mirror of
https://gitlab2.federez.net/re2o/re2o
synced 2025-01-13 11:44:29 +00:00
Ajout des groupes ldap, et d'une vue pour modifier la liste des groupes/droits
This commit is contained in:
parent
239bfc5acd
commit
2cb0e566dc
19 changed files with 548 additions and 10 deletions
|
@ -3,7 +3,7 @@ from django.contrib.auth.models import Group
|
||||||
from django.contrib.auth.admin import UserAdmin as BaseUserAdmin
|
from django.contrib.auth.admin import UserAdmin as BaseUserAdmin
|
||||||
from reversion.admin import VersionAdmin
|
from reversion.admin import VersionAdmin
|
||||||
|
|
||||||
from .models import User, School, Right, ListRight, Ban, Whitelist, Request
|
from .models import User, School, Right, ListRight, ListShell, Ban, Whitelist, Request, LdapUser, LdapUserGroup
|
||||||
from .forms import UserChangeForm, UserCreationForm
|
from .forms import UserChangeForm, UserCreationForm
|
||||||
|
|
||||||
|
|
||||||
|
@ -15,17 +15,28 @@ class UserAdmin(admin.ModelAdmin):
|
||||||
'room',
|
'room',
|
||||||
'email',
|
'email',
|
||||||
'school',
|
'school',
|
||||||
|
'shell',
|
||||||
'state'
|
'state'
|
||||||
)
|
)
|
||||||
|
search_fields = ('name','surname','pseudo','room')
|
||||||
|
|
||||||
|
|
||||||
|
class LdapUserAdmin(admin.ModelAdmin):
|
||||||
|
list_display = ('name','uidNumber','loginShell')
|
||||||
|
search_fields = ('name',)
|
||||||
|
|
||||||
|
class LdapUserGroupAdmin(admin.ModelAdmin):
|
||||||
|
list_display = ('name','members','gid')
|
||||||
|
search_fields = ('name',)
|
||||||
|
|
||||||
class SchoolAdmin(VersionAdmin):
|
class SchoolAdmin(VersionAdmin):
|
||||||
list_display = ('name',)
|
list_display = ('name',)
|
||||||
|
|
||||||
|
|
||||||
class ListRightAdmin(VersionAdmin):
|
class ListRightAdmin(VersionAdmin):
|
||||||
list_display = ('listright',)
|
list_display = ('listright',)
|
||||||
|
|
||||||
|
class ListShellAdmin(VersionAdmin):
|
||||||
|
list_display = ('shell',)
|
||||||
|
|
||||||
class RightAdmin(admin.ModelAdmin):
|
class RightAdmin(admin.ModelAdmin):
|
||||||
list_display = ('user', 'right')
|
list_display = ('user', 'right')
|
||||||
|
@ -49,11 +60,11 @@ class UserAdmin(VersionAdmin, BaseUserAdmin):
