rezometz/re2o
8
0
Fork 0
mirror of https://gitlab2.federez.net/re2o/re2o synced 2024-11-24 20:33:11 +00:00
Code Issues Releases Wiki Activity

Create one group for each club with gid_number

Browse source
This commit is contained in:
detraz 2018-11-09 02:44:24 +01:00
parent 5e4e9e3f76
commit 2296026487
6 changed files with 301 additions and 193 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
re2o/settings_local.example.py
View file

@ -105,8 +105,10 @@ UID_RANGES = {
# A range of GID to use. Used in linux environement # A range of GID to use. Used in linux environement
GID_RANGES = { GID_RANGES = {
'posix': [501, 600], 'groups' : [501, 600],
'clubs' : [20000, 30000],
} }
# Some Django apps you want to add in you local project # Some Django apps you want to add in you local project
OPTIONNAL_APPS = () OPTIONNAL_APPS = ()

6
users/management/commands/ldap_sync.py
View file

@ -18,7 +18,7 @@
# #
from django.core.management.base import BaseCommand, CommandError from django.core.management.base import BaseCommand, CommandError
from users.models import User from users.models import User, ListRight, Club
class Command(BaseCommand): class Command(BaseCommand):
@ -38,3 +38,7 @@ class Command(BaseCommand):
def handle(self, *args, **options): def handle(self, *args, **options):
for usr in User.objects.all(): for usr in User.objects.all():
usr.ldap_sync(mac_refresh=options['full']) usr.ldap_sync(mac_refresh=options['full'])
for lr in ListRight.objects.all():
lr.ldap_sync()
for cl in Club.objects.all():
cl.ldap_group_sync()

2
users/migrations/0035_auto_20161018_0046.py
View file

@ -37,6 +37,6 @@ class Migration(migrations.Migration):
migrations.AlterField( migrations.AlterField(
model_name='user', model_name='user',
name='uid_number', name='uid_number',
field=models.IntegerField(unique=True, default=users.models.get_fresh_user_uid), field=models.IntegerField(unique=True, default=users.models.get_fresh_uid),
), ),
] ]

2
users/migrations/0056_auto_20171015_2033.py
View file

@ -32,6 +32,6 @@ class Migration(migrations.Migration):
migrations.AlterField( migrations.AlterField(
model_name='user', model_name='user',
name='uid_number', name='uid_number',
field=models.PositiveIntegerField(default=users.models.get_fresh_user_uid, unique=True), field=models.PositiveIntegerField(default=users.models.get_fresh_uid, unique=True),
), ),
] ]

48
users/migrations/0079_auto_20181109_0156.py Normal file
View file

@ -0,0 +1,48 @@
# -*- coding: utf-8 -*-
# Generated by Django 1.10.7 on 2018-11-09 00:56
from __future__ import unicode_literals
from django.db import migrations, models
import users.models
from re2o.settings import GID_RANGES
class Migration(migrations.Migration):
dependencies = [
('users', '0078_auto_20181011_1405'),
]
def set_clubs_gid(apps, schema_editor):
LdapUserGroup = apps.get_model('users', 'LdapUserGroup')
gids = list(range(
int(min(GID_RANGES['clubs'])),
int(max(GID_RANGES['clubs']))
))
used_gids = list(LdapUserGroup.objects.values_list('gid', flat=True))
free_gids = [id for id in gids if id not in used_gids]
Club = apps.get_model('users', 'Club')
for ident, club in enumerate(Club.objects.all()):
club.gid_number = free_gids[ident]
club.save()
operations = [
migrations.AddField(
model_name='club',
name='gid_number',
field=models.PositiveIntegerField(null=True, validators=[users.models.validate_gid]),
),
migrations.AlterField(
model_name='listright',
name='gid',
field=models.PositiveIntegerField(unique=True, validators=[users.models.validate_gid]),
),
migrations.RunPython(set_clubs_gid),
migrations.AlterField(
model_name='club',
name='gid_number',
field=models.PositiveIntegerField(default=users.models.get_fresh_gid('clubs'), unique=True, validators=[users.models.validate_gid]),
),
]

