Implement account update, delete views for user, Close #11

account_manager/main_views.py

@@ -4,12 +4,11 @@ from .forms import RealmAddForm, RealmUpdateForm
 from account_helper.models import Realm
 from django.contrib.auth.models import Group, User
 from django.contrib.auth.decorators import login_required
+import re
 
 
 def is_realm_admin(view_func):
     def decorator(request, *args, **kwargs):
-        print(args)
-        print(kwargs)
         realm_id = kwargs.get('realm_id', None)
         if realm_id and (request.user.is_superuser or len(
                 Realm.objects.filter(id=realm_id).filter(
@@ -27,7 +26,10 @@ def realm_list(request):
     if not user.is_superuser:
         realms = Realm.objects.filter(admin_group__user__username__contains=user.username)
         if len(realms) == 0:
-            return redirect('user-detail')
+            user = LdapUser.objects.get(username=user.username)
+            realm_base_dn = re.compile('(uid=[a-zA-Z_]*),(ou=[a-zA-Z_]*),(.*)').match(user.dn).group(3)
+            realm = Realm.objects.get(ldap_base_dn=realm_base_dn)
+            return redirect('realm-user-detail', realm.id, user.dn)
         elif len(realms) == 1:
             return redirect('realm-detail', realms[0].id)
         else:

account_manager/urls.py

@@ -14,17 +14,30 @@ urlpatterns = [
     # Realm User
     path('realm/<int:realm_id>/users/', account_manager.views.user_views.realm_user, name='realm-user-list'),
     path('realm/<int:realm_id>/users/add/', account_manager.views.user_views.user_add, name='realm-user-add'),
-    path('realm/<int:realm_id>/user/<str:user_dn>/', account_manager.views.user_views.user_detail, name='realm-user-detail'),
-    path('realm/<int:realm_id>/user/<str:user_dn>/update/', account_manager.views.user_views.user_update, name='realm-user-update'),
-    path('realm/<int:realm_id>/user/<str:user_dn>/delete/', account_manager.views.user_views.user_delete, name='realm-user-delete'),
+    path('realm/<int:realm_id>/user/<str:user_dn>/', account_manager.views.user_views.realm_user_detail,
+         name='realm-user-detail'),
+    path('realm/<int:realm_id>/user/<str:user_dn>/update/', account_manager.views.user_views.realm_user_update,
+         name='realm-user-update'),
+    path('realm/<int:realm_id>/user/<str:user_dn>/delete/', account_manager.views.user_views.realm_user_delete,
+         name='realm-user-delete'),
 
     # Realm Group
     path('realm/<int:realm_id>/groups/', account_manager.views.group_views.realm_groups, name='realm-group-list'),
     path('realm/<int:realm_id>/groups/add/', account_manager.views.group_views.group_add, name='realm-group-add'),
-    path('realm/<int:realm_id>/group/<str:group_dn>/', account_manager.views.group_views.group_detail, name='realm-group-detail'),
-    path('realm/<int:realm_id>/group/<str:group_dn>/update/', account_manager.views.group_views.group_update, name='realm-group-update'),
-    path('realm/<int:realm_id>/group/<str:group_dn>/delete/', account_manager.views.group_views.group_delete, name='realm-group-delete'),
+    path('realm/<int:realm_id>/group/<str:group_dn>/', account_manager.views.group_views.group_detail,
+         name='realm-group-detail'),
+    path('realm/<int:realm_id>/group/<str:group_dn>/update/', account_manager.views.group_views.group_update,
+         name='realm-group-update'),
+    path('realm/<int:realm_id>/group/<str:group_dn>/delete/', account_manager.views.group_views.group_delete,
+         name='realm-group-delete'),
 
-    # Permission Info
-    path('permission-denied', main_views.permission_denied, name='permission-denied')
+    # User
+    path('user/<str:user_dn>/update/realm/<int:realm_id>/', account_manager.views.user_views.user_update,
+         name='user-update'),
+    path('user/<str:user_dn>/delete/realm/<int:realm_id>/', account_manager.views.user_views.user_delete,
+         name='user-delete'),
+
+    # Extra
+    path('permission-denied/', main_views.permission_denied, name='permission-denied'),
+    path('account/deleted/<int:realm_id>/', account_manager.views.user_views.user_deleted, name='account-deleted'),
 ]

account_manager/views/user_views.py

@@ -17,12 +17,16 @@ def realm_user(request, realm_id):
 
