[Plugin] Users: Allow roles in data if not changed.

This commit is contained in:
Ferdinand Thiessen 2020-11-15 19:44:49 +01:00
parent 602e1bc941
commit 9409533f7c
3 changed files with 15 additions and 11 deletions

View File

@ -38,6 +38,10 @@ class UtcDateTime(TypeDecorator):
impl = DateTime(timezone=True) impl = DateTime(timezone=True)
@staticmethod
def current_utc():
return datetime.datetime.now(tz=datetime.timezone.utc)
def process_bind_param(self, value, dialect): def process_bind_param(self, value, dialect):
if value is not None: if value is not None:
if not isinstance(value, datetime.datetime): if not isinstance(value, datetime.datetime):

View File

@ -137,15 +137,11 @@ class AuthLDAP(AuthPlugin):
ldap_roles = self._get_all_roles(ldap_conn) ldap_roles = self._get_all_roles(ldap_conn)
gid_numbers = sorted( gid_numbers = sorted(ldap_roles, key=lambda i: i["attributes"]["gidNumber"], reverse=True)
ldap_roles, key=lambda i: i["attributes"]["gidNumber"], reverse=True
)
gid_number = gid_numbers[0]["attributes"]["gidNumber"] + 1 gid_number = gid_numbers[0]["attributes"]["gidNumber"] + 1
for user_role in user.roles: for user_role in user.roles:
if user_role not in [ if user_role not in [role["attributes"]["cn"][0] for role in ldap_roles]:
role["attributes"]["cn"][0] for role in ldap_roles
]:
ldap_conn.add( ldap_conn.add(
f"cn={user_role},ou=group,{self.dn}", f"cn={user_role},ou=group,{self.dn}",
["posixGroup"], ["posixGroup"],
@ -170,9 +166,7 @@ class AuthLDAP(AuthPlugin):
raise InternalServerError raise InternalServerError
try: try:
ldap_conn = self.ldap.connect(self.admin_dn, self.admin_secret) ldap_conn = self.ldap.connect(self.admin_dn, self.admin_secret)
ldap_conn.search( ldap_conn.search(f"ou=group,{self.dn}", f"(cn={old_name})", SUBTREE, attributes=["cn"])
f"ou=group,{self.dn}", f"(cn={old_name})", SUBTREE, attributes=["cn"]
)
if len(ldap_conn.response) >= 0: if len(ldap_conn.response) >= 0:
dn = ldap_conn.response[0]["dn"] dn = ldap_conn.response[0]["dn"]
if new_name: if new_name:

View File

@ -13,6 +13,7 @@ from flaschengeist.models.user import User
from flaschengeist.plugins import Plugin from flaschengeist.plugins import Plugin
from flaschengeist.decorator import login_required, extract_session from flaschengeist.decorator import login_required, extract_session
from flaschengeist.controller import userController from flaschengeist.controller import userController
from flaschengeist.utils.datetime import from_iso_format
users_bp = Blueprint("users", __name__) users_bp = Blueprint("users", __name__)
_permission_edit = "users_edit_other" _permission_edit = "users_edit_other"
@ -149,11 +150,16 @@ def edit_user(userid, current_session):
for key in ["firstname", "lastname", "display_name", "mail"]: for key in ["firstname", "lastname", "display_name", "mail"]:
if key in data: if key in data:
setattr(user, key, data[key]) setattr(user, key, data[key])
if "birthday" in data:
user.birthday = from_iso_format(data["birthday"])
if "roles" in data: if "roles" in data:
roles = set(data["roles"])
if not author.has_permission(_permission_set_roles): if not author.has_permission(_permission_set_roles):
raise Forbidden if len(roles) != len(user.roles) or set(user.roles) != roles:
userController.set_roles(user, data["roles"]) raise Forbidden
else:
userController.set_roles(user, roles)
userController.modify_user(user, password, new_password) userController.modify_user(user, password, new_password)
userController.update_user(user) userController.update_user(user)