From 6ad8cd1728bcf09fe65d5aee035491b531affbac Mon Sep 17 00:00:00 2001
From: Ferdinand Thiessen <rpm@fthiessen.de>
Date: Thu, 25 Aug 2022 17:04:22 +0200
Subject: [PATCH] [cli] Users and roles can be now managed using the cli

Signed-off-by: Ferdinand Thiessen <rpm@fthiessen.de>
---
 flaschengeist/controller/userController.py |  4 +-
 flaschengeist/plugins/users/cli.py         | 57 +++++++++++++++++-----
 setup.cfg                                  |  3 +-
 3 files changed, 48 insertions(+), 16 deletions(-)

diff --git a/flaschengeist/controller/userController.py b/flaschengeist/controller/userController.py
index 520ec31..65567ed 100644
--- a/flaschengeist/controller/userController.py
+++ b/flaschengeist/controller/userController.py
@@ -237,9 +237,9 @@ def register(data, passwd=None):
         provider.create_user(user, password)
         db.session.add(user)
         db.session.commit()
-    except IndexError:
+    except IndexError as e:
         logger.error("No authentication backend, allowing registering new users, found.")
-        raise BadRequest
+        raise e
     except exc.IntegrityError:
         raise BadRequest("userid already in use")
 
diff --git a/flaschengeist/plugins/users/cli.py b/flaschengeist/plugins/users/cli.py
index 4c9dab2..b5f6469 100644
--- a/flaschengeist/plugins/users/cli.py
+++ b/flaschengeist/plugins/users/cli.py
@@ -1,6 +1,8 @@
 import click
 from flask.cli import with_appcontext
-from werkzeug.exceptions import BadRequest, Conflict, NotFound
+from werkzeug.exceptions import NotFound
+
+from flaschengeist.database import db
 from flaschengeist.controller import roleController, userController
 
 
@@ -28,23 +30,52 @@ def user(ctx, param, value):
 
 
 @click.command()
-@click.option("--add-role", help="Add new role", type=str)
-@click.option("--set-admin", help="Make a role an admin role, adding all permissions", type=str)
-@click.option("--add-user", help="Add new user interactivly", callback=user, is_flag=True, expose_value=False)
+@click.option("--create", help="Add new role", is_flag=True)
+@click.option("--delete", help="Delete role", is_flag=True)
+@click.option("--set-admin", is_flag=True, help="Make a role an admin role, adding all permissions", type=str)
+@click.argument("role", nargs=-1, required=True, type=str)
+def role(create, delete, set_admin, role):
+    """Manage roles"""
+    ctx = click.get_current_context()
+
+    if (create and delete) or (set_admin and delete):
+        ctx.fail("Do not mix --delete with --create or --set-admin")
+
+    for role_name in role:
+        if create:
+            r = roleController.create_role(role_name)
+        else:
+            r = roleController.get(role_name)
+        if delete:
+            roleController.delete(r)
+        if set_admin:
+            r.permissions = roleController.get_permissions()
+            db.session.commit()
+
+
+@click.command()
+@click.option("--add-role", help="Add a role to an user", type=str)
+@click.option("--create", help="Create new user interactivly", callback=user, is_flag=True, expose_value=False)
+@click.option("--delete", help="Delete a user", is_flag=True)
+@click.argument("user", nargs=-1, type=str)
 @with_appcontext
-def users(add_role, set_admin):
+def user(add_role, delete, user):
+    """Manage users"""
     from flaschengeist.database import db
 
     ctx = click.get_current_context()
 
     try:
-        if add_role:
-            roleController.create_role(add_role)
-        if set_admin:
-            role = roleController.get(set_admin)
-            role.permissions = roleController.get_permissions()
-            db.session.commit()
         if USER_KEY in ctx.meta:
             userController.register(ctx.meta[USER_KEY], ctx.meta[USER_KEY]["password"])
-    except (BadRequest, NotFound) as e:
-        ctx.fail(e.description)
+        else:
+            for uid in user:
+                user = userController.get_user(uid)
+                if delete:
+                    userController.delete_user(user)
+                elif add_role:
+                    role = roleController.get(add_role)
+                    user.roles_.append(role)
+                    db.session.commit()
+    except NotFound:
+        ctx.fail(f"User not found {uid}")
diff --git a/setup.cfg b/setup.cfg
index 4c1c786..dcd1766 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -47,7 +47,8 @@ console_scripts =
     flaschengeist = flaschengeist.cli:main
 flask.commands =
     ldap = flaschengeist.plugins.auth_ldap.cli:ldap
-    users = flaschengeist.plugins.users.cli:users
+    user = flaschengeist.plugins.users.cli:user
+    role = flaschengeist.plugins.users.cli:role
 flaschengeist.plugins =
     # Authentication providers
     auth_plain = flaschengeist.plugins.auth_plain:AuthPlain