426
users/models.py
View file

@ -107,7 +107,7 @@ def linux_user_validator(login):
) )
def get_fresh_user_uid(): def get_fresh_uid():
""" Renvoie le plus petit uid non pris. Fonction très paresseuse """ """ Renvoie le plus petit uid non pris. Fonction très paresseuse """
uids = list(range( uids = list(range(
int(min(UID_RANGES['users'])), int(min(UID_RANGES['users'])),
@ -121,16 +121,195 @@ def get_fresh_user_uid():
return min(free_uids) return min(free_uids)
def get_fresh_gid(): def get_fresh_gid(group_type):
""" Renvoie le plus petit gid libre """ """ Renvoie le plus petit gid libre """
gids = list(range( gids = list(range(
int(min(GID_RANGES['posix'])), int(min(GID_RANGES[group_type])),
int(max(GID_RANGES['posix'])) int(max(GID_RANGES[group_type]))
)) ))
used_gids = list(ListRight.objects.values_list('gid', flat=True)) used_gids = list(LdapUserGroup.objects.values_list('gid', flat=True))
free_gids = [id for id in gids if id not in used_gids] free_gids = [id for id in gids if id not in used_gids]
return min(free_gids) return min(free_gids)
# Ldap db class models
class LdapUser(ldapdb.models.Model):
"""
Class for representing an LDAP user entry.
"""
# LDAP meta-data
base_dn = LDAP['base_user_dn']
object_classes = ['inetOrgPerson', 'top', 'posixAccount',
'sambaSamAccount', 'radiusprofile',
'shadowAccount']
# attributes
gid = ldapdb.models.fields.IntegerField(db_column='gidNumber')
name = ldapdb.models.fields.CharField(
db_column='cn',
max_length=200,
primary_key=True
)
uid = ldapdb.models.fields.CharField(db_column='uid', max_length=200)
uidNumber = ldapdb.models.fields.IntegerField(
db_column='uidNumber',
unique=True
)
sn = ldapdb.models.fields.CharField(db_column='sn', max_length=200)
login_shell = ldapdb.models.fields.CharField(
db_column='loginShell',
max_length=200,
blank=True,
null=True
)
mail = ldapdb.models.fields.CharField(db_column='mail', max_length=200)
given_name = ldapdb.models.fields.CharField(
db_column='givenName',
max_length=200
)
home_directory = ldapdb.models.fields.CharField(
db_column='homeDirectory',
max_length=200
)
display_name = ldapdb.models.fields.CharField(
db_column='displayName',
max_length=200,
blank=True,
null=True
)
dialupAccess = ldapdb.models.fields.CharField(db_column='dialupAccess')
sambaSID = ldapdb.models.fields.IntegerField(
db_column='sambaSID',
unique=True
)
user_password = ldapdb.models.fields.CharField(
db_column='userPassword',
max_length=200,
blank=True,
null=True
)
sambat_nt_password = ldapdb.models.fields.CharField(
db_column='sambaNTPassword',
max_length=200,
blank=True,
null=True
)
macs = ldapdb.models.fields.ListField(
db_column='radiusCallingStationId',
max_length=200,
blank=True,
null=True
)
shadowexpire = ldapdb.models.fields.CharField(
db_column='shadowExpire',
blank=True,
null=True
)
def __str__(self):
return self.name
def __unicode__(self):
return self.name
def save(self, *args, **kwargs):
self.sn = self.name
self.uid = self.name
self.sambaSID = self.uidNumber
super(LdapUser, self).save(*args, **kwargs)
class LdapUserGroup(ldapdb.models.Model):
"""
Class for representing an LDAP group entry.
Un groupe ldap
"""
# LDAP meta-data
base_dn = LDAP['base_usergroup_dn']
object_classes = ['posixGroup']
# attributes
gid = ldapdb.models.fields.IntegerField(db_column='gidNumber')
members = ldapdb.models.fields.ListField(
db_column='memberUid',
blank=True
)
name = ldapdb.models.fields.CharField(
db_column='cn',
max_length=200,
primary_key=True
)
def __str__(self):
return self.name
class LdapServiceUser(ldapdb.models.Model):
"""
Class for representing an LDAP userservice entry.
Un user de service coté ldap
"""
# LDAP meta-data
base_dn = LDAP['base_userservice_dn']
object_classes = ['applicationProcess', 'simpleSecurityObject']
# attributes
name = ldapdb.models.fields.CharField(
db_column='cn',
max_length=200,
primary_key=True
)
user_password = ldapdb.models.fields.CharField(
db_column='userPassword',
max_length=200,
blank=True,
null=True
)
def __str__(self):
return self.name
class LdapServiceUserGroup(ldapdb.models.Model):
"""
Class for representing an LDAP userservice entry.
