mgoetz/ldap_account_manager
Archived
2
2
Fork 0
Code Issues 9 Pull Requests Releases 2 Wiki Activity

Implement add realm integrity checks, Add possibility to delete broken realms, Close #23

Browse Source
This commit is contained in:
Götz 2019-04-11 01:20:04 +02:00
parent 464c16f55c
commit 87a23eb76a
3 changed files with 65 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
account_manager/main_views.py
View File

@ -6,12 +6,14 @@ from socket import timeout
from django.contrib.auth.decorators import login_required from django.contrib.auth.decorators import login_required
from django.contrib.auth.models import Group, User from django.contrib.auth.models import Group, User
from django.core.exceptions import ObjectDoesNotExist from django.core.exceptions import ObjectDoesNotExist
from django.db import IntegrityError
from django.shortcuts import render, redirect, HttpResponse from django.shortcuts import render, redirect, HttpResponse
from account_helper.models import Realm from account_helper.models import Realm
from account_manager.utils.mail_utils import realm_send_mail from account_manager.utils.mail_utils import realm_send_mail
from .forms import RealmAddForm, RealmUpdateForm from .forms import RealmAddForm, RealmUpdateForm
from .models import LdapGroup, LdapUser from .models import LdapGroup, LdapUser
from ldap import LDAPError
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
@ -54,14 +56,29 @@ def realm_list(request):
if form.is_valid(): if form.is_valid():
name = form.cleaned_data['name'] name = form.cleaned_data['name']
ldap_base_dn = form.cleaned_data['ldap_base_dn'] ldap_base_dn = form.cleaned_data['ldap_base_dn']
realm_obj = Realm.objects.create(name=name, ldap_base_dn=ldap_base_dn) try:
realm_obj.save() base_dn_available(ldap_base_dn)
return redirect('realm-detail', realm_obj.id)
realm_obj = Realm.objects.create(name=name, ldap_base_dn=ldap_base_dn)
realm_obj.save()
return redirect('realm-detail', realm_obj.id)
except IntegrityError as err:
return render(request, 'realm/realm_add_failed.jinja2',
{'realm_name': name, 'error': err})
except LDAPError as err:
return render(request, 'realm/realm_add_failed.jinja2',
{'realm_name': name})
else: else:
form = RealmAddForm() form = RealmAddForm()
return render(request, 'realm/realm_home.jinja2', {'realms': realms, 'form': form}) return render(request, 'realm/realm_home.jinja2', {'realms': realms, 'form': form})
def base_dn_available(base_dn):
LdapUser.base_dn = f'ou=people,{base_dn}'
user = LdapUser.objects.create(username='dummy', first_name=' ', last_name=' ')
user.delete()
@login_required @login_required
@is_realm_admin @is_realm_admin
def realm_detail(request, realm_id): def realm_detail(request, realm_id):
@ -117,20 +134,24 @@ def realm_delete(request, realm_id):
realm = Realm.objects.get(id=realm_id) realm = Realm.objects.get(id=realm_id)
LdapUser.base_dn = realm.ldap_base_dn LdapUser.base_dn = realm.ldap_base_dn
LdapGroup.base_dn = realm.ldap_base_dn LdapGroup.base_dn = realm.ldap_base_dn
ldap_users = LdapUser.objects.all() try:
ldap_usernames = [user.username for user in ldap_users] ldap_users = LdapUser.objects.all()
ldap_groups = LdapGroup.objects.all() ldap_usernames = [user.username for user in ldap_users]
ldap_groupnames = [group.name for group in ldap_groups] ldap_groups = LdapGroup.objects.all()
django_user = User.objects.filter(username__contains=ldap_usernames) ldap_groupnames = [group.name for group in ldap_groups]
django_groups = Group.objects.filter(name__contains=ldap_groupnames) django_user = User.objects.filter(username__contains=ldap_usernames)
for user in django_user: django_groups = Group.objects.filter(name__contains=ldap_groupnames)
user.delete() for user in django_user:
for group in django_groups: user.delete()
group.delete() for group in django_groups:
for user in ldap_users: group.delete()
user.delete() for user in ldap_users:
for group in ldap_groups: user.delete()
group.delete() for group in ldap_groups:
group.delete()
except LDAPError:
# TODO: Save delete
pass
realm.delete() realm.delete()
return redirect('realm-home') return redirect('realm-home')

20
templates/base_admin.jinja2
View File

@ -15,15 +15,17 @@
<h2 class="sidebar-heading">Bereich</h2> <h2 class="sidebar-heading">Bereich</h2>
<a href="{{ url('realm-home') }}" class="list-group-item list-group-item-action bg-light"> <a href="{{ url('realm-home') }}" class="list-group-item list-group-item-action bg-light">
Bereichsübersicht</a> Bereichsübersicht</a>
<h2 class="sidebar-heading">{{ realm.name }}</h2> {% if realm %}
<div class="list-group list-group-flush"> <h2 class="sidebar-heading">{{ realm.name }}</h2>
<a href="{{ url('realm-detail', args=[realm.id]) }}" <div class="list-group list-group-flush">
class="list-group-item list-group-item-action bg-light">Bereichsinformationen</a> <a href="{{ url('realm-detail', args=[realm.id]) }}"
<a href="{{ url('realm-user-list', args=[realm.id]) }}" class="list-group-item list-group-item-action bg-light">Bereichsinformationen</a>
class="list-group-item list-group-item-action bg-light">Nutzer</a> <a href="{{ url('realm-user-list', args=[realm.id]) }}"
<a href="{{ url('realm-group-list', args=[realm.id]) }}" class="list-group-item list-group-item-action bg-light">Nutzer</a>
class="list-group-item list-group-item-action bg-light">Gruppen</a> <a href="{{ url('realm-group-list', args=[realm.id]) }}"
</div> class="list-group-item list-group-item-action bg-light">Gruppen</a>
</div>
{% endif %}
{% endif %} {% endif %}
</div> </div>

16
templates/realm/realm_add_failed.jinja2 Normal file
View File

@ -0,0 +1,16 @@
{% extends 'base_admin.jinja2' %}
{% block admin_content %}
<div class="row ">
<div class="col-12 p-3">
<h1>Fehler {{ realm_name }}</h1>
<div class="alert alert-danger">
<p>Das hinzufügen des Bereichs ist fehlgeschlagen.</p>
{% if error %}
<p>{{ error }}</p>
{% else %}
<p>Bitte überprüfe den Ldap base dn, ob dieser auch wirklich existiert.</p>
{% endif %}
</div>
</div>
</div>
{% endblock %}