 
 @login_required
-@is_realm_admin
-def user_detail(request, realm_id, user_dn):
+def realm_user_detail(request, realm_id, user_dn):
     realm = Realm.objects.get(id=realm_id)
     LdapUser.base_dn = realm.ldap_base_dn
     user = LdapUser.objects.get(dn=user_dn)
-    return render(request, 'user/user_detail.jinja2', {'user': user, 'realm': realm})
+    if realm_id and (request.user.is_superuser or len(
+            Realm.objects.filter(id=realm_id).filter(
+                admin_group__user__username__contains=request.user.username)) > 0):
+        return render(request, 'user/realm_user_detail.jinja2', {'user': user, 'realm': realm})
+    else:
+        return render(request, 'user/user_detail.jinja2', {'user': user, 'realm': realm})
 
 
 @login_required
@@ -49,15 +53,58 @@ def user_add(request, realm_id):
     # if a GET (or any other method) we'll create a blank form
     else:
         form = AddLDAPUserForm()
-    return render(request, 'user/user_add.jinja2', {'form': form, 'realm': realm_obj})
+    return render(request, 'user/realm_user_add.jinja2', {'form': form, 'realm': realm_obj})
 
 
 @login_required
 @is_realm_admin
+def realm_user_update(request, realm_id, user_dn):
+    realm_obj = Realm.objects.get(id=realm_id)
+    LdapUser.base_dn = f'ou=people,{realm_obj.ldap_base_dn}'
+    ldap_user = LdapUser.objects.get(dn=user_dn)
+    return user_update_controller(ldap_user, realm_id, realm_obj, request, user_dn, 'realm-user-detail',
+                                  'user/realm_user_detail.jinja2')
+
+
+@login_required
+@is_realm_admin
+def realm_user_delete(request, realm_id, user_dn):
+    realm_obj = Realm.objects.get(id=realm_id)
+    LdapUser.base_dn = f'ou=people,{realm_obj.ldap_base_dn}'
+    LdapGroup.base_dn = f'ou=groups,{realm_obj.ldap_base_dn}'
+    ldap_user = LdapUser.objects.get(dn=user_dn)
+    return user_delete_controller(request, ldap_user, realm_id, 'realm-user-list')
+
+
+@login_required
 def user_update(request, realm_id, user_dn):
     realm_obj = Realm.objects.get(id=realm_id)
     LdapUser.base_dn = f'ou=people,{realm_obj.ldap_base_dn}'
     ldap_user = LdapUser.objects.get(dn=user_dn)
+    if request.user.username == ldap_user.username:
+        return user_update_controller(ldap_user, realm_id, realm_obj, request, user_dn, 'realm-user-detail',
+                                      'user/user_detail.jinja2')
+    else:
+        return redirect('permission-denied')
+
+
+@login_required
+def user_delete(request, realm_id, user_dn):
+    realm_obj = Realm.objects.get(id=realm_id)
+    LdapUser.base_dn = f'ou=people,{realm_obj.ldap_base_dn}'
+    LdapGroup.base_dn = f'ou=groups,{realm_obj.ldap_base_dn}'
+    ldap_user = LdapUser.objects.get(dn=user_dn)
+    if request.user.username == ldap_user.username:
+        return user_delete_controller(request, ldap_user, realm_id, 'account-deleted')
+    else:
+        return redirect('permission-denied')
+
+
+def user_deleted(request, realm_id):
+    return render(request, 'account_deleted.jinja2', {'realm': Realm.objects.get(id=realm_id)})
+
+
+def user_update_controller(ldap_user, realm_id, realm_obj, request, user_dn, redirect_name, detail_page):
     if request.method == 'POST':
         form = AddLDAPUserForm(request.POST)
         if form.is_valid():
@@ -70,24 +117,20 @@ def user_update(request, realm_id, user_dn):
             ldap_user.email = form.cleaned_data['email']
             ldap_user.save()
 
-            return redirect('realm-user-detail', realm_id, user_dn)
+            return redirect(redirect_name, realm_id, user_dn)
     else:
         form_data = {'username': ldap_user.username, 'first_name': ldap_user.first_name,
                      'last_name': ldap_user.last_name, 'email': ldap_user.email}
         form = AddLDAPUserForm(initial=form_data)
-    return render(request, 'user/user_detail.jinja2', {'form': form, 'realm': realm_obj})
+    return render(request, detail_page, {'form': form, 'realm': realm_obj})
 