Un group user de service coté ldap. Dans userservicegroupdn
(voir dans settings_local.py)
"""
# LDAP meta-data
base_dn = LDAP['base_userservicegroup_dn']
object_classes = ['groupOfNames']
# attributes
name = ldapdb.models.fields.CharField(
db_column='cn',
max_length=200,
primary_key=True
)
members = ldapdb.models.fields.ListField(
db_column='member',
blank=True
)
def __str__(self):
return self.name
## Validators
def validate_gid(value):
"""Check if a gid is available"""
if value in list(LdapUserGroup.objects.values_list('gid', flat=True)):
raise ValidationError(_('%(value)s has already been taken'),
params={'value': value},
)
return
## Django classics models
class UserManager(BaseUserManager): class UserManager(BaseUserManager):
"""User manager basique de django""" """User manager basique de django"""
@ -237,7 +416,7 @@ class User(RevMixin, FieldPermissionModelMixin, AbstractBaseUser,
registered = models.DateTimeField(auto_now_add=True) registered = models.DateTimeField(auto_now_add=True)
telephone = models.CharField(max_length=15, blank=True, null=True) telephone = models.CharField(max_length=15, blank=True, null=True)
uid_number = models.PositiveIntegerField( uid_number = models.PositiveIntegerField(
default=get_fresh_user_uid, default=get_fresh_uid,
unique=True unique=True
) )
rezo_rez_uid = models.PositiveIntegerField( rezo_rez_uid = models.PositiveIntegerField(
@ -311,11 +490,6 @@ class User(RevMixin, FieldPermissionModelMixin, AbstractBaseUser,
else: else:
raise NotImplementedError(_("Unknown type.")) raise NotImplementedError(_("Unknown type."))
@cached_property
def gid_number(self):
"""renvoie le gid par défaut des users"""
return int(LDAP['user_gid'])
@cached_property @cached_property
def is_class_club(self): def is_class_club(self):
""" Returns True if the object is a Club (subclassing User) """ """ Returns True if the object is a Club (subclassing User) """
@ -328,6 +502,14 @@ class User(RevMixin, FieldPermissionModelMixin, AbstractBaseUser,
# TODO : change to isinstance (cleaner) # TODO : change to isinstance (cleaner)
return hasattr(self, 'adherent') return hasattr(self, 'adherent')
@cached_property
def gid_number(self):
"""renvoie le gid par défaut des users"""
if self.is_class_adherent:
return int(LDAP['user_gid'])
if self.is_class_club:
return self.club.gid_number
@property @property
def is_active(self): def is_active(self):
""" Renvoie si l'user est à l'état actif""" """ Renvoie si l'user est à l'état actif"""
@ -363,11 +545,6 @@ class User(RevMixin, FieldPermissionModelMixin, AbstractBaseUser,
""" Renvoie seulement le nom""" """ Renvoie seulement le nom"""
return self.surname return self.surname
@cached_property
def gid(self):
"""return the default gid of user"""
return LDAP['user_gid']
@property @property
def get_shell(self): def get_shell(self):
""" A utiliser de préférence, prend le shell par défaut """ A utiliser de préférence, prend le shell par défaut
@ -596,7 +773,7 @@ class User(RevMixin, FieldPermissionModelMixin, AbstractBaseUser,
user_ldap.mail = self.get_mail user_ldap.mail = self.get_mail
user_ldap.given_name = self.surname.lower() + '_'\ user_ldap.given_name = self.surname.lower() + '_'\
+ self.name.lower()[:3] + self.name.lower()[:3]
user_ldap.gid = LDAP['user_gid'] user_ldap.gid = self.gid_number
if '{SSHA}' in self.password or '{SMD5}' in self.password: if '{SSHA}' in self.password or '{SMD5}' in self.password:
# We remove the extra $ added at import from ldap # We remove the extra $ added at import from ldap
user_ldap.user_password = self.password[:6] + \ user_ldap.user_password = self.password[:6] + \
@ -1122,6 +1299,11 @@ class Club(User):
mailing = models.BooleanField( mailing = models.BooleanField(
default=False default=False
) )
gid_number = models.PositiveIntegerField(
default=get_fresh_gid('clubs'),
unique=True,
validators=[validate_gid]
)
class Meta(User.Meta): class Meta(User.Meta):
verbose_name = _("club") verbose_name = _("club")
@ -1130,7 +1312,6 @@ class Club(User):
@staticmethod @staticmethod
