From cefacbb7a0ae1a0c4713f7138254668b3443e7e9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20G=C3=B6tz?=
 <michael-guenther.goetz@stud.uni-bamberg.de>
Date: Fri, 29 Mar 2019 18:01:46 +0100
Subject: [PATCH] Implement realm user update, deletion, Close #13, Close #9

---
 account_manager/forms.py              |  5 +-
 account_manager/urls.py               | 16 ++---
 account_manager/views.py              | 86 +++++++++++++++++++--------
 templates/realm/realm_detailed.jinja2 |  2 +
 templates/realm/realm_user.jinja2     |  3 +-
 templates/user/user_detail.jinja2     | 31 ++++++----
 6 files changed, 95 insertions(+), 48 deletions(-)

diff --git a/account_manager/forms.py b/account_manager/forms.py
index 3cb2c3f..8de90da 100644
--- a/account_manager/forms.py
+++ b/account_manager/forms.py
@@ -1,6 +1,4 @@
 from django import forms
-from django.contrib.auth.models import User, Group
-from account_helper.models import LdapUserRDN, LdapGroupRDN
 from .models import LdapUser, LdapGroup
 
 
@@ -8,7 +6,8 @@ class AddLDAPUserForm(forms.Form):
     username = forms.CharField(label='Nutzername', max_length=400)
     first_name = forms.CharField(label='Vorname', max_length=400)
     last_name = forms.CharField(label='Nachname', max_length=400)
-    password = forms.CharField(widget=forms.PasswordInput)
+    password = forms.CharField(label='Passwort', widget=forms.PasswordInput, required=False)
+    email = forms.EmailField(label='E-Mail', required=False)
 
 
 class AddLDAPGroupForm(forms.Form):
diff --git a/account_manager/urls.py b/account_manager/urls.py
index b7cc8a4..2165304 100644
--- a/account_manager/urls.py
+++ b/account_manager/urls.py
@@ -4,21 +4,23 @@ from . import views
 urlpatterns = [
     # Realm
     path('realm/', views.realm_home, name='realm-home'),
-    path('realm/<int:id>/', views.realm_detail, name='realm-detail'),
-    path('realm/<int:id>/users/', views.realm_user, name='realm-user-list'),
-    path('realm/<int:id>/groups/', views.realm_groups, name='realm-group-list'),
-    path('realm/<int:id>/update/', views.realm_update, name='realm-update'),
+    path('realm/<int:realm_id>/', views.realm_detail, name='realm-detail'),
+    path('realm/<int:realm_id>/update/', views.realm_update, name='realm-update'),
     path('realm/<int:realm_id>/delete/', views.realm_delete, name='realm-delete'),
 
     # Realm User
-    path('realm/<int:realm_id>/user/', views.user_add, name='realm-user-detail'),
-    path('realm/<int:realm_id>/user/add/', views.user_add, name='realm-user-add'),
-    path('realm/<int:realm_id>/user/<int:user_dn>/delete/', views.user_add, name='realm-user-delete'),
+    path('realm/<int:realm_id>/users/', views.realm_user, name='realm-user-list'),
+    path('realm/<int:realm_id>/users/add/', views.user_add, name='realm-user-add'),
+    path('realm/<int:realm_id>/user/<str:user_dn>/', views.user_detail, name='realm-user-detail'),
+    path('realm/<int:realm_id>/user/<str:user_dn>/update/', views.user_update, name='realm-user-update'),
+    path('realm/<int:realm_id>/user/<str:user_dn>/delete/', views.user_delete, name='realm-user-delete'),
 
     # Realm Group
+    path('realm/<int:realm_id>/groups/', views.realm_groups, name='realm-group-list'),
     path('realm/<int:realm_id>/group/', views.user_add, name='realm-group-detail'),
     path('realm/<int:realm_id>/group/add/', views.group_add, name='realm-group-add'),
     path('realm/<int:realm_id>/user/<int:group_dn>/delete/', views.user_add, name='realm-group-delete'),
 
+    # Permission Info
     path('permission-denied', views.permission_denied, name='permission-denied')
 ]
diff --git a/account_manager/views.py b/account_manager/views.py
index e7e521a..e8450b6 100644
--- a/account_manager/views.py
+++ b/account_manager/views.py
@@ -10,7 +10,7 @@ def is_realm_admin(view_func):
     def decorator(request, *args, **kwargs):
         print(args)
         print(kwargs)
-        realm_id = kwargs.get('id', None)
+        realm_id = kwargs.get('realm_id', None)
         if realm_id and (request.user.is_superuser or len(
                 Realm.objects.filter(id=realm_id).filter(
                     admin_group__user__username__contains=request.user.username)) > 0):
@@ -71,16 +71,16 @@ def realm_delete(request, realm_id):
 
