tweaks based on q3k's feedback
parent
def69fb5d3
commit
b4e185ff31
|
@ -110,7 +110,7 @@ def login_action():
|
||||||
if k == 'uid':
|
if k == 'uid':
|
||||||
username = vs[0].decode()
|
username = vs[0].decode()
|
||||||
|
|
||||||
# Check if user is an admin
|
# Check if user belongs to admin group
|
||||||
is_admin = bool(conn.search_s(dn, ldap.SCOPE_SUBTREE, f'memberOf={config.ldapweb_admin_group}'))
|
is_admin = bool(conn.search_s(dn, ldap.SCOPE_SUBTREE, f'memberOf={config.ldapweb_admin_group}'))
|
||||||
|
|
||||||
flask.session["username"] = username
|
flask.session["username"] = username
|
||||||
|
@ -203,12 +203,12 @@ def del_attr(uid):
|
||||||
def mod_attr(uid):
|
def mod_attr(uid):
|
||||||
return attr_op('mod', None, uid)
|
return attr_op('mod', None, uid)
|
||||||
|
|
||||||
def ldap_not_in(patterns):
|
def _ldap_not_in(patterns):
|
||||||
joined_patterns = ''.join(f'({p})' for p in patterns)
|
joined_patterns = ''.join(f'({p})' for p in patterns)
|
||||||
one_of_pattern = f'(|{joined_patterns})'
|
one_of_pattern = f'(|{joined_patterns})'
|
||||||
return f'!{one_of_pattern}'
|
return f'!{one_of_pattern}'
|
||||||
|
|
||||||
def ldap_get_users_list(conn, query='&'):
|
def _ldap_get_users_list(conn, query='&'):
|
||||||
all_users = []
|
all_users = []
|
||||||
results = conn.search_s(config.ldap_people, ldap.SCOPE_SUBTREE, f'(&(uid=*)(cn=*)({query}))', attrlist=['uid', 'cn'])
|
results = conn.search_s(config.ldap_people, ldap.SCOPE_SUBTREE, f'(&(uid=*)(cn=*)({query}))', attrlist=['uid', 'cn'])
|
||||||
for user, attrs in results:
|
for user, attrs in results:
|
||||||
|
@ -219,20 +219,20 @@ def ldap_get_users_list(conn, query='&'):
|
||||||
all_users.sort(key=lambda user: user[0].lower())
|
all_users.sort(key=lambda user: user[0].lower())
|
||||||
return all_users
|
return all_users
|
||||||
|
|
||||||
def ldap_get_all_users_groupped(conn):
|
def _ldap_get_all_users_groupped(conn):
|
||||||
group_queries = [
|
group_queries = [
|
||||||
(group_name, f'memberOf={pattern}')
|
(group_name, f'memberOf={pattern}')
|
||||||
for group_name, pattern in config.admin_groups.items()
|
for group_name, pattern in config.admin_groups.items()
|
||||||
]
|
]
|
||||||
|
|
||||||
groupped_users = [
|
groupped_users = [
|
||||||
(group_name, ldap_get_users_list(conn, query))
|
(group_name, _ldap_get_users_list(conn, query))
|
||||||
for group_name, query in group_queries
|
for group_name, query in group_queries
|
||||||
]
|
]
|
||||||
|
|
||||||
other_users_query = ldap_not_in(query for _, query in group_queries)
|
other_users_query = _ldap_not_in(query for _, query in group_queries)
|
||||||
groupped_users.append(
|
groupped_users.append(
|
||||||
('Other', ldap_get_users_list(conn, other_users_query))
|
('Other', _ldap_get_users_list(conn, other_users_query))
|
||||||
)
|
)
|
||||||
|
|
||||||
return groupped_users
|
return groupped_users
|
||||||
|
@ -244,12 +244,13 @@ def admin_list():
|
||||||
flask.abort(403)
|
flask.abort(403)
|
||||||
|
|
||||||
conn = context.get_connection()
|
conn = context.get_connection()
|
||||||
user_groups = ldap_get_all_users_groupped(conn)
|
user_groups = _ldap_get_all_users_groupped(conn)
|
||||||
|
|
||||||