|
||||||
# The fields to be used in displaying the User model.
|
# The fields to be used in displaying the User model.
|
||||||
# These override the definitions on the base UserAdmin
|
# These override the definitions on the base UserAdmin
|
||||||
# that reference specific fields on auth.User.
|
# that reference specific fields on auth.User.
|
||||||
list_display = ('pseudo', 'name', 'surname', 'email', 'school', 'is_admin')
|
list_display = ('pseudo', 'name', 'surname', 'email', 'school', 'is_admin', 'shell')
|
||||||
list_filter = ()
|
list_filter = ()
|
||||||
fieldsets = (
|
fieldsets = (
|
||||||
(None, {'fields': ('pseudo', 'password')}),
|
(None, {'fields': ('pseudo', 'password')}),
|
||||||
('Personal info', {'fields': ('name', 'surname', 'email', 'school')}),
|
('Personal info', {'fields': ('name', 'surname', 'email', 'school','shell')}),
|
||||||
('Permissions', {'fields': ('is_admin', )}),
|
('Permissions', {'fields': ('is_admin', )}),
|
||||||
)
|
)
|
||||||
# add_fieldsets is not a standard ModelAdmin attribute. UserAdmin
|
# add_fieldsets is not a standard ModelAdmin attribute. UserAdmin
|
||||||
|
@ -69,9 +80,12 @@ class UserAdmin(VersionAdmin, BaseUserAdmin):
|
||||||
filter_horizontal = ()
|
filter_horizontal = ()
|
||||||
|
|
||||||
admin.site.register(User, UserAdmin)
|
admin.site.register(User, UserAdmin)
|
||||||
|
admin.site.register(LdapUser, LdapUserAdmin)
|
||||||
|
admin.site.register(LdapUserGroup, LdapUserGroupAdmin)
|
||||||
admin.site.register(School, SchoolAdmin)
|
admin.site.register(School, SchoolAdmin)
|
||||||
admin.site.register(Right, RightAdmin)
|
admin.site.register(Right, RightAdmin)
|
||||||
admin.site.register(ListRight, ListRightAdmin)
|
admin.site.register(ListRight, ListRightAdmin)
|
||||||
|
admin.site.register(ListShell, ListShellAdmin)
|
||||||
admin.site.register(Ban, BanAdmin)
|
admin.site.register(Ban, BanAdmin)
|
||||||
admin.site.register(Whitelist, WhitelistAdmin)
|
admin.site.register(Whitelist, WhitelistAdmin)
|
||||||
admin.site.register(Request, RequestAdmin)
|
admin.site.register(Request, RequestAdmin)
|
||||||
|
|
|
@ -15,8 +15,8 @@ class PassForm(forms.Form):
|
||||||
class UserCreationForm(forms.ModelForm):
|
class UserCreationForm(forms.ModelForm):
|
||||||
"""A form for creating new users. Includes all the required
|
"""A form for creating new users. Includes all the required
|
||||||
fields, plus a repeated password."""
|
fields, plus a repeated password."""
|
||||||
password1 = forms.CharField(label='Password', widget=forms.PasswordInput)
|
password1 = forms.CharField(label='Password', widget=forms.PasswordInput, min_length=8, max_length=255)
|
||||||
password2 = forms.CharField(label='Password confirmation', widget=forms.PasswordInput)
|
password2 = forms.CharField(label='Password confirmation', widget=forms.PasswordInput, min_length=8, max_length=255)
|
||||||
is_admin = forms.BooleanField(label='is admin')
|
is_admin = forms.BooleanField(label='is admin')
|
||||||
|
|
||||||
class Meta:
|
class Meta:
|
||||||
|
|
35
users/migrations/0021_ldapuser.py
Normal file
35
users/migrations/0021_ldapuser.py
Normal file
|
@ -0,0 +1,35 @@
|
||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
from __future__ import unicode_literals
|
||||||
|
|
||||||
|
from django.db import migrations, models
|
||||||
|
import ldapdb.models.fields
|
||||||
|
|
||||||
|
|
||||||
|
class Migration(migrations.Migration):
|
||||||
|
|
||||||
|
dependencies = [
|
||||||
|
('users', '0020_request'),
|
||||||
|
]
|
||||||
|
|
||||||
|
operations = [
|
||||||
|
migrations.CreateModel(
|
||||||
|
name='LdapUser',
|
||||||
|
fields=[
|
||||||
|
('dn', models.CharField(max_length=200)),
|
||||||
|
('gid', ldapdb.models.fields.IntegerField(db_column='gidNumber')),
|
||||||
|
('name', ldapdb.models.fields.CharField(primary_key=True, max_length=200, db_column='cn', serialize=False)),
|
||||||
|
