[Plugin] Users: Allow roles in data if not changed.

This commit is contained in:
Ferdinand Thiessen 2020-11-15 19:44:49 +01:00
parent 602e1bc941
commit 9409533f7c
3 changed files with 15 additions and 11 deletions

View File

@ -38,6 +38,10 @@ class UtcDateTime(TypeDecorator):
impl = DateTime(timezone=True)
@staticmethod
def current_utc():
return datetime.datetime.now(tz=datetime.timezone.utc)
def process_bind_param(self, value, dialect):
if value is not None:
if not isinstance(value, datetime.datetime):

View File

@ -137,15 +137,11 @@ class AuthLDAP(AuthPlugin):
ldap_roles = self._get_all_roles(ldap_conn)
gid_numbers = sorted(
ldap_roles, key=lambda i: i["attributes"]["gidNumber"], reverse=True
)
gid_numbers = sorted(ldap_roles, key=lambda i: i["attributes"]["gidNumber"], reverse=True)
gid_number = gid_numbers[0]["attributes"]["gidNumber"] + 1
for user_role in user.roles:
if user_role not in [
role["attributes"]["cn"][0] for role in ldap_roles
]:
if user_role not in [role["attributes"]["cn"][0] for role in ldap_roles]:
ldap_conn.add(
f"cn={user_role},ou=group,{self.dn}",
["posixGroup"],
@ -170,9 +166,7 @@ class AuthLDAP(AuthPlugin):
raise InternalServerError
try:
ldap_conn = self.ldap.connect(self.admin_dn, self.admin_secret)
ldap_conn.search(
f"ou=group,{self.dn}", f"(cn={old_name})", SUBTREE, attributes=["cn"]
)
ldap_conn.search(f"ou=group,{self.dn}", f"(cn={old_name})", SUBTREE, attributes=["cn"])
if len(ldap_conn.response) >= 0:
dn = ldap_conn.response[0]["dn"]
if new_name:

View File

@ -13,6 +13,7 @@ from flaschengeist.models.user import User
from flaschengeist.plugins import Plugin
from flaschengeist.decorator import login_required, extract_session
from flaschengeist.controller import userController
from flaschengeist.utils.datetime import from_iso_format
users_bp = Blueprint("users", __name__)
_permission_edit = "users_edit_other"
@ -149,11 +150,16 @@ def edit_user(userid, current_session):
for key in ["firstname", "lastname", "display_name", "mail"]:
if key in data:
setattr(user, key, data[key])
if "birthday" in data:
user.birthday = from_iso_format(data["birthday"])
if "roles" in data:
roles = set(data["roles"])
if not author.has_permission(_permission_set_roles):
if len(roles) != len(user.roles) or set(user.roles) != roles:
raise Forbidden
userController.set_roles(user, data["roles"])
else:
userController.set_roles(user, roles)
userController.modify_user(user, password, new_password)
userController.update_user(user)