admin: disallow changing mifareidhash for protected users
parent
49bb6279de
commit
9e5c7a3fcb
|
@ -94,6 +94,9 @@ def _get_groups_of(conn, uid):
|
|||
|
||||
return groups
|
||||
|
||||
def _is_user_protected(conn, uid, groups):
|
||||
return any(group in config.ldap_protected_groups for group in groups)
|
||||
|
||||
@bp.route('/admin/users/<uid>')
|
||||
@admin_required
|
||||
def admin_user_view(uid):
|
||||
|
@ -102,8 +105,7 @@ def admin_user_view(uid):
|
|||
|
||||
profile = _get_profile(conn, uid)
|
||||
groups = _get_groups_of(conn, uid)
|
||||
|
||||
is_protected = any(group in config.ldap_protected_groups for group in groups)
|
||||
is_protected = _is_user_protected(conn, uid, groups)
|
||||
|
||||
return flask.render_template('admin/user.html', uid=uid, profile=_format_profile(profile), groups=groups, is_protected=is_protected)
|
||||
|
||||
|
@ -133,20 +135,28 @@ def admin_user_view_del_mifareidhash(uid):
|
|||
def admin_user_add_mifareidhash(uid):
|
||||
ldaputils.validate_name(uid)
|
||||
conn = context.get_connection()
|
||||
dn = ldaputils.user_dn(uid)
|
||||
|
||||
groups = _get_groups_of(conn, uid)
|
||||
is_protected = _is_user_protected(conn, uid, groups)
|
||||
|
||||
redirect_url = flask.url_for('admin.admin_user_view', uid=uid)
|
||||
|
||||
email.send_papertrail(
|
||||
f'Added mifareIDHash for user {uid}',
|
||||
f'New mifareIDHash: {flask.request.form["value"]}'
|
||||
)
|
||||
if is_protected:
|
||||
flask.flash('Cannot modify protected user', 'danger')
|
||||
return flask.redirect(redirect_url)
|
||||
|
||||
try:
|
||||
form = AddMifareIDHash()
|
||||
if form.validate_on_submit():
|
||||
new_value = form.value.data
|
||||
|
||||
email.send_papertrail(
|
||||
f'Adding mifareIDHash for user {uid}',
|
||||
f'New mifareIDHash: {new_value}'
|
||||
)
|
||||
|
||||
dn = ldaputils.user_dn(uid)
|
||||
conn.modify_s(dn, [(ldap.MOD_ADD, 'mifareidhash', new_value.encode('utf-8'))])
|
||||
|
||||
context.refresh_profile(dn)
|
||||
flask.flash('Added mifareidhash', category='info')
|
||||
return flask.redirect(redirect_url)
|
||||
|
@ -169,21 +179,28 @@ def admin_user_add_mifareidhash(uid):
|
|||
def admin_user_del_mifareidhash(uid):
|
||||
ldaputils.validate_name(uid)
|
||||
conn = context.get_connection()
|
||||
dn = ldaputils.user_dn(uid)
|
||||
|
||||
old_value = flask.request.args.get('value')
|
||||
groups = _get_groups_of(conn, uid)
|
||||
is_protected = _is_user_protected(conn, uid, groups)
|
||||
|
||||
redirect_url = flask.url_for('admin.admin_user_view', uid=uid)
|
||||
|
||||
email.send_papertrail(
|
||||
f'Deleted mifareIDHash for user {uid}',
|
||||
f'Deleted mifareIDHash: {old_value}'
|
||||
)
|
||||
if is_protected:
|
||||
flask.flash('Cannot modify protected user', 'danger')
|
||||
return flask.redirect(redirect_url)
|
||||
|
||||
try:
|
||||
form = DelForm()
|
||||
if form.validate_on_submit():
|
||||
old_value = flask.request.args.get('value')
|
||||
|
||||
email.send_papertrail(
|
||||
f'Deleting mifareIDHash for user {uid}',
|
||||
f'Deleted mifareIDHash: {old_value}'
|
||||
)
|
||||
|
||||
dn = ldaputils.user_dn(uid)
|
||||
conn.modify_s(dn, [(ldap.MOD_DELETE, 'mifareidhash', old_value.encode('utf-8'))])
|
||||
|
||||
context.refresh_profile(dn)
|
||||
flask.flash('Deleted mifareidhash', category='info')
|
||||
return flask.redirect(redirect_url)
|
||||
|
|
Loading…
Reference in New Issue