From dd4554b95e13b6b24ff2cd1b0ca596cc8c2483cb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20G=C3=B6tz?= Date: Fri, 29 Mar 2019 02:28:51 +0100 Subject: [PATCH] Implement realm update --- account_helper/admin.py | 4 ++ account_manager/forms.py | 24 +++++++----- .../management/commands/import_ldap_user.py | 1 - account_manager/urls.py | 4 +- account_manager/views.py | 36 +++++++++-------- core/settings.py | 39 +++++++------------ templates/realm/realm_detailed.jinja | 14 ++++++- templates/realm/realm_update.jinja | 0 8 files changed, 68 insertions(+), 54 deletions(-) create mode 100644 templates/realm/realm_update.jinja diff --git a/account_helper/admin.py b/account_helper/admin.py index 8c38f3f..12de889 100644 --- a/account_helper/admin.py +++ b/account_helper/admin.py @@ -1,3 +1,7 @@ from django.contrib import admin +from .models import Realm, LdapGroupRDN, LdapUserRDN # Register your models here. +admin.site.register(Realm) +admin.site.register(LdapGroupRDN) +admin.site.register(LdapUserRDN) diff --git a/account_manager/forms.py b/account_manager/forms.py index a551f78..9da2168 100644 --- a/account_manager/forms.py +++ b/account_manager/forms.py @@ -6,9 +6,9 @@ from .models import LdapUser, LdapGroup class AddLDAPUserForm(forms.Form): rdn = forms.ModelChoiceField(queryset=LdapUserRDN.objects.all()) - username = forms.CharField(label='username', max_length=400) - first_name = forms.CharField(label='first_name', max_length=400) - last_name = forms.CharField(label='last_name', max_length=400) + username = forms.CharField(label='Nutzername', max_length=400) + first_name = forms.CharField(label='Vorname', max_length=400) + last_name = forms.CharField(label='Nachname', max_length=400) password = forms.CharField(widget=forms.PasswordInput) @@ -19,12 +19,18 @@ class AddLDAPGroupForm(forms.Form): class RealmAddForm(forms.Form): - name = forms.CharField(label='name', max_length=200) - ldap_rdn_org = forms.CharField(label='ldap_rdn_org', max_length=200) + name = forms.CharField(label='Bereichsname', max_length=200) + ldap_rdn_org = forms.CharField(label='LDAP OU Pfad', + help_text='Angabe des Pfads zur Organisation, die die Ordnungseinheiten people und groups enthält. Ohne Routdn. Besipiel: "ou=people, ou=fs_wiai, ou=fachschaften, dc=stuve, dc=de" => ou=fs_wiai, ou=fachschaften, dc=stuve', + max_length=200) class RealmUpdateForm(forms.Form): - ldap_rdn_org = forms.CharField(label='ldap_rdn_org', max_length=200) - name = forms.CharField(label='name', max_length=200) - email = forms.EmailField() - admin_group = forms.ModelChoiceField(widget=forms.CheckboxSelectMultiple, queryset=LdapGroup.objects.all()) + ldap_rdn_org = forms.CharField(label='LDAP OU Pfad', + help_text='Angabe des Pfads zur Organisation, die die Ordnungseinheiten people und groups enthält. Ohne Routdn. Besipiel: "ou=people, ou=fs_wiai, ou=fachschaften, dc=stuve, dc=de" => ou=fs_wiai, ou=fachschaften, dc=stuve', + max_length=200) + name = forms.CharField(label='Bereichsname', max_length=200) + email = forms.EmailField(label='E-Mail', required=False) + admin_group = forms.ModelChoiceField(label='Admin Grouppe', + help_text="Die Mitglieder dieser Gruppe darf den Bereich administieren", + queryset=LdapGroup.objects.all()) diff --git a/account_manager/management/commands/import_ldap_user.py b/account_manager/management/commands/import_ldap_user.py