mgoetz/ldap_account_manager
Archived
2
2
Fork 0
Code Issues 9 Pull Requests Releases 2 Wiki Activity

Implement realm user update, deletion, Close #13, Close #9

Browse Source
This commit is contained in:
Götz 2019-03-29 18:01:46 +01:00
parent 7e0fa5b3a0
commit cefacbb7a0
6 changed files with 95 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
account_manager/forms.py
View File

@ -1,6 +1,4 @@
from django import forms
from django.contrib.auth.models import User, Group
from account_helper.models import LdapUserRDN, LdapGroupRDN
from .models import LdapUser, LdapGroup
@ -8,7 +6,8 @@ class AddLDAPUserForm(forms.Form):
username = forms.CharField(label='Nutzername', max_length=400)
first_name = forms.CharField(label='Vorname', max_length=400)
last_name = forms.CharField(label='Nachname', max_length=400)
password = forms.CharField(widget=forms.PasswordInput)
password = forms.CharField(label='Passwort', widget=forms.PasswordInput, required=False)
email = forms.EmailField(label='E-Mail', required=False)
class AddLDAPGroupForm(forms.Form):

16
account_manager/urls.py
View File

@ -4,21 +4,23 @@ from . import views
urlpatterns = [
# Realm
path('realm/', views.realm_home, name='realm-home'),
path('realm/<int:id>/', views.realm_detail, name='realm-detail'),
path('realm/<int:id>/users/', views.realm_user, name='realm-user-list'),
path('realm/<int:id>/groups/', views.realm_groups, name='realm-group-list'),
path('realm/<int:id>/update/', views.realm_update, name='realm-update'),
path('realm/<int:realm_id>/', views.realm_detail, name='realm-detail'),
path('realm/<int:realm_id>/update/', views.realm_update, name='realm-update'),
path('realm/<int:realm_id>/delete/', views.realm_delete, name='realm-delete'),
# Realm User
path('realm/<int:realm_id>/user/', views.user_add, name='realm-user-detail'),
path('realm/<int:realm_id>/user/add/', views.user_add, name='realm-user-add'),
path('realm/<int:realm_id>/user/<int:user_dn>/delete/', views.user_add, name='realm-user-delete'),
path('realm/<int:realm_id>/users/', views.realm_user, name='realm-user-list'),
path('realm/<int:realm_id>/users/add/', views.user_add, name='realm-user-add'),
path('realm/<int:realm_id>/user/<str:user_dn>/', views.user_detail, name='realm-user-detail'),
path('realm/<int:realm_id>/user/<str:user_dn>/update/', views.user_update, name='realm-user-update'),
path('realm/<int:realm_id>/user/<str:user_dn>/delete/', views.user_delete, name='realm-user-delete'),
# Realm Group
path('realm/<int:realm_id>/groups/', views.realm_groups, name='realm-group-list'),
path('realm/<int:realm_id>/group/', views.user_add, name='realm-group-detail'),
path('realm/<int:realm_id>/group/add/', views.group_add, name='realm-group-add'),
path('realm/<int:realm_id>/user/<int:group_dn>/delete/', views.user_add, name='realm-group-delete'),
# Permission Info
path('permission-denied', views.permission_denied, name='permission-denied')
]