 @login_required
 @is_realm_admin
-def realm_detail(request, id):
-    realm_obj = Realm.objects.get(id=id)
+def realm_detail(request, realm_id):
+    realm_obj = Realm.objects.get(id=realm_id)
     return render(request, 'realm/realm_detailed.jinja2', {'realm': realm_obj})
 
 
 @login_required
 @is_realm_admin
-def realm_update(request, id):
+def realm_update(request, realm_id):
     if request.user.is_superuser:
-        realm_obj = Realm.objects.get(id=id)
+        realm_obj = Realm.objects.get(id=realm_id)
         data = {'id': realm_obj.id, 'ldap_base_dn': realm_obj.ldap_base_dn, 'name': realm_obj.name,
                 'email': realm_obj.email,
                 'admin_group': realm_obj.admin_group}
@@ -99,14 +99,14 @@ def realm_update(request, id):
             form = RealmUpdateForm(initial=data)
         return render(request, 'realm/realm_update.jinja2', {'realm': realm_obj, 'form': form})
     else:
-        realm_obj = Realm.objects.get(id=id)
+        realm_obj = Realm.objects.get(id=realm_id)
         return render(request, 'realm/realm_update.jinja2', {'realm': realm_obj})
 
 
 @login_required
 @is_realm_admin
-def realm_user(request, id):
-    realm_obj = Realm.objects.get(id=id)
+def realm_user(request, realm_id):
+    realm_obj = Realm.objects.get(id=realm_id)
     LdapUser.base_dn = realm_obj.ldap_base_dn
     realm_users = LdapUser.objects.all()
     return render(request, 'realm/realm_user.jinja2', {'realm': realm_obj, 'realm_user': realm_users})
@@ -114,32 +114,24 @@ def realm_user(request, id):
 
 @login_required
 @is_realm_admin
-def realm_groups(request, id):
-    realm_obj = Realm.objects.get(id=id)
+def realm_groups(request, realm_id):
+    realm_obj = Realm.objects.get(id=realm_id)
     LdapGroup.base_dn = realm_obj.ldap_base_dn
     realm_groups_obj = LdapGroup.objects.all()
     return render(request, 'realm/realm_groups.jinja2', {'realm': realm_obj, 'realm_groups': realm_groups_obj})
 
 
 @login_required
-def userlist(request):
-    LdapUser.base_dn = LdapUser.ROOT_DN
-    LdapGroup.base_dn = LdapGroup.ROOT_DN
-    user = LdapUser.objects.all()
-    groups = LdapGroup.objects.all()
-    context = {'users': user, 'groups': groups}
-
-    return render(request, 'user/user_list.jinja2', context)
-
-
-@login_required
-def user_detail(request, dn):
-    user = LdapUser.objects.get(dn=dn)
-    context = {'user': user, }
-    return render(request, 'user/user_detail.jinja2', context)
+@is_realm_admin
+def user_detail(request, realm_id, user_dn):
+    realm = Realm.objects.get(id=realm_id)
+    LdapUser.base_dn = realm.ldap_base_dn
+    user = LdapUser.objects.get(dn=user_dn)
+    return render(request, 'user/user_detail.jinja2', {'user': user, 'realm': realm})
 
 
 @login_required
+@is_realm_admin
 def user_add(request, realm_id):
     realm_obj = Realm.objects.get(id=realm_id)
     # if this is a POST request we need to process the form data
@@ -152,10 +144,11 @@ def user_add(request, realm_id):
             password = form.cleaned_data['password']
             first_name = form.cleaned_data['first_name']
             last_name = form.cleaned_data['last_name']
+            email = form.cleaned_data['email']
             LdapUser.base_dn = f'ou=people,{realm_obj.ldap_base_dn}'
             LdapUser.objects.create(username=username,
                                     password=password, first_name=first_name,
-                                    last_name=last_name, )
+                                    last_name=last_name, email=email)
             return redirect('realm-user-list', realm_id)
 
     # if a GET (or any other method) we'll create a blank form
@@ -164,6 +157,47 @@ def user_add(request, realm_id):
     return render(request, 'user/user_add.jinja2', {'form': form, 'realm': realm_obj})
 