index 1113a59..351852b 100644 --- a/account_manager/management/commands/import_ldap_user.py +++ b/account_manager/management/commands/import_ldap_user.py @@ -17,7 +17,6 @@ class Command(BaseCommand): ldap_dn = ldap_config[1].split(',') ldap_dn.pop(0) ldap_dn = ",".join(ldap_dn) - print(ldap_dn) results = ldap_server.search_s(ldap_dn, ldap.SCOPE_SUBTREE, "(objectClass=inetOrgPerson)") diff --git a/account_manager/urls.py b/account_manager/urls.py index 3766b30..293509a 100644 --- a/account_manager/urls.py +++ b/account_manager/urls.py @@ -7,7 +7,7 @@ urlpatterns = [ path('user/list/', views.userlist, name='user-list'), path('user/get//', views.user_detail, name='user'), - path('user/add/', views.adduser, name='user-add'), - path('group/add/', views.addgroup, name='group-add'), + path('user/add/', views.user_add, name='user-add'), + path('group/add/', views.group_add, name='group-add'), path('group/get//', views.group_detail, name='group'), ] diff --git a/account_manager/views.py b/account_manager/views.py index 4964490..3855e28 100644 --- a/account_manager/views.py +++ b/account_manager/views.py @@ -2,6 +2,7 @@ from django.shortcuts import render, redirect from .models import LdapGroup, LdapUser from .forms import AddLDAPUserForm, AddLDAPGroupForm, RealmAddForm, RealmUpdateForm from account_helper.models import Realm +from django.contrib.auth.models import User, Group # @login_required @@ -37,14 +38,17 @@ def realm_detail(request, id): if request.method == 'POST': form = RealmUpdateForm(request.POST) if form.is_valid(): - name = form.cleaned_data['name'] - ldap_rdn_org = form.cleaned_data['ldap_rdn_org'] - realm_obj = Realm.objects.create(name=name, ldap_rdn_org=ldap_rdn_org) + realm_obj.name = form.cleaned_data['name'] + realm_obj.ldap_rdn_org = form.cleaned_data['ldap_rdn_org'] + realm_obj.email = form.cleaned_data['email'] + + admin_ldap_group = form.cleaned_data['admin_group'] + realm_obj.admin_group, _ = Group.objects.get_or_create(name=admin_ldap_group.name) realm_obj.save() return redirect('realm-detail', realm_obj.id) else: form = RealmUpdateForm(initial=data) - return render(request, 'realm/realm_detailed.jinja', {'realm': realm_obj, 'form': form}) + return render(request, 'realm/realm_detailed.jinja', {'realm': realm_obj, 'form': form}) else: realm_obj = Realm.objects.get(id=id) return render(request, 'realm/realm_detailed.jinja', {'realm': realm_obj}) @@ -55,22 +59,16 @@ def userlist(request): groups = LdapGroup.objects.all() context = {'users': user, 'groups': groups} - return render(request, 'user_list.jinja', context) + return render(request, 'user/user_list.jinja', context) def user_detail(request, dn): user = LdapUser.objects.get(dn=dn) context = {'user': user, } - return render(request, 'user_detail.jinja', context) + return render(request, 'user/user_detail.jinja', context) -def group_detail(request, dn): - group = LdapGroup.objects.get(dn=dn) - context = {'group': group, } - return render(request, 'group_detail.jinja', context) - - -def adduser(request): +def user_add(request): # if this is a POST request we need to process the form data if request.method == 'POST': # create a form instance and populate it with data from the request: @@ -91,10 +89,16 @@ def adduser(request): else: form = AddLDAPUserForm() - return render(request, 