86
account_manager/views.py
View File

@ -10,7 +10,7 @@ def is_realm_admin(view_func):
def decorator(request, *args, **kwargs):
print(args)
print(kwargs)
realm_id = kwargs.get('id', None)
realm_id = kwargs.get('realm_id', None)
if realm_id and (request.user.is_superuser or len(
Realm.objects.filter(id=realm_id).filter(
admin_group__user__username__contains=request.user.username)) > 0):
@ -71,16 +71,16 @@ def realm_delete(request, realm_id):
@login_required
@is_realm_admin
def realm_detail(request, id):
realm_obj = Realm.objects.get(id=id)
def realm_detail(request, realm_id):
realm_obj = Realm.objects.get(id=realm_id)
return render(request, 'realm/realm_detailed.jinja2', {'realm': realm_obj})
@login_required
@is_realm_admin
def realm_update(request, id):
def realm_update(request, realm_id):
if request.user.is_superuser:
realm_obj = Realm.objects.get(id=id)
realm_obj = Realm.objects.get(id=realm_id)
data = {'id': realm_obj.id, 'ldap_base_dn': realm_obj.ldap_base_dn, 'name': realm_obj.name,
'email': realm_obj.email,
'admin_group': realm_obj.admin_group}
@ -99,14 +99,14 @@ def realm_update(request, id):
form = RealmUpdateForm(initial=data)
return render(request, 'realm/realm_update.jinja2', {'realm': realm_obj, 'form': form})
else:
realm_obj = Realm.objects.get(id=id)
realm_obj = Realm.objects.get(id=realm_id)
return render(request, 'realm/realm_update.jinja2', {'realm': realm_obj})
@login_required
@is_realm_admin
def realm_user(request, id):
realm_obj = Realm.objects.get(id=id)
def realm_user(request, realm_id):
realm_obj = Realm.objects.get(id=realm_id)
LdapUser.base_dn = realm_obj.ldap_base_dn
realm_users = LdapUser.objects.all()
return render(request, 'realm/realm_user.jinja2', {'realm': realm_obj, 'realm_user': realm_users})
@ -114,32 +114,24 @@ def realm_user(request, id):
@login_required
@is_realm_admin
def realm_groups(request, id):
realm_obj = Realm.objects.get(id=id)
def realm_groups(request, realm_id):
realm_obj = Realm.objects.get(id=realm_id)
LdapGroup.base_dn = realm_obj.ldap_base_dn
realm_groups_obj = LdapGroup.objects.all()
return render(request, 'realm/realm_groups.jinja2', {'realm': realm_obj, 'realm_groups': realm_groups_obj})
@login_required
def userlist(request):
LdapUser.base_dn = LdapUser.ROOT_DN
LdapGroup.base_dn = LdapGroup.ROOT_DN
user = LdapUser.objects.all()
groups = LdapGroup.objects.all()
context = {'users': user, 'groups': groups}
return render(request, 'user/user_list.jinja2', context)
@login_required
def user_detail(request, dn):
user = LdapUser.objects.get(dn=dn)
context = {'user': user, }
return render(request, 'user/user_detail.jinja2', context)
@is_realm_admin
def user_detail(request, realm_id, user_dn):
realm = Realm.objects.get(id=realm_id)
LdapUser.base_dn = realm.ldap_base_dn
user = LdapUser.objects.get(dn=user_dn)
return render(request, 'user/user_detail.jinja2', {'user': user, 'realm': realm})
@login_required
@is_realm_admin
def user_add(request, realm_id):
realm_obj = Realm.objects.get(id=realm_id)
# if this is a POST request we need to process the form data
@ -152,10 +144,11 @@ def user_add(request, realm_id):
password = form.cleaned_data['password']
first_name = form.cleaned_data['first_name']
last_name = form.cleaned_data['last_name']
email = form.cleaned_data['email']
LdapUser.base_dn = f'ou=people,{realm_obj.ldap_base_dn}'
LdapUser.objects.create(username=username,
password=password, first_name=first_name,
last_name=last_name, )
last_name=last_name, email=email)
return redirect('realm-user-list', realm_id)
# if a GET (or any other method) we'll create a blank form
@ -164,6 +157,47 @@ def user_add(request, realm_id):
return render(request, 'user/user_add.jinja2', {'form': form, 'realm': realm_obj})
@login_required
@is_realm_admin
def user_update(request, realm_id, user_dn):
realm_obj = Realm.objects.get(id=realm_id)
LdapUser.base_dn = f'ou=people,{realm_obj.ldap_base_dn}'
ldap_user = LdapUser.objects.get(dn=user_dn)
if request.method == 'POST':
form = AddLDAPUserForm(request.POST)
if form.is_valid():
ldap_user.username = form.cleaned_data['username']
password = form.cleaned_data['password']
if password:
ldap_user.password = password
ldap_user.first_name = form.cleaned_data['first_name']
ldap_user.last_name = form.cleaned_data['last_name']
ldap_user.email = form.cleaned_data['email']
ldap_user.save()
return redirect('realm-user-detail', realm_id, user_dn)
else:
form_data = {'username': ldap_user.username, 'first_name': ldap_user.first_name,
'last_name': ldap_user.last_name, 'email': ldap_user.email}
form = AddLDAPUserForm(initial=form_data)
return render(request, 'user/user_detail.jinja2', {'form': form, 'realm': realm_obj})
@login_required
@is_realm_admin
def user_delete(request, realm_id, user_dn):
realm_obj = Realm.objects.get(id=realm_id)
LdapUser.base_dn = f'ou=people,{realm_obj.ldap_base_dn}'
LdapGroup.base_dn = f'ou=groups,{realm_obj.ldap_base_dn}'
ldap_user = LdapUser.objects.get(dn=user_dn)
user_groups = LdapGroup.objects.filter(members__contains=ldap_user.dn)
for group in user_groups:
group.members.remove(ldap_user.dn)
group.save()
ldap_user.delete()
return redirect('realm-user-list', realm_id)
@login_required
def group_detail(request, dn):
group = LdapGroup.objects.get(dn=dn)