def can_create(user_request, *_args, **_kwargs): def can_create(user_request, *_args, **_kwargs):
"""Check if an user can create an user object. """Check if an user can create an user object.
:param user_request: The user who wants to create a user object. :param user_request: The user who wants to create a user object.
:return: a message and a boolean which is True if the user can create :return: a message and a boolean which is True if the user can create
an user or if the `options.all_can_create` is set. an user or if the `options.all_can_create` is set.
@ -1172,6 +1353,25 @@ class Club(User):
""" """
return cls.objects.get(pk=clubid) return cls.objects.get(pk=clubid)
def ldap_group_sync(self):
"""Ldap group synchronize
Make a group for each club"""
try:
group_ldap = LdapUserGroup.objects.get(gid=self.gid_number)
except LdapUserGroup.DoesNotExist:
group_ldap = LdapUserGroup(gid=self.gid_number)
group_ldap.name = self.pseudo
group_ldap.members = list(self.administrators.values_list('pseudo', flat=True))
group_ldap.save()
def ldap_group_del(self):
"""Supprime un groupe ldap"""
try:
group_ldap = LdapUserGroup.objects.get(gid=self.gid_number)
group_ldap.delete()
except LdapUserGroup.DoesNotExist:
pass
@receiver(post_save, sender=Adherent) @receiver(post_save, sender=Adherent)
@receiver(post_save, sender=Club) @receiver(post_save, sender=Club)
@ -1193,11 +1393,14 @@ def user_post_save(**kwargs):
mac_refresh=False, mac_refresh=False,
group_refresh=True group_refresh=True
) )
if hasattr(user, 'ldap_group_sync'):
user.ldap_group_sync()
regen('mailing') regen('mailing')
@receiver(m2m_changed, sender=User.groups.through) @receiver(m2m_changed, sender=User.groups.through)
def user_group_relation_changed(**kwargs): def user_group_relation_changed(**kwargs):
"""To make the user and his rights/groups synced after a group modification"""
action = kwargs['action'] action = kwargs['action']
if action in ('post_add', 'post_remove', 'post_clear'): if action in ('post_add', 'post_remove', 'post_clear'):
user = kwargs['instance'] user = kwargs['instance']
@ -1207,6 +1410,15 @@ def user_group_relation_changed(**kwargs):
group_refresh=True) group_refresh=True)
@receiver(m2m_changed, sender=Club.administrators.through)
def user_group_relation_changed(**kwargs):
"""To make the group related to a club synced after admins change"""
action = kwargs['action']
if action in ('post_add', 'post_remove', 'post_clear'):
club = kwargs['instance']
club.ldap_group_sync()
@receiver(post_delete, sender=Adherent) @receiver(post_delete, sender=Adherent)
@receiver(post_delete, sender=Club) @receiver(post_delete, sender=Club)
@receiver(post_delete, sender=User) @receiver(post_delete, sender=User)
@ -1214,6 +1426,8 @@ def user_post_delete(**kwargs):
"""Post delete d'un user, on supprime son instance ldap""" """Post delete d'un user, on supprime son instance ldap"""
user = kwargs['instance'] user = kwargs['instance']
user.ldap_del() user.ldap_del()
if hasattr(user, 'ldap_group_del'):
user.ldap_group_del()
regen('mailing') regen('mailing')
@ -1341,7 +1555,10 @@ class ListRight(RevMixin, AclMixin, Group):
message=(_("UNIX groups can only contain lower case letters.")) message=(_("UNIX groups can only contain lower case letters."))
)] )]
) )
gid = models.PositiveIntegerField(unique=True, null=True) gid = models.PositiveIntegerField(
unique=True,
validators=[validate_gid]
)
critical = models.BooleanField(default=False) critical = models.BooleanField(default=False)
details = models.CharField( details = models.CharField(
help_text=_("Description"), help_text=_("Description"),
@ -1366,8 +1583,7 @@ class ListRight(RevMixin, AclMixin, Group):
except LdapUserGroup.DoesNotExist: except LdapUserGroup.DoesNotExist:
group_ldap = LdapUserGroup(gid=self.gid) group_ldap = LdapUserGroup(gid=self.gid)
group_ldap.name = self.unix_name group_ldap.name = self.unix_name
group_ldap.members = [user.pseudo for user group_ldap.members = list(self.user_set.values_list('pseudo', flat=True))
in self.user_set.all()]
group_ldap.save() group_ldap.save()
def ldap_del(self): def ldap_del(self):
