja2
index 269760e..8744d01 100644
--- a/templates/user/realm_user_update_groups.jinja2
+++ b/templates/user/realm_user_update_groups.jinja2
@@ -1,12 +1,15 @@
 {% extends 'realm/realm_detailed.jinja2' %}
 {% import 'macros/form_macros.jinja2' as mform %}
+{% import 'macros/utils_macros.jinja2' as mutils %}
 
 {% block detail_content %}
     <h3><span class="text-uppercase">{{ user.username }}</span> - Gruppenzuweisung ändern</h3>
+    {{ mutils.get_warning_box(extra_error) }}
     <div class="row">
         <div class="col-6">
             <form method="post" action="{{ url('realm-user-group-update-delete', args = [realm.id, user.dn]) }}">
-                <button type="submit" class="btn btn-warning w-100 mb-2"><i class="fas fa-minus-square"></i> Entfernen</button>
+                <button type="submit" class="btn btn-warning w-100 mb-2"><i class="fas fa-minus-square"></i> Entfernen
+                </button>
                 <input type="hidden" name="csrfmiddlewaretoken" value="{{ csrf_token }}">
                 <ul>
 
@@ -24,7 +27,8 @@
         </div>
         <div class="col-6">
             <form method="post" action="{{ url('realm-user-group-update-add', args = [realm.id, user.dn]) }}">
-                <button type="submit" class="btn btn-success w-100 mb-2"><i class="fas fa-plus-square"></i> Hinzufügen</button>
+                <button type="submit" class="btn btn-success w-100 mb-2"><i class="fas fa-plus-square"></i> Hinzufügen
+                </button>
                 <input type="hidden" name="csrfmiddlewaretoken" value="{{ csrf_token }}">
                 <ul>
                     {% for realm_group in realm_groups %}