From d23f12d0b82e73f8eb7ad2e3f5257d0acd50afef Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20G=C3=B6tz?= Date: Sun, 31 Mar 2019 14:05:34 +0200 Subject: [PATCH] Implement account update, delete views for user, Close #11 --- account_manager/main_views.py | 8 ++- account_manager/urls.py | 29 +++++--- account_manager/views/user_views.py | 71 +++++++++++++++---- templates/account_deleted.jinja2 | 5 ++ templates/base.jinja2 | 17 +++-- ...{user_add.jinja2 => realm_user_add.jinja2} | 0 templates/user/realm_user_detail.jinja2 | 21 ++++++ ...ser_list.jinja2 => realm_user_list.jinja2} | 0 templates/user/user_detail.jinja2 | 8 +-- 9 files changed, 124 insertions(+), 35 deletions(-) create mode 100644 templates/account_deleted.jinja2 rename templates/user/{user_add.jinja2 => realm_user_add.jinja2} (100%) create mode 100644 templates/user/realm_user_detail.jinja2 rename templates/user/{user_list.jinja2 => realm_user_list.jinja2} (100%) diff --git a/account_manager/main_views.py b/account_manager/main_views.py index 3513455..f51cfda 100644 --- a/account_manager/main_views.py +++ b/account_manager/main_views.py @@ -4,12 +4,11 @@ from .forms import RealmAddForm, RealmUpdateForm from account_helper.models import Realm from django.contrib.auth.models import Group, User from django.contrib.auth.decorators import login_required +import re def is_realm_admin(view_func): def decorator(request, *args, **kwargs): - print(args) - print(kwargs) realm_id = kwargs.get('realm_id', None) if realm_id and (request.user.is_superuser or len( Realm.objects.filter(id=realm_id).filter( @@ -27,7 +26,10 @@ def realm_list(request): if not user.is_superuser: realms = Realm.objects.filter(admin_group__user__username__contains=user.username) if len(realms) == 0: - return redirect('user-detail') + user = LdapUser.objects.get(username=user.username) + realm_base_dn = re.compile('(uid=[a-zA-Z_]*),(ou=[a-zA-Z_]*),(.*)').match(user.dn).group(3) + realm = Realm.objects.get(ldap_base_dn=realm_base_dn) + return redirect('realm-user-detail', realm.id, user.dn) elif len(realms) == 1: return redirect('realm-detail', realms[0].id) else: diff --git a/account_manager/urls.py b/account_manager/urls.py index a2e2cb8..3acb570 100644 --- a/account_manager/urls.py +++ b/account_manager/urls.py @@ -14,17 +14,30 @@ urlpatterns = [ # Realm User path('realm//users/', account_manager.views.user_views.realm_user, name='realm-user-list'), path('realm//users/add/', account_manager.views.user_views.user_add, name='realm-user-add'), - path('realm//user//', account_manager.views.user_views.user_detail, name='realm-user-detail'), - path('realm//user//update/', account_manager.views.user_views.user_update, name='realm-user-update'), - path('realm//user//delete/', account_manager.views.user_views.user_delete, name='realm-user-delete'), + path('realm//user//', account_manager.views.user_views.realm_user_detail, + name='realm-user-detail'), + path('realm//user//update/', account_manager.views.user_views.realm_user_update, + name='realm-user-update'), + path('realm//user//delete/', account_manager.views.user_views.realm_user_delete, + name='realm-user-delete'), # Realm Group path('realm//groups/', account_manager.views.group_views.realm_groups, name='realm-group-list'), path('realm//groups/add/', account_manager.views.group_views.group_add, name='realm-group-add'), - path('realm//group//', account_manager.views.group_views.group_detail, name='realm-group-detail'), - path('realm//group//update/', account_manager.views.group_views.group_update, name='realm-group-update'), - path('realm//group//delete/', account_manager.views.group_views.group_delete, name='realm-group-delete'), + path('realm//group//', account_manager.views.group_views.group_detail, + name='realm-group-detail'), + path('realm//group//update/', account_manager.views.group_views.group_update, + name='realm-group-update'), + path('realm//group//delete/', account_manager.views.group_views.group_delete, + name='realm-group-delete'), - # Permission Info - path('permission-denied', main_views.permission_denied, name='permission-denied') + # User + path('user//update/realm//', account_manager.views.user_views.user_update, + name='user-update'), + path('user//delete/realm//', account_manager.views.user_views.user_delete, + name='user-delete'), + + # Extra + path('permission-denied/', main_views.permission_denied, name='permission-denied'), + path('account/deleted//', account_manager.views.user_views.user_deleted, name='account-deleted'), ] diff --git a/account_manager/views/user_views.py b/account_manager/views/user_views.py index 9c786af..7e6340f 100644 --- a/account_manager/views/user_views.py +++ b/account_manager/views/user_views.py @@ -17,12 +17,16 @@ def realm_user(request, realm_id): @login_required -@is_realm_admin -def user_detail(request, realm_id, user_dn): +def realm_user_detail(request, realm_id, user_dn): realm = Realm.objects.get(id=realm_id) LdapUser.base_dn = realm.ldap_base_dn user = LdapUser.objects.get(dn=user_dn) - return render(request, 'user/user_detail.jinja2', {'user': user, 'realm': realm}) + if realm_id and (request.user.is_superuser or len( + Realm.objects.filter(id=realm_id).filter( + admin_group__user__username__contains=request.user.username)) > 0): + return render(request, 'user/realm_user_detail.jinja2', {'user': user, 'realm': realm}) + else: + return render(request, 'user/user_detail.jinja2', {'user': user, 'realm': realm}) @login_required @@ -49,15 +53,58 @@ def user_add(request, realm_id): # if a GET (or any other method) we'll create a blank form else: form = AddLDAPUserForm() - return render(request, 'user/user_add.jinja2', {'form': form, 'realm': realm_obj}) + return render(request, 'user/realm_user_add.jinja2', {'form': form, 'realm': realm_obj}) @login_required @is_realm_admin +def realm_user_update(request, realm_id, user_dn): + realm_obj = Realm.objects.get(id=realm_id) + LdapUser.base_dn = f'ou=people,{realm_obj.ldap_base_dn}' + ldap_user = LdapUser.objects.get(dn=user_dn) + return user_update_controller(ldap_user, realm_id, realm_obj, request, user_dn, 'realm-user-detail', + 'user/realm_user_detail.jinja2') + + +@login_required +@is_realm_admin +def realm_user_delete(request, realm_id, user_dn): + realm_obj = Realm.objects.get(id=realm_id) + LdapUser.base_dn = f'ou=people,{realm_obj.ldap_base_dn}' + LdapGroup.base_dn = f'ou=groups,{realm_obj.ldap_base_dn}' + ldap_user = LdapUser.objects.get(dn=user_dn) + return user_delete_controller(request, ldap_user, realm_id, 'realm-user-list') + + +@login_required def user_update(request, realm_id, user_dn): realm_obj = Realm.objects.get(id=realm_id) LdapUser.base_dn = f'ou=people,{realm_obj.ldap_base_dn}' ldap_user = LdapUser.objects.get(dn=user_dn) + if request.user.username == ldap_user.username: + return user_update_controller(ldap_user, realm_id, realm_obj, request, user_dn, 'realm-user-detail', + 'user/user_detail.jinja2') + else: + return redirect('permission-denied') + + +@login_required +def user_delete(request, realm_id, user_dn): + realm_obj = Realm.objects.get(id=realm_id) + LdapUser.base_dn = f'ou=people,{realm_obj.ldap_base_dn}' + LdapGroup.base_dn = f'ou=groups,{realm_obj.ldap_base_dn}' + ldap_user = LdapUser.objects.get(dn=user_dn) + if request.user.username == ldap_user.username: + return user_delete_controller(request, ldap_user, realm_id, 'account-deleted') + else: + return redirect('permission-denied') + + +def user_deleted(request, realm_id): + return render(request, 'account_deleted.jinja2', {'realm': Realm.objects.get(id=realm_id)}) + + +def user_update_controller(ldap_user, realm_id, realm_obj, request, user_dn, redirect_name, detail_page): if request.method == 'POST': form = AddLDAPUserForm(request.POST) if form.is_valid(): @@ -70,24 +117,20 @@ def user_update(request, realm_id, user_dn): ldap_user.email = form.cleaned_data['email'] ldap_user.save() - return redirect('realm-user-detail', realm_id, user_dn) + return redirect(redirect_name, realm_id, user_dn) else: form_data = {'username': ldap_user.username, 'first_name': ldap_user.first_name, 'last_name': ldap_user.last_name, 'email': ldap_user.email} form = AddLDAPUserForm(initial=form_data) - return render(request, 'user/user_detail.jinja2', {'form': form, 'realm': realm_obj}) + return render(request, detail_page, {'form': form, 'realm': realm_obj}) -@login_required -@is_realm_admin -def user_delete(request, realm_id, user_dn): - realm_obj = Realm.objects.get(id=realm_id) - LdapUser.base_dn = f'ou=people,{realm_obj.ldap_base_dn}' - LdapGroup.base_dn = f'ou=groups,{realm_obj.ldap_base_dn}' - ldap_user = LdapUser.objects.get(dn=user_dn) +def user_delete_controller(request, ldap_user, realm_id, redirect_name): + django_user = request.user user_groups = LdapGroup.objects.filter(members__contains=ldap_user.dn) for group in user_groups: group.members.remove(ldap_user.dn) group.save() ldap_user.delete() - return redirect('realm-user-list', realm_id) \ No newline at end of file + django_user.delete() + return redirect(redirect_name, realm_id) diff --git a/templates/account_deleted.jinja2 b/templates/account_deleted.jinja2 new file mode 100644 index 0000000..7e45f2a --- /dev/null +++ b/templates/account_deleted.jinja2 @@ -0,0 +1,5 @@ +{% extends 'base.jinja2' %} +{% block content %} +

