[Plugin] Users: Allow roles in data if not changed.
This commit is contained in:
parent
602e1bc941
commit
9409533f7c
|
@ -38,6 +38,10 @@ class UtcDateTime(TypeDecorator):
|
|||
|
||||
impl = DateTime(timezone=True)
|
||||
|
||||
@staticmethod
|
||||
def current_utc():
|
||||
return datetime.datetime.now(tz=datetime.timezone.utc)
|
||||
|
||||
def process_bind_param(self, value, dialect):
|
||||
if value is not None:
|
||||
if not isinstance(value, datetime.datetime):
|
||||
|
|
|
@ -137,15 +137,11 @@ class AuthLDAP(AuthPlugin):
|
|||
|
||||
ldap_roles = self._get_all_roles(ldap_conn)
|
||||
|
||||
gid_numbers = sorted(
|
||||
ldap_roles, key=lambda i: i["attributes"]["gidNumber"], reverse=True
|
||||
)
|
||||
gid_numbers = sorted(ldap_roles, key=lambda i: i["attributes"]["gidNumber"], reverse=True)
|
||||
gid_number = gid_numbers[0]["attributes"]["gidNumber"] + 1
|
||||
|
||||
for user_role in user.roles:
|
||||
if user_role not in [
|
||||
role["attributes"]["cn"][0] for role in ldap_roles
|
||||
]:
|
||||
if user_role not in [role["attributes"]["cn"][0] for role in ldap_roles]:
|
||||
ldap_conn.add(
|
||||
f"cn={user_role},ou=group,{self.dn}",
|
||||
["posixGroup"],
|
||||
|
@ -170,9 +166,7 @@ class AuthLDAP(AuthPlugin):
|
|||
raise InternalServerError
|
||||
try:
|
||||
ldap_conn = self.ldap.connect(self.admin_dn, self.admin_secret)
|
||||
ldap_conn.search(
|
||||
f"ou=group,{self.dn}", f"(cn={old_name})", SUBTREE, attributes=["cn"]
|
||||
)
|
||||
ldap_conn.search(f"ou=group,{self.dn}", f"(cn={old_name})", SUBTREE, attributes=["cn"])
|
||||
if len(ldap_conn.response) >= 0:
|
||||
dn = ldap_conn.response[0]["dn"]
|
||||
if new_name:
|
||||
|
|
|
@ -13,6 +13,7 @@ from flaschengeist.models.user import User
|
|||
from flaschengeist.plugins import Plugin
|
||||
from flaschengeist.decorator import login_required, extract_session
|
||||
from flaschengeist.controller import userController
|
||||
from flaschengeist.utils.datetime import from_iso_format
|
||||
|
||||
users_bp = Blueprint("users", __name__)
|
||||
_permission_edit = "users_edit_other"
|
||||
|
@ -149,11 +150,16 @@ def edit_user(userid, current_session):
|
|||
for key in ["firstname", "lastname", "display_name", "mail"]:
|
||||
if key in data:
|
||||
setattr(user, key, data[key])
|
||||
if "birthday" in data:
|
||||
user.birthday = from_iso_format(data["birthday"])
|
||||
|
||||
if "roles" in data:
|
||||
roles = set(data["roles"])
|
||||
if not author.has_permission(_permission_set_roles):
|
||||
if len(roles) != len(user.roles) or set(user.roles) != roles:
|
||||
raise Forbidden
|
||||
userController.set_roles(user, data["roles"])
|
||||
else:
|
||||
userController.set_roles(user, roles)
|
||||
|
||||
userController.modify_user(user, password, new_password)
|
||||
userController.update_user(user)
|
||||
|
|
Loading…
Reference in New Issue