From 9409533f7c4c909cc0cc58e8a658f6cd4265f3d4 Mon Sep 17 00:00:00 2001 From: Ferdinand Thiessen Date: Sun, 15 Nov 2020 19:44:49 +0100 Subject: [PATCH] [Plugin] Users: Allow roles in data if not changed. --- flaschengeist/models/__init__.py | 4 ++++ flaschengeist/plugins/auth_ldap/__init__.py | 12 +++--------- flaschengeist/plugins/users/__init__.py | 10 ++++++++-- 3 files changed, 15 insertions(+), 11 deletions(-) diff --git a/flaschengeist/models/__init__.py b/flaschengeist/models/__init__.py index 4023099..14a36fb 100644 --- a/flaschengeist/models/__init__.py +++ b/flaschengeist/models/__init__.py @@ -38,6 +38,10 @@ class UtcDateTime(TypeDecorator): impl = DateTime(timezone=True) + @staticmethod + def current_utc(): + return datetime.datetime.now(tz=datetime.timezone.utc) + def process_bind_param(self, value, dialect): if value is not None: if not isinstance(value, datetime.datetime): diff --git a/flaschengeist/plugins/auth_ldap/__init__.py b/flaschengeist/plugins/auth_ldap/__init__.py index 42e795d..482630b 100644 --- a/flaschengeist/plugins/auth_ldap/__init__.py +++ b/flaschengeist/plugins/auth_ldap/__init__.py @@ -137,15 +137,11 @@ class AuthLDAP(AuthPlugin): ldap_roles = self._get_all_roles(ldap_conn) - gid_numbers = sorted( - ldap_roles, key=lambda i: i["attributes"]["gidNumber"], reverse=True - ) + gid_numbers = sorted(ldap_roles, key=lambda i: i["attributes"]["gidNumber"], reverse=True) gid_number = gid_numbers[0]["attributes"]["gidNumber"] + 1 for user_role in user.roles: - if user_role not in [ - role["attributes"]["cn"][0] for role in ldap_roles - ]: + if user_role not in [role["attributes"]["cn"][0] for role in ldap_roles]: ldap_conn.add( f"cn={user_role},ou=group,{self.dn}", ["posixGroup"], @@ -170,9 +166,7 @@ class AuthLDAP(AuthPlugin): raise InternalServerError try: ldap_conn = self.ldap.connect(self.admin_dn, self.admin_secret) - ldap_conn.search( - f"ou=group,{self.dn}", f"(cn={old_name})", SUBTREE, attributes=["cn"] - ) + ldap_conn.search(f"ou=group,{self.dn}", f"(cn={old_name})", SUBTREE, attributes=["cn"]) if len(ldap_conn.response) >= 0: dn = ldap_conn.response[0]["dn"] if new_name: diff --git a/flaschengeist/plugins/users/__init__.py b/flaschengeist/plugins/users/__init__.py index 0dfab0c..71595af 100644 --- a/flaschengeist/plugins/users/__init__.py +++ b/flaschengeist/plugins/users/__init__.py @@ -13,6 +13,7 @@ from flaschengeist.models.user import User from flaschengeist.plugins import Plugin from flaschengeist.decorator import login_required, extract_session from flaschengeist.controller import userController +from flaschengeist.utils.datetime import from_iso_format users_bp = Blueprint("users", __name__) _permission_edit = "users_edit_other" @@ -149,11 +150,16 @@ def edit_user(userid, current_session): for key in ["firstname", "lastname", "display_name", "mail"]: if key in data: setattr(user, key, data[key]) + if "birthday" in data: + user.birthday = from_iso_format(data["birthday"]) if "roles" in data: + roles = set(data["roles"]) if not author.has_permission(_permission_set_roles): - raise Forbidden - userController.set_roles(user, data["roles"]) + if len(roles) != len(user.roles) or set(user.roles) != roles: + raise Forbidden + else: + userController.set_roles(user, roles) userController.modify_user(user, password, new_password) userController.update_user(user)