return flask.render_template('admin/list.html', user_groups=user_groups)
|
return flask.render_template('admin/list.html', user_groups=user_groups)
|
||||||
|
|
||||||
def ldap_get_user(conn, uid):
|
def _ldap_get_user(conn, uid):
|
||||||
profile = []
|
profile = []
|
||||||
|
|
||||||
for user, attrs in conn.search_s(config.dn_format % uid, ldap.SCOPE_SUBTREE):
|
for user, attrs in conn.search_s(config.dn_format % uid, ldap.SCOPE_SUBTREE):
|
||||||
for attr, values in attrs.items():
|
for attr, values in attrs.items():
|
||||||
for value in values:
|
for value in values:
|
||||||
|
@ -257,7 +258,7 @@ def ldap_get_user(conn, uid):
|
||||||
|
|
||||||
return profile
|
return profile
|
||||||
|
|
||||||
def rendered_ldap_profile(profile):
|
def _rendered_ldap_profile(profile):
|
||||||
rendered_profile = []
|
rendered_profile = []
|
||||||
for attr, value in profile:
|
for attr, value in profile:
|
||||||
attr_sanitized = attr.lower()
|
attr_sanitized = attr.lower()
|
||||||
|
@ -265,10 +266,12 @@ def rendered_ldap_profile(profile):
|
||||||
attr_readable_name = config.readable_names.get(attr_full_name)
|
attr_readable_name = config.readable_names.get(attr_full_name)
|
||||||
rendered_profile.append((attr, attr_readable_name, value))
|
rendered_profile.append((attr, attr_readable_name, value))
|
||||||
|
|
||||||
rendered_profile.sort(key=lambda x: x[1] is None)
|
# Attributes with readable names first, then by name
|
||||||
|
rendered_profile.sort(key=lambda profile: profile[0])
|
||||||
|
rendered_profile.sort(key=lambda profile: profile[1] is None)
|
||||||
return rendered_profile
|
return rendered_profile
|
||||||
|
|
||||||
def ldap_get_user_groups(conn, uid):
|
def _ldap_get_user_groups(conn, uid):
|
||||||
groups = []
|
groups = []
|
||||||
user_dn = config.dn_format % uid
|
user_dn = config.dn_format % uid
|
||||||
filter = f'(&(objectClass=groupOfUniqueNames)(uniqueMember={user_dn}))'
|
filter = f'(&(objectClass=groupOfUniqueNames)(uniqueMember={user_dn}))'
|
||||||
|
@ -277,8 +280,8 @@ def ldap_get_user_groups(conn, uid):
|
||||||
|
|
||||||
return groups
|
return groups
|
||||||
|
|
||||||
def ldap_validate_uid(uid):
|
def _ldap_validate_uid(uid):
|
||||||
if not re.match(r'^[a-z-_][a-z0-9-_]*\Z', uid, flags=re.I):
|
if not re.match(r'^[a-zA-Z_][a-zA-Z0-9-_]*\Z', uid):
|
||||||
raise RuntimeError('Invalid uid')
|
raise RuntimeError('Invalid uid')
|
||||||
|
|
||||||
@app.route('/admin/users/<uid>')
|
@app.route('/admin/users/<uid>')
|
||||||
|
@ -288,9 +291,9 @@ def admin_user_view(uid):
|
||||||
flask.abort(403)
|
flask.abort(403)
|
||||||
|
|
||||||
conn = context.get_connection()
|
conn = context.get_connection()
|
||||||
ldap_validate_uid(uid)
|
_ldap_validate_uid(uid)
|
||||||
|
|
||||||
profile = ldap_get_user(conn, uid)
|
profile = _ldap_get_user(conn, uid)
|
||||||
groups = ldap_get_user_groups(conn, uid)
|
groups = _ldap_get_user_groups(conn, uid)
|
||||||
|
|
||||||
return flask.render_template('admin/user.html', uid=uid, profile=rendered_ldap_profile(profile), groups=groups)
|
return flask.render_template('admin/user.html', uid=uid, profile=_rendered_ldap_profile(profile), groups=groups)
|
||||||
|
|
Loading…
Reference in New Issue