('uid', ldapdb.models.fields.CharField(max_length=200, db_column='uid')),
|
||||||
|
('uidNumber', ldapdb.models.fields.IntegerField(unique=True, db_column='uidNumber')),
|
||||||
|
('sn', ldapdb.models.fields.CharField(max_length=200, db_column='sn')),
|
||||||
|
('loginShell', ldapdb.models.fields.CharField(default='/bin/zsh', max_length=200, db_column='loginShell')),
|
||||||
|
('mail', ldapdb.models.fields.CharField(max_length=200, db_column='mail')),
|
||||||
|
('given_name', ldapdb.models.fields.CharField(max_length=200, db_column='givenName')),
|
||||||
|
('home_directory', ldapdb.models.fields.CharField(max_length=200, db_column='homeDirectory')),
|
||||||
|
('dialupAccess', ldapdb.models.fields.CharField(max_length=200, db_column='dialupAccess')),
|
||||||
|
('mac_list', ldapdb.models.fields.CharField(max_length=200, db_column='radiusCallingStationId')),
|
||||||
|
],
|
||||||
|
options={
|
||||||
|
'abstract': False,
|
||||||
|
},
|
||||||
|
),
|
||||||
|
]
|
21
users/migrations/0022_ldapuser_sambasid.py
Normal file
21
users/migrations/0022_ldapuser_sambasid.py
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
from __future__ import unicode_literals
|
||||||
|
|
||||||
|
from django.db import migrations, models
|
||||||
|
import ldapdb.models.fields
|
||||||
|
|
||||||
|
|
||||||
|
class Migration(migrations.Migration):
|
||||||
|
|
||||||
|
dependencies = [
|
||||||
|
('users', '0021_ldapuser'),
|
||||||
|
]
|
||||||
|
|
||||||
|
operations = [
|
||||||
|
migrations.AddField(
|
||||||
|
model_name='ldapuser',
|
||||||
|
name='sambaSID',
|
||||||
|
field=ldapdb.models.fields.IntegerField(db_column='sambaSID', unique=True, null=True),
|
||||||
|
preserve_default=False,
|
||||||
|
),
|
||||||
|
]
|
20
users/migrations/0023_auto_20160724_1908.py
Normal file
20
users/migrations/0023_auto_20160724_1908.py
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
from __future__ import unicode_literals
|
||||||
|
|
||||||
|
from django.db import migrations, models
|
||||||
|
import ldapdb.models.fields
|
||||||
|
|
||||||
|
|
||||||
|
class Migration(migrations.Migration):
|
||||||
|
|
||||||
|
dependencies = [
|
||||||
|
('users', '0022_ldapuser_sambasid'),
|
||||||
|
]
|
||||||
|
|
||||||
|
operations = [
|
||||||
|
migrations.AlterField(
|
||||||
|
model_name='ldapuser',
|
||||||
|
name='sambaSID',
|
||||||
|
field=ldapdb.models.fields.IntegerField(db_column='sambaSID', unique=True),
|
||||||
|
),
|
||||||
|
]
|
18
users/migrations/0024_remove_ldapuser_mac_list.py
Normal file
18
users/migrations/0024_remove_ldapuser_mac_list.py
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
from __future__ import unicode_literals
|
||||||
|
|
||||||
|
from django.db import migrations, models
|
||||||
|
|
||||||
|
|
||||||
|
class Migration(migrations.Migration):
|
||||||
|
|
||||||
|
dependencies = [
|
||||||
|
('users', '0023_auto_20160724_1908'),
|
||||||
|
]
|
||||||
|
|
||||||
|
operations = [
|
||||||
|
migrations.RemoveField(
|
||||||
|
model_name='ldapuser',
|
||||||
|
name='mac_list',
|
||||||
|
),
|
||||||
|
]
|
21
users/migrations/0025_listshell.py
Normal file
21
users/migrations/0025_listshell.py
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
from __future__ import unicode_literals
|
||||||
|
|
||||||
|
from django.db import migrations, models
|
||||||
|
|
||||||
|
|
||||||
|
class Migration(migrations.Migration):
|
||||||
|
|
||||||
|
dependencies = [
|
||||||
|
('users', '0024_remove_ldapuser_mac_list'),
|
||||||
|
]
|
||||||
|
|
||||||
|
operations = [
|
||||||
|
migrations.CreateModel(
|
||||||
|
name='ListShell',
|
||||||
|
fields=[
|
||||||
|
('id', models.AutoField(auto_created=True, serialize=False, primary_key=True, verbose_name='ID')),
|
||||||
|
('shell', models.CharField(unique=True, max_length=255)),
|
||||||
|
],
|
||||||
|
),
|
||||||
|
]
|
21
users/migrations/0026_user_shell.py
Normal file
21
users/migrations/0026_user_shell.py
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
