From 6ad8cd1728bcf09fe65d5aee035491b531affbac Mon Sep 17 00:00:00 2001 From: Ferdinand Thiessen Date: Thu, 25 Aug 2022 17:04:22 +0200 Subject: [PATCH] [cli] Users and roles can be now managed using the cli Signed-off-by: Ferdinand Thiessen --- flaschengeist/controller/userController.py | 4 +- flaschengeist/plugins/users/cli.py | 57 +++++++++++++++++----- setup.cfg | 3 +- 3 files changed, 48 insertions(+), 16 deletions(-) diff --git a/flaschengeist/controller/userController.py b/flaschengeist/controller/userController.py index 520ec31..65567ed 100644 --- a/flaschengeist/controller/userController.py +++ b/flaschengeist/controller/userController.py @@ -237,9 +237,9 @@ def register(data, passwd=None): provider.create_user(user, password) db.session.add(user) db.session.commit() - except IndexError: + except IndexError as e: logger.error("No authentication backend, allowing registering new users, found.") - raise BadRequest + raise e except exc.IntegrityError: raise BadRequest("userid already in use") diff --git a/flaschengeist/plugins/users/cli.py b/flaschengeist/plugins/users/cli.py index 4c9dab2..b5f6469 100644 --- a/flaschengeist/plugins/users/cli.py +++ b/flaschengeist/plugins/users/cli.py @@ -1,6 +1,8 @@ import click from flask.cli import with_appcontext -from werkzeug.exceptions import BadRequest, Conflict, NotFound +from werkzeug.exceptions import NotFound + +from flaschengeist.database import db from flaschengeist.controller import roleController, userController @@ -28,23 +30,52 @@ def user(ctx, param, value): @click.command() -@click.option("--add-role", help="Add new role", type=str) -@click.option("--set-admin", help="Make a role an admin role, adding all permissions", type=str) -@click.option("--add-user", help="Add new user interactivly", callback=user, is_flag=True, expose_value=False) +@click.option("--create", help="Add new role", is_flag=True) +@click.option("--delete", help="Delete role", is_flag=True) +@click.option("--set-admin", is_flag=True, help="Make a role an admin role, adding all permissions", type=str) +@click.argument("role", nargs=-1, required=True, type=str) +def role(create, delete, set_admin, role): + """Manage roles""" + ctx = click.get_current_context() + + if (create and delete) or (set_admin and delete): + ctx.fail("Do not mix --delete with --create or --set-admin") + + for role_name in role: + if create: + r = roleController.create_role(role_name) + else: + r = roleController.get(role_name) + if delete: + roleController.delete(r) + if set_admin: + r.permissions = roleController.get_permissions() + db.session.commit() + + +@click.command() +@click.option("--add-role", help="Add a role to an user", type=str) +@click.option("--create", help="Create new user interactivly", callback=user, is_flag=True, expose_value=False) +@click.option("--delete", help="Delete a user", is_flag=True) +@click.argument("user", nargs=-1, type=str) @with_appcontext -def users(add_role, set_admin): +def user(add_role, delete, user): + """Manage users""" from flaschengeist.database import db ctx = click.get_current_context() try: - if add_role: - roleController.create_role(add_role) - if set_admin: - role = roleController.get(set_admin) - role.permissions = roleController.get_permissions() - db.session.commit() if USER_KEY in ctx.meta: userController.register(ctx.meta[USER_KEY], ctx.meta[USER_KEY]["password"]) - except (BadRequest, NotFound) as e: - ctx.fail(e.description) + else: + for uid in user: + user = userController.get_user(uid) + if delete: + userController.delete_user(user) + elif add_role: + role = roleController.get(add_role) + user.roles_.append(role) + db.session.commit() + except NotFound: + ctx.fail(f"User not found {uid}") diff --git a/setup.cfg b/setup.cfg index 4c1c786..dcd1766 100644 --- a/setup.cfg +++ b/setup.cfg @@ -47,7 +47,8 @@ console_scripts = flaschengeist = flaschengeist.cli:main flask.commands = ldap = flaschengeist.plugins.auth_ldap.cli:ldap - users = flaschengeist.plugins.users.cli:users + user = flaschengeist.plugins.users.cli:user + role = flaschengeist.plugins.users.cli:role flaschengeist.plugins = # Authentication providers auth_plain = flaschengeist.plugins.auth_plain:AuthPlain