[cli] Users and roles can be now managed using the cli
Signed-off-by: Ferdinand Thiessen <rpm@fthiessen.de>
This commit is contained in:
parent
e2254b71b0
commit
6ad8cd1728
|
@ -237,9 +237,9 @@ def register(data, passwd=None):
|
||||||
provider.create_user(user, password)
|
provider.create_user(user, password)
|
||||||
db.session.add(user)
|
db.session.add(user)
|
||||||
db.session.commit()
|
db.session.commit()
|
||||||
except IndexError:
|
except IndexError as e:
|
||||||
logger.error("No authentication backend, allowing registering new users, found.")
|
logger.error("No authentication backend, allowing registering new users, found.")
|
||||||
raise BadRequest
|
raise e
|
||||||
except exc.IntegrityError:
|
except exc.IntegrityError:
|
||||||
raise BadRequest("userid already in use")
|
raise BadRequest("userid already in use")
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,8 @@
|
||||||
import click
|
import click
|
||||||
from flask.cli import with_appcontext
|
from flask.cli import with_appcontext
|
||||||
from werkzeug.exceptions import BadRequest, Conflict, NotFound
|
from werkzeug.exceptions import NotFound
|
||||||
|
|
||||||
|
from flaschengeist.database import db
|
||||||
from flaschengeist.controller import roleController, userController
|
from flaschengeist.controller import roleController, userController
|
||||||
|
|
||||||
|
|
||||||
|
@ -28,23 +30,52 @@ def user(ctx, param, value):
|
||||||
|
|
||||||
|
|
||||||
@click.command()
|
@click.command()
|
||||||
@click.option("--add-role", help="Add new role", type=str)
|
@click.option("--create", help="Add new role", is_flag=True)
|
||||||
@click.option("--set-admin", help="Make a role an admin role, adding all permissions", type=str)
|
@click.option("--delete", help="Delete role", is_flag=True)
|
||||||
@click.option("--add-user", help="Add new user interactivly", callback=user, is_flag=True, expose_value=False)
|
@click.option("--set-admin", is_flag=True, help="Make a role an admin role, adding all permissions", type=str)
|
||||||
|
@click.argument("role", nargs=-1, required=True, type=str)
|
||||||
|
def role(create, delete, set_admin, role):
|
||||||
|
"""Manage roles"""
|
||||||
|
ctx = click.get_current_context()
|
||||||
|
|
||||||
|
if (create and delete) or (set_admin and delete):
|
||||||
|
ctx.fail("Do not mix --delete with --create or --set-admin")
|
||||||
|
|
||||||
|
for role_name in role:
|
||||||
|
if create:
|
||||||
|
r = roleController.create_role(role_name)
|
||||||
|
else:
|
||||||
|
r = roleController.get(role_name)
|
||||||
|
if delete:
|
||||||
|
roleController.delete(r)
|
||||||
|
if set_admin:
|
||||||
|
r.permissions = roleController.get_permissions()
|
||||||
|
db.session.commit()
|
||||||
|
|
||||||
|
|
||||||
|
@click.command()
|
||||||
|
@click.option("--add-role", help="Add a role to an user", type=str)
|
||||||
|
@click.option("--create", help="Create new user interactivly", callback=user, is_flag=True, expose_value=False)
|
||||||
|
@click.option("--delete", help="Delete a user", is_flag=True)
|
||||||
|
@click.argument("user", nargs=-1, type=str)
|
||||||
@with_appcontext
|
@with_appcontext
|
||||||
def users(add_role, set_admin):
|
def user(add_role, delete, user):
|
||||||
|
"""Manage users"""
|
||||||
from flaschengeist.database import db
|
from flaschengeist.database import db
|
||||||
|
|
||||||
ctx = click.get_current_context()
|
ctx = click.get_current_context()
|
||||||
|
|
||||||
try:
|
try:
|
||||||
if add_role:
|
|
||||||
roleController.create_role(add_role)
|
|
||||||
if set_admin:
|
|
||||||
role = roleController.get(set_admin)
|
|
||||||
role.permissions = roleController.get_permissions()
|
|
||||||
db.session.commit()
|
|
||||||
if USER_KEY in ctx.meta:
|
if USER_KEY in ctx.meta:
|
||||||
userController.register(ctx.meta[USER_KEY], ctx.meta[USER_KEY]["password"])
|
userController.register(ctx.meta[USER_KEY], ctx.meta[USER_KEY]["password"])
|
||||||
except (BadRequest, NotFound) as e:
|
else:
|
||||||
ctx.fail(e.description)
|
for uid in user:
|
||||||
|
user = userController.get_user(uid)
|
||||||
|
if delete:
|
||||||
|
userController.delete_user(user)
|
||||||
|
elif add_role:
|
||||||
|
role = roleController.get(add_role)
|
||||||
|
user.roles_.append(role)
|
||||||
|
db.session.commit()
|
||||||
|
except NotFound:
|
||||||
|
ctx.fail(f"User not found {uid}")
|
||||||
|
|
|
@ -47,7 +47,8 @@ console_scripts =
|
||||||
flaschengeist = flaschengeist.cli:main
|
flaschengeist = flaschengeist.cli:main
|
||||||
flask.commands =
|
flask.commands =
|
||||||
ldap = flaschengeist.plugins.auth_ldap.cli:ldap
|
ldap = flaschengeist.plugins.auth_ldap.cli:ldap
|
||||||
users = flaschengeist.plugins.users.cli:users
|
user = flaschengeist.plugins.users.cli:user
|
||||||
|
role = flaschengeist.plugins.users.cli:role
|
||||||
flaschengeist.plugins =
|
flaschengeist.plugins =
|
||||||
# Authentication providers
|
# Authentication providers
|
||||||
auth_plain = flaschengeist.plugins.auth_plain:AuthPlain
|
auth_plain = flaschengeist.plugins.auth_plain:AuthPlain
|
||||||
|
|
Loading…
Reference in New Issue