from __future__ import unicode_literals
|
||||||
|
|
||||||
|
from django.db import migrations, models
|
||||||
|
import django.db.models.deletion
|
||||||
|
|
||||||
|
|
||||||
|
class Migration(migrations.Migration):
|
||||||
|
|
||||||
|
dependencies = [
|
||||||
|
('users', '0025_listshell'),
|
||||||
|
]
|
||||||
|
|
||||||
|
operations = [
|
||||||
|
migrations.AddField(
|
||||||
|
model_name='user',
|
||||||
|
name='shell',
|
||||||
|
field=models.ForeignKey(to='users.ListShell', default=1, on_delete=django.db.models.deletion.PROTECT),
|
||||||
|
preserve_default=False,
|
||||||
|
),
|
||||||
|
]
|
28
users/migrations/0027_auto_20160726_0216.py
Normal file
28
users/migrations/0027_auto_20160726_0216.py
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
from __future__ import unicode_literals
|
||||||
|
|
||||||
|
from django.db import migrations, models
|
||||||
|
import django.db.models.deletion
|
||||||
|
import ldapdb.models.fields
|
||||||
|
|
||||||
|
|
||||||
|
class Migration(migrations.Migration):
|
||||||
|
|
||||||
|
dependencies = [
|
||||||
|
('users', '0026_user_shell'),
|
||||||
|
]
|
||||||
|
|
||||||
|
operations = [
|
||||||
|
migrations.CreateModel(
|
||||||
|
name='LdapUserGroup',
|
||||||
|
fields=[
|
||||||
|
('dn', models.CharField(max_length=200)),
|
||||||
|
('gid', ldapdb.models.fields.IntegerField(db_column='gidNumber')),
|
||||||
|
('members', ldapdb.models.fields.ListField(db_column='memberUid', blank=True)),
|
||||||
|
('name', ldapdb.models.fields.CharField(db_column='cn', primary_key=True, serialize=False, max_length=200)),
|
||||||
|
],
|
||||||
|
options={
|
||||||
|
'abstract': False,
|
||||||
|
},
|
||||||
|
),
|
||||||
|
]
|
46
users/migrations/0028_auto_20160726_0227.py
Normal file
46
users/migrations/0028_auto_20160726_0227.py
Normal file
|
@ -0,0 +1,46 @@
|
||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
from __future__ import unicode_literals
|
||||||
|
|
||||||
|
from django.db import migrations, models
|
||||||
|
import ldapdb.models.fields
|
||||||
|
import django.db.models.deletion
|
||||||
|
|
||||||
|
|
||||||
|
class Migration(migrations.Migration):
|
||||||
|
|
||||||
|
dependencies = [
|
||||||
|
('users', '0027_auto_20160726_0216'),
|
||||||
|
]
|
||||||
|
|
||||||
|
operations = [
|
||||||
|
migrations.AddField(
|
||||||
|
model_name='ldapuser',
|
||||||
|
name='display_name',
|
||||||
|
field=ldapdb.models.fields.CharField(null=True, blank=True, max_length=200, db_column='displayName'),
|
||||||
|
),
|
||||||
|
migrations.AddField(
|
||||||
|
model_name='ldapuser',
|
||||||
|
name='macs',
|
||||||
|
field=ldapdb.models.fields.ListField(null=True, blank=True, max_length=200, db_column='radiusCallingStationId'),
|
||||||
|
),
|
||||||
|
migrations.AddField(
|
||||||
|
model_name='ldapuser',
|
||||||
|
name='sambat_nt_password',
|
||||||
|
field=ldapdb.models.fields.CharField(null=True, blank=True, max_length=200, db_column='sambaNTPassword'),
|
||||||
|
),
|
||||||
|
migrations.AddField(
|
||||||
|
model_name='ldapuser',
|
||||||
|
name='user_password',
|
||||||
|
field=ldapdb.models.fields.CharField(null=True, blank=True, max_length=200, db_column='userPassword'),
|
||||||
|
),
|
||||||
|
migrations.AddField(
|
||||||
|
model_name='listright',
|
||||||
|
name='gid',
|
||||||
|
field=models.IntegerField(null=True, unique=True),
|
||||||
|
),
|
||||||
|
migrations.AlterField(
|
||||||
|
model_name='user',
|
||||||
|
name='shell',
|
||||||
|
field=models.ForeignKey(on_delete=django.db.models.deletion.PROTECT, default=1, to='users.ListShell'),
|
||||||
|
),
|
||||||
|
]
|
20
users/migrations/0029_auto_20160726_0229.py
Normal file
20
users/migrations/0029_auto_20160726_0229.py
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
from __future__ import unicode_literals
|
||||||
|
|
||||||
|
from django.db import migrations, models
|
||||||
|
import ldapdb.models.fields