Ihr Account im Bereich {{ realm.name }} und Ihre Gruppenzugehörigkeiten wurden erfolgreich gelöscht.

+ Zurück zur Realm Übersicht +{% endblock %} \ No newline at end of file diff --git a/templates/base.jinja2 b/templates/base.jinja2 index 3773f0e..909c8ba 100644 --- a/templates/base.jinja2 +++ b/templates/base.jinja2 @@ -10,7 +10,7 @@ Fachschaftszitate + href="{{ static('images/logo.png') }}"> {% block js_extra %}{% endblock %} @@ -31,13 +31,18 @@ {# ===== Body ===== #} -Login as {{ request.user.username }} +{% if request.user.is_authenticated %} + Login as {{ request.user.username }} + Logout +{% else %} + Login +{% endif %} {% block body %}
-
{% block bottom_nav %}{% endblock %}
-
- {% block content %}{% endblock %} -
+
{% block bottom_nav %}{% endblock %}
+
+ {% block content %}{% endblock %} +
{% endblock %} {% block js_tail %}{% endblock %} diff --git a/templates/user/user_add.jinja2 b/templates/user/realm_user_add.jinja2 similarity index 100% rename from templates/user/user_add.jinja2 rename to templates/user/realm_user_add.jinja2 diff --git a/templates/user/realm_user_detail.jinja2 b/templates/user/realm_user_detail.jinja2 new file mode 100644 index 0000000..69fa719 --- /dev/null +++ b/templates/user/realm_user_detail.jinja2 @@ -0,0 +1,21 @@ +{% extends 'realm/realm_detailed.jinja2' %} +{% block extra_content %} + {% if not form %} +

DN: {{ user.dn }}

+

Nutzername: {{ user.username }}

+

Vorname: {{ user.first_name }}

+

Nachname: {{ user.last_name }}

+

Email: {{ user.email }}

+

Passwort: {{ user.password }}

+

Telefon: {{ user.phone }}

+

Mobiltelefon: {{ user.mobile_phone }}

+ Update User + Delete User + {% else %} +
+ + {{ form.as_p()|safe }} + +
+ {% endif %} +{% endblock %} \ No newline at end of file diff --git a/templates/user/user_list.jinja2 b/templates/user/realm_user_list.jinja2 similarity index 100% rename from templates/user/user_list.jinja2 rename to templates/user/realm_user_list.jinja2 diff --git a/templates/user/user_detail.jinja2 b/templates/user/user_detail.jinja2 index 69fa719..fa9909a 100644 --- a/templates/user/user_detail.jinja2 +++ b/templates/user/user_detail.jinja2 @@ -1,5 +1,5 @@ -{% extends 'realm/realm_detailed.jinja2' %} -{% block extra_content %} +{% extends 'base.jinja2' %} +{% block content %} {% if not form %}

DN: {{ user.dn }}

Nutzername: {{ user.username }}

@@ -9,8 +9,8 @@

Passwort: {{ user.password }}

Telefon: {{ user.phone }}

Mobiltelefon: {{ user.mobile_phone }}

- Update User - Delete User + Update User + Delete User {% else %}