'user_add.jinja', {'form': form}) + return render(request, 'user/user_add.jinja', {'form': form}) -def addgroup(request): +def group_detail(request, dn): + group = LdapGroup.objects.get(dn=dn) + context = {'group': group, } + return render(request, 'user/group_detail.jinja', context) + + +def group_add(request): # if this is a POST request we need to process the form data if request.method == 'POST': # create a form instance and populate it with data from the request: @@ -112,4 +116,4 @@ def addgroup(request): else: form = AddLDAPGroupForm() - return render(request, 'group_add.jinja', {'form': form}) + return render(request, 'group/group_add.jinja', {'form': form}) diff --git a/core/settings.py b/core/settings.py index 9487796..19c4126 100644 --- a/core/settings.py +++ b/core/settings.py @@ -148,34 +148,23 @@ AUTHENTICATION_BACKENDS = [ AUTH_LDAP_1_SERVER_URI = "ldap://localhost:1389" AUTH_LDAP_1_USER_DN_TEMPLATE = "uid=%(user)s,ou=people,ou=fs_wiai,ou=fachschaften,dc=stuve,dc=de" -AUTH_LDAP_1_GROUP_SEARCH = LDAPSearch("ou=groups,ou=fs_wiai,ou=fachschaften,dc=stuve,dc=de", - ldap.SCOPE_SUBTREE, "(objectClass=groupOfNames)" - ) -AUTH_LDAP_1_GROUP_TYPE = GroupOfNamesType() +AUTH_LDAP_1_GROUP_SEARCH = LDAPSearch("dc=stuve,dc=de", + ldap.SCOPE_SUBTREE, "(objectClass=groupOfNames)" + ) +AUTH_LDAP_1_GROUP_TYPE = GroupOfNamesType(name_attr='cn') +AUTH_LDAP_1_MIRROR_GROUPS = True AUTH_LDAP_2_SERVER_URI = "ldap://localhost:1389" AUTH_LDAP_2_USER_DN_TEMPLATE = "uid=%(user)s,ou=people,ou=fs_sowi,ou=fachschaften,dc=stuve,dc=de" -AUTH_LDAP_2_GROUP_SEARCH = LDAPSearch("ou=groups,ou=fs_sowi,ou=fachschaften,dc=stuve,dc=de", - ldap.SCOPE_SUBTREE, "(objectClass=groupOfNames)" - ) -AUTH_LDAP_2_GROUP_TYPE = GroupOfNamesType() +AUTH_LDAP_2_GROUP_SEARCH = LDAPSearch("dc=stuve,dc=de", + ldap.SCOPE_SUBTREE, "(objectClass=groupOfNames)" + ) +AUTH_LDAP_2_GROUP_TYPE = GroupOfNamesType(name_attr='cn') +AUTH_LDAP_2_MIRROR_GROUPS = True -AUTH_LDAP_PROFILE_ATTR_MAP = { - "uid": "uid", - "cn": "cn", - "sn": "sn", - "givenName": "givenName", - "userPassword": "userPassword", - "shadowLastChange": "shadowLastChange", - "shadowMax": "shadowMax", - "shadowWarning": "shadowWarning", - "loginShell": "loginShell", - "uidNumber": "uidNumber", - "gidNumber": "gidNumber", - "homeDirectory": "homeDirectory", - "gecos": "gecos", - "mail": "mail", - "l": "l", - "telephoneNumber": "telephoneNumber", +AUTH_LDAP_USER_ATTR_MAP = { + 'first_name': 'cn', + 'last_name': 'sn', + 'email': 'mail', } AUTH_PROFILE_MODULE = 'account_manager.UserProfile' diff --git a/templates/realm/realm_detailed.jinja b/templates/realm/realm_detailed.jinja index d6c80ac..654419e 100644 --- a/templates/realm/realm_detailed.jinja +++ b/templates/realm/realm_detailed.jinja @@ -1,11 +1,23 @@ {% extends 'base.jinja' %} {% block content %} Nutzer anlegen | Gruppe anlegen +

Bereich {{ realm.name }}

+

Bereich Info

+

LDAP OU: {{ realm.ldap_rdn_org }}

+

Email: {{ realm.email }}

+

Admin Gruppe: {{ realm.admin_group }}

-

Neuen Bereich anlegen

+

Bereichsinformationen anpassen

{{ form.as_p()|safe }}
+ +

Nutzer

+ {% block user_content %} + {% endblock %} +

Gruppen

+ {% block gruppen_content %} + {% endblock %} {% endblock %} diff --git a/templates/realm/realm_update.jinja b/templates/realm/realm_update.jinja new file mode 100644 index 0000000..e69de29