From c204539cb680f0574c4da4985ce9db5b11805347 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20G=C3=B6tz?= Date: Fri, 29 Mar 2019 18:15:38 +0100 Subject: [PATCH] Refractor view, Split views into seperate files --- account_manager/main_views.py | 107 ++++++++++++ account_manager/urls.py | 34 ++-- account_manager/views.py | 232 --------------------------- account_manager/views/__init__.py | 0 account_manager/views/group_views.py | 46 ++++++ account_manager/views/user_views.py | 93 +++++++++++ 6 files changed, 265 insertions(+), 247 deletions(-) create mode 100644 account_manager/main_views.py delete mode 100644 account_manager/views.py create mode 100644 account_manager/views/__init__.py create mode 100644 account_manager/views/group_views.py create mode 100644 account_manager/views/user_views.py diff --git a/account_manager/main_views.py b/account_manager/main_views.py new file mode 100644 index 0000000..3513455 --- /dev/null +++ b/account_manager/main_views.py @@ -0,0 +1,107 @@ +from django.shortcuts import render, redirect +from .models import LdapGroup, LdapUser +from .forms import RealmAddForm, RealmUpdateForm +from account_helper.models import Realm +from django.contrib.auth.models import Group, User +from django.contrib.auth.decorators import login_required + + +def is_realm_admin(view_func): + def decorator(request, *args, **kwargs): + print(args) + print(kwargs) + realm_id = kwargs.get('realm_id', None) + if realm_id and (request.user.is_superuser or len( + Realm.objects.filter(id=realm_id).filter( + admin_group__user__username__contains=request.user.username)) > 0): + return view_func(request, *args, **kwargs) + else: + return redirect('permission-denied') + + return decorator + + +@login_required +def realm_list(request): + user = request.user + if not user.is_superuser: + realms = Realm.objects.filter(admin_group__user__username__contains=user.username) + if len(realms) == 0: + return redirect('user-detail') + elif len(realms) == 1: + return redirect('realm-detail', realms[0].id) + else: + return render(request, 'realm/realm_home.jinja2', {'realms': realms}) + else: + realms = Realm.objects.all() + if request.method == 'POST': + form = RealmAddForm(request.POST) + if form.is_valid(): + name = form.cleaned_data['name'] + ldap_base_dn = form.cleaned_data['ldap_base_dn'] + realm_obj = Realm.objects.create(name=name, ldap_base_dn=ldap_base_dn) + realm_obj.save() + return redirect('realm-detail', realm_obj.id) + else: + form = RealmAddForm() + return render(request, 'realm/realm_home.jinja2', {'realms': realms, 'form': form}) + + +@login_required +@is_realm_admin +def realm_detail(request, realm_id): + realm_obj = Realm.objects.get(id=realm_id) + return render(request, 'realm/realm_detailed.jinja2', {'realm': realm_obj}) + + +@login_required +@is_realm_admin +def realm_update(request, realm_id): + if request.user.is_superuser: + realm_obj = Realm.objects.get(id=realm_id) + data = {'id': realm_obj.id, 'ldap_base_dn': realm_obj.ldap_base_dn, 'name': realm_obj.name, + 'email': realm_obj.email, + 'admin_group': realm_obj.admin_group} + if request.method == 'POST': + form = RealmUpdateForm(request.POST) + if form.is_valid(): + realm_obj.name = form.cleaned_data['name'] + realm_obj.ldap_base_dn = form.cleaned_data['ldap_base_dn'] + realm_obj.email = form.cleaned_data['email'] + + admin_ldap_group = form.cleaned_data['admin_group'] + realm_obj.admin_group, _ = Group.objects.get_or_create(name=admin_ldap_group.name) + realm_obj.save() + return redirect('realm-detail', realm_obj.id) + else: + form = RealmUpdateForm(initial=data) + return render(request, 'realm/realm_update.jinja2', {'realm': realm_obj, 'form': form}) + else: + realm_obj = Realm.objects.get(id=realm_id) + return render(request, 'realm/realm_update.jinja2', {'realm': realm_obj}) + + +def realm_delete(request, realm_id): + realm = Realm.objects.get(id=realm_id) + LdapUser.base_dn = realm.ldap_base_dn + LdapGroup.base_dn = realm.ldap_base_dn + ldap_users = LdapUser.objects.all() + ldap_usernames = [user.username for user in ldap_users] + ldap_groups = LdapGroup.objects.all() + ldap_groupnames = [group.name for group in ldap_groups] + django_user = User.objects.filter(username__contains=ldap_usernames) + django_groups = Group.objects.filter(name__contains=ldap_groupnames) + for user in django_user: + user.delete() + for group in django_groups: + group.delete() + for user in ldap_users: + user.delete() + for group in ldap_groups: + group.delete() + realm.delete() + return redirect('realm-home') + + +def permission_denied(request): + return render(request, 'permission_denied.jinja2', {}) diff --git a/account_manager/urls.py b/account_manager/urls.py index 2165304..13142d7 100644 --- a/account_manager/urls.py +++ b/account_manager/urls.py @@ -1,26 +1,30 @@ from django.urls import path -from . import views + +import account_manager.views.group_views +import account_manager.views.user_views +from . import main_views urlpatterns = [ # Realm - path('realm/', views.realm_home, name='realm-home'), - path('realm//', views.realm_detail, name='realm-detail'), - path('realm//update/', views.realm_update, name='realm-update'), - path('realm//delete/', views.realm_delete, name='realm-delete'), + path('realm/', main_views.realm_list, name='realm-home'), + path('realm//', main_views.realm_detail, name='realm-detail'), + path('realm//update/', main_views.realm_update, name='realm-update'), + path('realm//delete/', main_views.realm_delete, name='realm-delete'), # Realm User - path('realm//users/', views.realm_user, name='realm-user-list'), - path('realm//users/add/', views.user_add, name='realm-user-add'), - path('realm//user//', views.user_detail, name='realm-user-detail'), - path('realm//user//update/', views.user_update, name='realm-user-update'), - path('realm//user//delete/', views.user_delete, name='realm-user-delete'), + path('realm//users/', account_manager.views.user_views.realm_user, name='realm-user-list'), + path('realm//users/add/', account_manager.views.user_views.user_add, name='realm-user-add'), + path('realm//user//', account_manager.views.user_views.user_detail, name='realm-user-detail'), + path('realm//user//update/', account_manager.views.user_views.user_update, name='realm-user-update'), + path('realm//user//delete/', account_manager.views.user_views.user_delete, name='realm-user-delete'), # Realm Group - path('realm//groups/', views.realm_groups, name='realm-group-list'), - path('realm//group/', views.user_add, name='realm-group-detail'), - path('realm//group/add/', views.group_add, name='realm-group-add'), - path('realm//user//delete/', views.user_add, name='realm-group-delete'), + path('realm//groups/', account_manager.views.group_views.realm_groups, name='realm-group-list'), + path('realm//groups/add/', account_manager.views.group_views.group_add, name='realm-group-add'), + path('realm//group//', account_manager.views.user_views.user_add, name='realm-group-detail'), + path('realm//group//update/', account_manager.views.user_views.user_add, name='realm-group-update'), + path('realm//group//delete/', account_manager.views.user_views.user_add, name='realm-group-delete'), # Permission Info - path('permission-denied', views.permission_denied, name='permission-denied') + path('permission-denied', main_views.permission_denied, name='permission-denied') ] diff --git a/account_manager/views.py b/account_manager/views.py deleted file mode 100644 index e8450b6..0000000 --- a/account_manager/views.py +++ /dev/null @@ -1,232 +0,0 @@ -from django.shortcuts import render, redirect -from .models import LdapGroup, LdapUser -from .forms import AddLDAPUserForm, AddLDAPGroupForm, RealmAddForm, RealmUpdateForm -from account_helper.models import Realm -from django.contrib.auth.models import Group, User -from django.contrib.auth.decorators import login_required - - -def is_realm_admin(view_func): - def decorator(request, *args, **kwargs): - print(args) - print(kwargs) - realm_id = kwargs.get('realm_id', None) - if realm_id and (request.user.is_superuser or len( - Realm.objects.filter(id=realm_id).filter( - admin_group__user__username__contains=request.user.username)) > 0): - return view_func(request, *args, **kwargs) - else: - return redirect('permission-denied') - - return decorator - - -@login_required -def realm_home(request): - user = request.user - if not user.is_superuser: - realms = Realm.objects.filter(admin_group__user__username__contains=user.username) - if len(realms) == 0: - return