 
+@login_required
+@is_realm_admin
+def user_update(request, realm_id, user_dn):
+    realm_obj = Realm.objects.get(id=realm_id)
+    LdapUser.base_dn = f'ou=people,{realm_obj.ldap_base_dn}'
+    ldap_user = LdapUser.objects.get(dn=user_dn)
+    if request.method == 'POST':
+        form = AddLDAPUserForm(request.POST)
+        if form.is_valid():
+            ldap_user.username = form.cleaned_data['username']
+            password = form.cleaned_data['password']
+            if password:
+                ldap_user.password = password
+            ldap_user.first_name = form.cleaned_data['first_name']
+            ldap_user.last_name = form.cleaned_data['last_name']
+            ldap_user.email = form.cleaned_data['email']
+            ldap_user.save()
+
+            return redirect('realm-user-detail', realm_id, user_dn)
+    else:
+        form_data = {'username': ldap_user.username, 'first_name': ldap_user.first_name,
+                     'last_name': ldap_user.last_name, 'email': ldap_user.email}
+        form = AddLDAPUserForm(initial=form_data)
+    return render(request, 'user/user_detail.jinja2', {'form': form, 'realm': realm_obj})
+
+
+@login_required
+@is_realm_admin
+def user_delete(request, realm_id, user_dn):
+    realm_obj = Realm.objects.get(id=realm_id)
+    LdapUser.base_dn = f'ou=people,{realm_obj.ldap_base_dn}'
+    LdapGroup.base_dn = f'ou=groups,{realm_obj.ldap_base_dn}'
+    ldap_user = LdapUser.objects.get(dn=user_dn)
+    user_groups = LdapGroup.objects.filter(members__contains=ldap_user.dn)
+    for group in user_groups:
+        group.members.remove(ldap_user.dn)
+        group.save()
+    ldap_user.delete()
+    return redirect('realm-user-list', realm_id)
+
+
 @login_required
 def group_detail(request, dn):
     group = LdapGroup.objects.get(dn=dn)
diff --git a/templates/realm/realm_detailed.jinja2 b/templates/realm/realm_detailed.jinja2
index e44d073..77dd252 100644
--- a/templates/realm/realm_detailed.jinja2
+++ b/templates/realm/realm_detailed.jinja2
@@ -19,4 +19,6 @@
     {% block groups_content %}
         <h2><a href="{{ url('realm-group-list', args=[realm.id]) }}">Gruppen</a></h2>
     {% endblock %}
+    {% block extra_content %}
+    {% endblock %}
 {% endblock %}
diff --git a/templates/realm/realm_user.jinja2 b/templates/realm/realm_user.jinja2
index f8d0111..53ac85e 100644
--- a/templates/realm/realm_user.jinja2
+++ b/templates/realm/realm_user.jinja2
@@ -2,6 +2,7 @@
 {% block user_content %}
     <h2>Nutzer</h2>
     {% for user in realm_user %}
-        <p>{{ user.username }} - <a href="{{ url('user', args=[user.dn]) }}">{{ user.dn }}</a></p>
+        <p>{{ user.username }} - <a href="{{ url('realm-user-detail', args=[realm.id, user.dn]) }}">{{ user.dn }}</a>
+        </p>
     {% endfor %}
 {% endblock %}
\ No newline at end of file
diff --git a/templates/user/user_detail.jinja2 b/templates/user/user_detail.jinja2
index bd25317..69fa719 100644
--- a/templates/user/user_detail.jinja2
+++ b/templates/user/user_detail.jinja2
@@ -1,12 +1,21 @@
-{% extends 'base.jinja2' %}
-{% block content %}
-    <a href="{{ url('user-list') }}">Nutzerübersicht</a>
-    <p>DN: {{ user.dn }}</p>
-    <p>Nutzername: {{ user.username }}</p>
-    <p>Vorname: {{ user.first_name }}</p>
-    <p>Nachname: {{ user.last_name }}</p>
-    <p>Email: {{ user.email }}</p>
-    <p>Passwort: {{ user.password }}</p>
-    <p>Telefon: {{ user.phone }}</p>
-    <p>Mobiltelefon: {{ user.mobile_phone }}</p>
+{% extends 'realm/realm_detailed.jinja2' %}
+{% block extra_content %}
+    {% if not form %}
+        <p>DN: {{ user.dn }}</p>
+        <p>Nutzername: {{ user.username }}</p>
+        <p>Vorname: {{ user.first_name }}</p>
+        <p>Nachname: {{ user.last_name }}</p>
+        <p>Email: {{ user.email }}</p>
+        <p>Passwort: {{ user.password }}</p>
+        <p>Telefon: {{ user.phone }}</p>
+        <p>Mobiltelefon: {{ user.mobile_phone }}</p>
+        <a href="{{ url('realm-user-update', args = [realm.id, user.dn]) }}">Update User</a>
+        <a href="{{ url('realm-user-delete', args = [realm.id, user.dn]) }}">Delete User</a>
+    {% else %}
+        <form method="post">
+            <input type="hidden" name="csrfmiddlewaretoken" value="{{ csrf_token }}">
+            {{ form.as_p()|safe }}
+            <button type="submit">Speichern</button>
+        </form>
+    {% endif %}
 {% endblock %}
\ No newline at end of file