[Plugin] Users: Allow roles in data if not changed.

2020-11-15 19:44:49 +01:00 · 2020-11-15 19:44:49 +01:00 · 9409533f7c
parent 602e1bc941
commit 9409533f7c
3 changed files with 15 additions and 11 deletions
--- a/flaschengeist/models/init.py
+++ b/flaschengeist/models/init.py
@ -38,6 +38,10 @@ class UtcDateTime(TypeDecorator):

    impl = DateTime(timezone=True)

+    @staticmethod
+    def current_utc():
+        return datetime.datetime.now(tz=datetime.timezone.utc)
+
    def process_bind_param(self, value, dialect):
        if value is not None:
            if not isinstance(value, datetime.datetime):
--- a/flaschengeist/plugins/auth_ldap/init.py
+++ b/flaschengeist/plugins/auth_ldap/init.py
@ -137,15 +137,11 @@ class AuthLDAP(AuthPlugin):

            ldap_roles = self._get_all_roles(ldap_conn)

-            gid_numbers = sorted(
-                ldap_roles, key=lambda i: i["attributes"]["gidNumber"], reverse=True
-            )
+            gid_numbers = sorted(ldap_roles, key=lambda i: i["attributes"]["gidNumber"], reverse=True)
            gid_number = gid_numbers[0]["attributes"]["gidNumber"] + 1

            for user_role in user.roles:
-                if user_role not in [
-                    role["attributes"]["cn"][0] for role in ldap_roles
-                ]:
+                if user_role not in [role["attributes"]["cn"][0] for role in ldap_roles]:
                    ldap_conn.add(
                        f"cn={user_role},ou=group,{self.dn}",
                        ["posixGroup"],
@ -170,9 +166,7 @@ class AuthLDAP(AuthPlugin):
            raise InternalServerError
        try:
            ldap_conn = self.ldap.connect(self.admin_dn, self.admin_secret)
-            ldap_conn.search(
-                f"ou=group,{self.dn}", f"(cn={old_name})", SUBTREE, attributes=["cn"]
-            )
+            ldap_conn.search(f"ou=group,{self.dn}", f"(cn={old_name})", SUBTREE, attributes=["cn"])
            if len(ldap_conn.response) >= 0:
                dn = ldap_conn.response[0]["dn"]
                if new_name:
--- a/flaschengeist/plugins/users/init.py
+++ b/flaschengeist/plugins/users/init.py
@ -13,6 +13,7 @@ from flaschengeist.models.user import User
 from flaschengeist.plugins import Plugin
 from flaschengeist.decorator import login_required, extract_session
 from flaschengeist.controller import userController
+from flaschengeist.utils.datetime import from_iso_format

 users_bp = Blueprint("users", __name__)
 _permission_edit = "users_edit_other"
@ -149,11 +150,16 @@ def edit_user(userid, current_session):
    for key in ["firstname", "lastname", "display_name", "mail"]:
        if key in data:
            setattr(user, key, data[key])
+    if "birthday" in data:
+        user.birthday = from_iso_format(data["birthday"])

    if "roles" in data:
+        roles = set(data["roles"])
        if not author.has_permission(_permission_set_roles):
-            raise Forbidden
-        userController.set_roles(user, data["roles"])
+            if len(roles) != len(user.roles) or set(user.roles) != roles:
+                raise Forbidden
+        else:
+            userController.set_roles(user, roles)

    userController.modify_user(user, password, new_password)
    userController.update_user(user)