redirect('user-detail') - elif len(realms) == 1: - return redirect('realm-detail', realms[0].id) - else: - return render(request, 'realm/realm_home.jinja2', {'realms': realms}) - else: - realms = Realm.objects.all() - if request.method == 'POST': - form = RealmAddForm(request.POST) - if form.is_valid(): - name = form.cleaned_data['name'] - ldap_base_dn = form.cleaned_data['ldap_base_dn'] - realm_obj = Realm.objects.create(name=name, ldap_base_dn=ldap_base_dn) - realm_obj.save() - return redirect('realm-detail', realm_obj.id) - else: - form = RealmAddForm() - return render(request, 'realm/realm_home.jinja2', {'realms': realms, 'form': form}) - - -def realm_delete(request, realm_id): - realm = Realm.objects.get(id=realm_id) - LdapUser.base_dn = realm.ldap_base_dn - LdapGroup.base_dn = realm.ldap_base_dn - ldap_users = LdapUser.objects.all() - ldap_usernames = [user.username for user in ldap_users] - ldap_groups = LdapGroup.objects.all() - ldap_groupnames = [group.name for group in ldap_groups] - django_user = User.objects.filter(username__contains=ldap_usernames) - django_groups = Group.objects.filter(name__contains=ldap_groupnames) - for user in django_user: - user.delete() - for group in django_groups: - group.delete() - for user in ldap_users: - user.delete() - for group in ldap_groups: - group.delete() - realm.delete() - return redirect('realm-home') - - -@login_required -@is_realm_admin -def realm_detail(request, realm_id): - realm_obj = Realm.objects.get(id=realm_id) - return render(request, 'realm/realm_detailed.jinja2', {'realm': realm_obj}) - - -@login_required -@is_realm_admin -def realm_update(request, realm_id): - if request.user.is_superuser: - realm_obj = Realm.objects.get(id=realm_id) - data = {'id': realm_obj.id, 'ldap_base_dn': realm_obj.ldap_base_dn, 'name': realm_obj.name, - 'email': realm_obj.email, - 'admin_group': realm_obj.admin_group} - if request.method == 'POST': - form = RealmUpdateForm(request.POST) - if form.is_valid(): - realm_obj.name = form.cleaned_data['name'] - realm_obj.ldap_base_dn = form.cleaned_data['ldap_base_dn'] - realm_obj.email = form.cleaned_data['email'] - - admin_ldap_group = form.cleaned_data['admin_group'] - realm_obj.admin_group, _ = Group.objects.get_or_create(name=admin_ldap_group.name) - realm_obj.save() - return redirect('realm-detail', realm_obj.id) - else: - form = RealmUpdateForm(initial=data) - return render(request, 'realm/realm_update.jinja2', {'realm': realm_obj, 'form': form}) - else: - realm_obj = Realm.objects.get(id=realm_id) - return render(request, 'realm/realm_update.jinja2', {'realm': realm_obj}) - - -@login_required -@is_realm_admin -def realm_user(request, realm_id): - realm_obj = Realm.objects.get(id=realm_id) - LdapUser.base_dn = realm_obj.ldap_base_dn - realm_users = LdapUser.objects.all() - return render(request, 'realm/realm_user.jinja2', {'realm': realm_obj, 'realm_user': realm_users}) - - -@login_required -@is_realm_admin -def realm_groups(request, realm_id): - realm_obj = Realm.objects.get(id=realm_id) - LdapGroup.base_dn = realm_obj.ldap_base_dn - realm_groups_obj = LdapGroup.objects.all() - return render(request, 'realm/realm_groups.jinja2', {'realm': realm_obj, 'realm_groups': realm_groups_obj}) - - -@login_required -@is_realm_admin -def user_detail(request, realm_id, user_dn): - realm = Realm.objects.get(id=realm_id) - LdapUser.base_dn = realm.ldap_base_dn - user = LdapUser.objects.get(dn=user_dn) - return render(request, 'user/user_detail.jinja2', {'user': user, 'realm': realm}) - - -@login_required -@is_realm_admin -def user_add(request, realm_id): - realm_obj = Realm.objects.get(id=realm_id) - # if this is a POST request we need to process the form data - if request.method == 'POST': - # create a form instance and populate it with data from the request: - form = AddLDAPUserForm(request.POST) - # check whether it's valid: - if form.is_valid(): - username = form.cleaned_data['username'] - password = form.cleaned_data['password'] - first_name = form.cleaned_data['first_name'] - last_name = form.cleaned_data['last_name'] - email = form.cleaned_data['email'] - LdapUser.base_dn = f'ou=people,{realm_obj.ldap_base_dn}' - LdapUser.objects.create(username=username, - password=password, first_name=first_name, - last_name=last_name, email=email) - return