 
-@login_required
-@is_realm_admin
-def user_delete(request, realm_id, user_dn):
-    realm_obj = Realm.objects.get(id=realm_id)
-    LdapUser.base_dn = f'ou=people,{realm_obj.ldap_base_dn}'
-    LdapGroup.base_dn = f'ou=groups,{realm_obj.ldap_base_dn}'
-    ldap_user = LdapUser.objects.get(dn=user_dn)
+def user_delete_controller(request, ldap_user, realm_id, redirect_name):
+    django_user = request.user
     user_groups = LdapGroup.objects.filter(members__contains=ldap_user.dn)
     for group in user_groups:
         group.members.remove(ldap_user.dn)
         group.save()
     ldap_user.delete()
-    return redirect('realm-user-list', realm_id)
+    django_user.delete()
+    return redirect(redirect_name, realm_id)

templates/account_deleted.jinja2

@@ -0,0 +1,5 @@
+{% extends 'base.jinja2' %}
+{% block content %}
+    <p>Ihr Account im Bereich {{ realm.name }} und Ihre Gruppenzugehörigkeiten wurden erfolgreich gelöscht.</p>
+    <a href="{{ url('realm-home') }}">Zurück zur Realm Übersicht</a>
+{% endblock %}

templates/base.jinja2

@@ -10,7 +10,7 @@
     <title>Fachschaftszitate</title>
     <link rel="icon"
           type="image/png"
-          href="{{ static('images/logo.png')  }}">
+          href="{{ static('images/logo.png') }}">
     <meta name="author" content="Michael Götz"/>
     {% block js_extra %}{% endblock %}
     <!-- Bootstrap CSS -->
@@ -31,13 +31,18 @@
 
 {# ===== Body ===== #}
 <body class="bg-dark">
-Login as {{ request.user.username }}
+{% if request.user.is_authenticated %}
+    Login as {{ request.user.username }}
+    <a href="{{ url('logout') }}">Logout</a>
+{% else %}
+    <a href="{{ url('login') }}">Login</a>
+{% endif %}
 {% block body %}
     <div class="container-fluid">
-        <div class="row">{% block bottom_nav %}{% endblock %}</div>
-        <div class="row bg-dark text-white">
-            {% block content %}{% endblock %}
-        </div>
+    <div class="row">{% block bottom_nav %}{% endblock %}</div>
+    <div class="row bg-dark text-white">
+        {% block content %}{% endblock %}
+    </div>
 {% endblock %}
 <script src="{{ static('js/form.js') }}"></script>
 {% block js_tail %}{% endblock %}

templates/user/realm_user_detail.jinja2

@@ -0,0 +1,21 @@
+{% extends 'realm/realm_detailed.jinja2' %}
+{% block extra_content %}
+    {% if not form %}
+        <p>DN: {{ user.dn }}</p>
+        <p>Nutzername: {{ user.username }}</p>
+        <p>Vorname: {{ user.first_name }}</p>
+        <p>Nachname: {{ user.last_name }}</p>
+        <p>Email: {{ user.email }}</p>
+        <p>Passwort: {{ user.password }}</p>
+        <p>Telefon: {{ user.phone }}</p>
+        <p>Mobiltelefon: {{ user.mobile_phone }}</p>
+        <a href="{{ url('realm-user-update', args = [realm.id, user.dn]) }}">Update User</a>
+        <a href="{{ url('realm-user-delete', args = [realm.id, user.dn]) }}">Delete User</a>
+    {% else %}
+        <form method="post">
+            <input type="hidden" name="csrfmiddlewaretoken" value="{{ csrf_token }}">
+            {{ form.as_p()|safe }}
+            <button type="submit">Speichern</button>
+        </form>
+    {% endif %}
+{% endblock %}

templates/user/user_detail.jinja2

@@ -1,5 +1,5 @@
-{% extends 'realm/realm_detailed.jinja2' %}
-{% block extra_content %}
+{% extends 'base.jinja2' %}
+{% block content %}
     {% if not form %}
         <p>DN: {{ user.dn }}</p>
         <p>Nutzername: {{ user.username }}</p>
@@ -9,8 +9,8 @@
         <p>Passwort: {{ user.password }}</p>
         <p>Telefon: {{ user.phone }}</p>
         <p>Mobiltelefon: {{ user.mobile_phone }}</p>
-        <a href="{{ url('realm-user-update', args = [realm.id, user.dn]) }}">Update User</a>
-        <a href="{{ url('realm-user-delete', args = [realm.id, user.dn]) }}">Delete User</a>
+        <a href="{{ url('user-update', args = [user.dn, realm.id]) }}">Update User</a>
+        <a href="{{ url('user-delete', args = [user.dn, realm.id]) }}">Delete User</a>
     {% else %}
         <form method="post">
             <input type="hidden" name="csrfmiddlewaretoken" value="{{ csrf_token }}">