2
templates/realm/realm_detailed.jinja2
View File

@ -19,4 +19,6 @@
{% block groups_content %}
<h2><a href="{{ url('realm-group-list', args=[realm.id]) }}">Gruppen</a></h2>
{% endblock %}
{% block extra_content %}
{% endblock %}
{% endblock %}

3
templates/realm/realm_user.jinja2
View File

@ -2,6 +2,7 @@
{% block user_content %}
<h2>Nutzer</h2>
{% for user in realm_user %}
<p>{{ user.username }} - <a href="{{ url('user', args=[user.dn]) }}">{{ user.dn }}</a></p>
<p>{{ user.username }} - <a href="{{ url('realm-user-detail', args=[realm.id, user.dn]) }}">{{ user.dn }}</a>
</p>
{% endfor %}
{% endblock %}

31
templates/user/user_detail.jinja2
View File

@ -1,12 +1,21 @@
{% extends 'base.jinja2' %}
{% block content %}
<a href="{{ url('user-list') }}">Nutzerübersicht</a>
<p>DN: {{ user.dn }}</p>
<p>Nutzername: {{ user.username }}</p>
<p>Vorname: {{ user.first_name }}</p>
<p>Nachname: {{ user.last_name }}</p>
<p>Email: {{ user.email }}</p>
<p>Passwort: {{ user.password }}</p>
<p>Telefon: {{ user.phone }}</p>
<p>Mobiltelefon: {{ user.mobile_phone }}</p>
{% extends 'realm/realm_detailed.jinja2' %}
{% block extra_content %}
{% if not form %}
<p>DN: {{ user.dn }}</p>
<p>Nutzername: {{ user.username }}</p>
<p>Vorname: {{ user.first_name }}</p>
<p>Nachname: {{ user.last_name }}</p>
<p>Email: {{ user.email }}</p>
<p>Passwort: {{ user.password }}</p>
<p>Telefon: {{ user.phone }}</p>
<p>Mobiltelefon: {{ user.mobile_phone }}</p>
<a href="{{ url('realm-user-update', args = [realm.id, user.dn]) }}">Update User</a>
<a href="{{ url('realm-user-delete', args = [realm.id, user.dn]) }}">Delete User</a>
{% else %}
<form method="post">
<input type="hidden" name="csrfmiddlewaretoken" value="{{ csrf_token }}">
{{ form.as_p()|safe }}
<button type="submit">Speichern</button>
</form>
{% endif %}
{% endblock %}