redirect('realm-user-list', realm_id) - - # if a GET (or any other method) we'll create a blank form - else: - form = AddLDAPUserForm() - return render(request, 'user/user_add.jinja2', {'form': form, 'realm': realm_obj}) - - -@login_required -@is_realm_admin -def user_update(request, realm_id, user_dn): - realm_obj = Realm.objects.get(id=realm_id) - LdapUser.base_dn = f'ou=people,{realm_obj.ldap_base_dn}' - ldap_user = LdapUser.objects.get(dn=user_dn) - if request.method == 'POST': - form = AddLDAPUserForm(request.POST) - if form.is_valid(): - ldap_user.username = form.cleaned_data['username'] - password = form.cleaned_data['password'] - if password: - ldap_user.password = password - ldap_user.first_name = form.cleaned_data['first_name'] - ldap_user.last_name = form.cleaned_data['last_name'] - ldap_user.email = form.cleaned_data['email'] - ldap_user.save() - - return redirect('realm-user-detail', realm_id, user_dn) - else: - form_data = {'username': ldap_user.username, 'first_name': ldap_user.first_name, - 'last_name': ldap_user.last_name, 'email': ldap_user.email} - form = AddLDAPUserForm(initial=form_data) - return render(request, 'user/user_detail.jinja2', {'form': form, 'realm': realm_obj}) - - -@login_required -@is_realm_admin -def user_delete(request, realm_id, user_dn): - realm_obj = Realm.objects.get(id=realm_id) - LdapUser.base_dn = f'ou=people,{realm_obj.ldap_base_dn}' - LdapGroup.base_dn = f'ou=groups,{realm_obj.ldap_base_dn}' - ldap_user = LdapUser.objects.get(dn=user_dn) - user_groups = LdapGroup.objects.filter(members__contains=ldap_user.dn) - for group in user_groups: - group.members.remove(ldap_user.dn) - group.save() - ldap_user.delete() - return redirect('realm-user-list', realm_id) - - -@login_required -def group_detail(request, dn): - group = LdapGroup.objects.get(dn=dn) - context = {'group': group, } - return render(request, 'user/group_detail.jinja2', context) - - -@login_required -def group_add(request, realm_id): - realm_obj = Realm.objects.get(id=realm_id) - # if this is a POST request we need to process the form data - if request.method == 'POST': - # create a form instance and populate it with data from the request: - form = AddLDAPGroupForm(request.POST) - # check whether it's valid: - if form.is_valid(): - name = form.cleaned_data['name'] - members = form.cleaned_data['members'] - members = [member.dn for member in members] - LdapGroup.base_dn = f'ou=groups,{realm_obj.ldap_base_dn}' - LdapGroup.objects.create(name=name, members=members) - return redirect('realm-group-list', realm_id) - - # if a GET (or any other method) we'll create a blank form - else: - form = AddLDAPGroupForm() - - return render(request, 'group/group_add.jinja2', {'form': form, 'realm': realm_obj}) - - -def permission_denied(request): - return render(request, 'permission_denied.jinja2', {}) diff --git a/account_manager/views/__init__.py b/account_manager/views/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/account_manager/views/group_views.py b/account_manager/views/group_views.py new file mode 100644 index 0000000..f0f9ad5 --- /dev/null +++ b/account_manager/views/group_views.py @@ -0,0 +1,46 @@ +from django.contrib.auth.decorators import login_required +from django.shortcuts import render, redirect + +from account_helper.models import Realm +from account_manager.forms import AddLDAPGroupForm +from account_manager.models import LdapGroup +from account_manager.main_views import is_realm_admin + + +@login_required +@is_realm_admin +def realm_groups(request, realm_id): + realm_obj = Realm.objects.get(id=realm_id) + LdapGroup.base_dn = realm_obj.ldap_base_dn + realm_groups_obj = LdapGroup.objects.all() + return render(request, 'realm/realm_groups.jinja2', {'realm': realm_obj, 'realm_groups': realm_groups_obj}) + + +@login_required +def group_detail(request, dn): + group = LdapGroup.objects.get(dn=dn) + context = {'group': group, } + return render(request, 'user/group_detail.jinja2', context) + + +@login_required +def group_add(request, realm_id): + realm_obj = Realm.objects.get(id=realm_id) + # if this is a POST request we need to process the form data + if request.method == 'POST': + # create a form instance and