@ -1606,171 +1822,6 @@ class Request(models.Model):
super(Request, self).save() super(Request, self).save()
class LdapUser(ldapdb.models.Model):
"""
Class for representing an LDAP user entry.
"""
# LDAP meta-data
base_dn = LDAP['base_user_dn']
object_classes = ['inetOrgPerson', 'top', 'posixAccount',
'sambaSamAccount', 'radiusprofile',
'shadowAccount']
# attributes
gid = ldapdb.models.fields.IntegerField(db_column='gidNumber')
name = ldapdb.models.fields.CharField(
db_column='cn',
max_length=200,
primary_key=True
)
uid = ldapdb.models.fields.CharField(db_column='uid', max_length=200)
uidNumber = ldapdb.models.fields.IntegerField(
db_column='uidNumber',
unique=True
)
sn = ldapdb.models.fields.CharField(db_column='sn', max_length=200)
login_shell = ldapdb.models.fields.CharField(
db_column='loginShell',
max_length=200,
blank=True,
null=True
)
mail = ldapdb.models.fields.CharField(db_column='mail', max_length=200)
given_name = ldapdb.models.fields.CharField(
db_column='givenName',
max_length=200
)
home_directory = ldapdb.models.fields.CharField(
db_column='homeDirectory',
max_length=200
)
display_name = ldapdb.models.fields.CharField(
db_column='displayName',
max_length=200,
blank=True,
null=True
)
dialupAccess = ldapdb.models.fields.CharField(db_column='dialupAccess')
sambaSID = ldapdb.models.fields.IntegerField(
db_column='sambaSID',
unique=True
)
user_password = ldapdb.models.fields.CharField(
db_column='userPassword',
max_length=200,
blank=True,
null=True
)
sambat_nt_password = ldapdb.models.fields.CharField(
db_column='sambaNTPassword',
max_length=200,
blank=True,
null=True
)
macs = ldapdb.models.fields.ListField(
db_column='radiusCallingStationId',
max_length=200,
blank=True,
null=True
)
shadowexpire = ldapdb.models.fields.CharField(
db_column='shadowExpire',
blank=True,
null=True
)
def __str__(self):
return self.name
def __unicode__(self):
return self.name
def save(self, *args, **kwargs):
self.sn = self.name
self.uid = self.name
self.sambaSID = self.uidNumber
super(LdapUser, self).save(*args, **kwargs)
class LdapUserGroup(ldapdb.models.Model):
"""
Class for representing an LDAP group entry.
Un groupe ldap
"""
# LDAP meta-data
base_dn = LDAP['base_usergroup_dn']
object_classes = ['posixGroup']
# attributes
gid = ldapdb.models.fields.IntegerField(db_column='gidNumber')
members = ldapdb.models.fields.ListField(
db_column='memberUid',
blank=True
)
name = ldapdb.models.fields.CharField(
db_column='cn',
max_length=200,
primary_key=True
)
def __str__(self):
return self.name
class LdapServiceUser(ldapdb.models.Model):
"""
Class for representing an LDAP userservice entry.
Un user de service coté ldap
"""
# LDAP meta-data
base_dn = LDAP['base_userservice_dn']
object_classes = ['applicationProcess', 'simpleSecurityObject']
# attributes
name = ldapdb.models.fields.CharField(
db_column='cn',
max_length=200,
primary_key=True
)
user_password = ldapdb.models.fields.CharField(
db_column='userPassword',
max_length=200,
blank=True,
null=True
)
def __str__(self):
return self.name
class LdapServiceUserGroup(ldapdb.models.Model):
"""
Class for representing an LDAP userservice entry.
Un group user de service coté ldap. Dans userservicegroupdn
(voir dans settings_local.py)
"""
# LDAP meta-data
base_dn = LDAP['base_userservicegroup_dn']
object_classes = ['groupOfNames']
# attributes
name = ldapdb.models.fields.CharField(
db_column='cn',
max_length=200,
primary_key=True
)
members = ldapdb.models.fields.ListField(
db_column='member',
blank=True
)
def __str__(self):
return self.name
class EMailAddress(RevMixin, AclMixin, models.Model): class EMailAddress(RevMixin, AclMixin, models.Model):
"""Defines a local email account for a user """Defines a local email account for a user
""" """
@ -1892,3 +1943,6 @@ class EMailAddress(RevMixin, AclMixin, models.Model):
if "@" in self.local_part: if "@" in self.local_part:
raise ValidationError(_("The local part must not contain @.")) raise ValidationError(_("The local part must not contain @."))
super(EMailAddress, self).clean(*args, **kwargs) super(EMailAddress, self).clean(*args, **kwargs)