populate it with data from the request: + form = AddLDAPGroupForm(request.POST) + # check whether it's valid: + if form.is_valid(): + name = form.cleaned_data['name'] + members = form.cleaned_data['members'] + members = [member.dn for member in members] + LdapGroup.base_dn = f'ou=groups,{realm_obj.ldap_base_dn}' + LdapGroup.objects.create(name=name, members=members) + return redirect('realm-group-list', realm_id) + + # if a GET (or any other method) we'll create a blank form + else: + form = AddLDAPGroupForm() + + return render(request, 'group/group_add.jinja2', {'form': form, 'realm': realm_obj}) diff --git a/account_manager/views/user_views.py b/account_manager/views/user_views.py new file mode 100644 index 0000000..9c786af --- /dev/null +++ b/account_manager/views/user_views.py @@ -0,0 +1,93 @@ +from django.contrib.auth.decorators import login_required +from django.shortcuts import render, redirect + +from account_helper.models import Realm +from account_manager.forms import AddLDAPUserForm +from account_manager.models import LdapUser, LdapGroup +from account_manager.main_views import is_realm_admin + + +@login_required +@is_realm_admin +def realm_user(request, realm_id): + realm_obj = Realm.objects.get(id=realm_id) + LdapUser.base_dn = realm_obj.ldap_base_dn + realm_users = LdapUser.objects.all() + return render(request, 'realm/realm_user.jinja2', {'realm': realm_obj, 'realm_user': realm_users}) + + +@login_required +@is_realm_admin +def user_detail(request, realm_id, user_dn): + realm = Realm.objects.get(id=realm_id) + LdapUser.base_dn = realm.ldap_base_dn + user = LdapUser.objects.get(dn=user_dn) + return render(request, 'user/user_detail.jinja2', {'user': user, 'realm': realm}) + + +@login_required +@is_realm_admin +def user_add(request, realm_id): + realm_obj = Realm.objects.get(id=realm_id) + # if this is a POST request we need to process the form data + if request.method == 'POST': + # create a form instance and populate it with data from the request: + form = AddLDAPUserForm(request.POST) + # check whether it's valid: + if form.is_valid(): + username = form.cleaned_data['username'] + password = form.cleaned_data['password'] + first_name = form.cleaned_data['first_name'] + last_name = form.cleaned_data['last_name'] + email = form.cleaned_data['email'] + LdapUser.base_dn = f'ou=people,{realm_obj.ldap_base_dn}' + LdapUser.objects.create(username=username, + password=password, first_name=first_name, + last_name=last_name, email=email) + return redirect('realm-user-list', realm_id) + + # if a GET (or any other method) we'll create a blank form + else: + form = AddLDAPUserForm() + return render(request, 'user/user_add.jinja2', {'form': form, 'realm': realm_obj}) + + +@login_required +@is_realm_admin +def user_update(request, realm_id, user_dn): + realm_obj = Realm.objects.get(id=realm_id) + LdapUser.base_dn = f'ou=people,{realm_obj.ldap_base_dn}' + ldap_user = LdapUser.objects.get(dn=user_dn) + if request.method == 'POST': + form = AddLDAPUserForm(request.POST) + if form.is_valid(): + ldap_user.username = form.cleaned_data['username'] + password = form.cleaned_data['password'] + if password: + ldap_user.password = password + ldap_user.first_name = form.cleaned_data['first_name'] + ldap_user.last_name = form.cleaned_data['last_name'] + ldap_user.email = form.cleaned_data['email'] + ldap_user.save() + + return redirect('realm-user-detail', realm_id, user_dn) + else: + form_data = {'username': ldap_user.username, 'first_name': ldap_user.first_name, + 'last_name': ldap_user.last_name, 'email': ldap_user.email} + form = AddLDAPUserForm(initial=form_data) + return render(request, 'user/user_detail.jinja2', {'form': form, 'realm': realm_obj}) + + +@login_required +@is_realm_admin +def user_delete(request, realm_id, user_dn): + realm_obj = Realm.objects.get(id=realm_id) + LdapUser.base_dn = f'ou=people,{realm_obj.ldap_base_dn}' + LdapGroup.base_dn = f'ou=groups,{realm_obj.ldap_base_dn}' + ldap_user = LdapUser.objects.get(dn=user_dn) + user_groups = LdapGroup.objects.filter(members__contains=ldap_user.dn) + for group in user_groups: + group.members.remove(ldap_user.dn) + group.save() + ldap_user.delete() + return redirect('realm-user-list', realm_id) \ No newline at end of file