|
||||||
|
|
||||||
|
|
||||||
|
class Migration(migrations.Migration):
|
||||||
|
|
||||||
|
dependencies = [
|
||||||
|
('users', '0028_auto_20160726_0227'),
|
||||||
|
]
|
||||||
|
|
||||||
|
operations = [
|
||||||
|
migrations.AlterField(
|
||||||
|
model_name='ldapuser',
|
||||||
|
name='display_name',
|
||||||
|
field=ldapdb.models.fields.CharField(db_column='displayName', max_length=200),
|
||||||
|
),
|
||||||
|
]
|
163
users/models.py
163
users/models.py
|
@ -2,8 +2,13 @@ from django.db import models
|
||||||
from django.db.models import Q
|
from django.db.models import Q
|
||||||
from django.forms import ModelForm, Form
|
from django.forms import ModelForm, Form
|
||||||
from django import forms
|
from django import forms
|
||||||
|
from django.db.models.signals import post_save, post_delete
|
||||||
|
from django.dispatch import receiver
|
||||||
|
|
||||||
from re2o.settings import RIGHTS_LINK, REQ_EXPIRE_HRS
|
import ldapdb.models
|
||||||
|
import ldapdb.models.fields
|
||||||
|
|
||||||
|
from re2o.settings import RIGHTS_LINK, REQ_EXPIRE_HRS, LDAP_SETTINGS
|
||||||
import re, uuid
|
import re, uuid
|
||||||
import datetime
|
import datetime
|
||||||
|
|
||||||
|
@ -12,6 +17,7 @@ from django.contrib.auth.models import AbstractBaseUser, BaseUserManager
|
||||||
|
|
||||||
from topologie.models import Room
|
from topologie.models import Room
|
||||||
from cotisations.models import Cotisation, Facture, Vente
|
from cotisations.models import Cotisation, Facture, Vente
|
||||||
|
from machines.models import Interface, Machine
|
||||||
|
|
||||||
def remove_user_room(room):
|
def remove_user_room(room):
|
||||||
""" Déménage de force l'ancien locataire de la chambre """
|
""" Déménage de force l'ancien locataire de la chambre """
|
||||||
|
@ -97,6 +103,7 @@ class User(AbstractBaseUser):
|
||||||
pseudo = models.CharField(max_length=32, unique=True, help_text="Doit contenir uniquement des lettres, chiffres, ou tirets", validators=[linux_user_validator])
|
pseudo = models.CharField(max_length=32, unique=True, help_text="Doit contenir uniquement des lettres, chiffres, ou tirets", validators=[linux_user_validator])
|
||||||
email = models.EmailField()
|
email = models.EmailField()
|
||||||
school = models.ForeignKey('School', on_delete=models.PROTECT, null=False, blank=False)
|
school = models.ForeignKey('School', on_delete=models.PROTECT, null=False, blank=False)
|
||||||
|
shell = models.ForeignKey('ListShell', on_delete=models.PROTECT, null=False, blank=False, default=1)
|
||||||
comment = models.CharField(help_text="Commentaire, promo", max_length=255, blank=True)
|
comment = models.CharField(help_text="Commentaire, promo", max_length=255, blank=True)
|
||||||
room = models.OneToOneField('topologie.Room', on_delete=models.PROTECT, blank=True, null=True)
|
room = models.OneToOneField('topologie.Room', on_delete=models.PROTECT, blank=True, null=True)
|
||||||
pwd_ntlm = models.CharField(max_length=255)
|
pwd_ntlm = models.CharField(max_length=255)
|
||||||
|
@ -218,9 +225,46 @@ class User(AbstractBaseUser):
|
||||||
return
|
return
|
||||||
user_right.delete()
|
user_right.delete()
|
||||||
|
|
||||||
|
def ldap_sync(self, base=True, access_refresh=True, mac_refresh=True):
|
||||||
|
try:
|
||||||
|
user_ldap = LdapUser.objects.get(name=self.pseudo)
|
||||||
|
except LdapUser.DoesNotExist:
|
||||||
|
user_ldap = LdapUser(name=self.pseudo)
|
||||||
|
if base:
|
||||||
|
user_ldap.sn = self.pseudo
|
||||||
|
user_ldap.dialupAccess = str(self.has_access())
|
||||||
|
user_ldap.uidNumber = self.id
|
||||||
|
user_ldap.home_directory = '/home/' + self.pseudo
|
||||||
|
user_ldap.mail = self.email
|
||||||
|
user_ldap.given_name = str(self.surname).lower() + '_' + str(self.name).lower()[:3]
|
||||||
|
user_ldap.gid = LDAP_SETTINGS['user_gid']
|
||||||
|
user_ldap.user_password = self.password
|
||||||
|
user_ldap.sambat_nt_password = self.pwd_ntlm
|
||||||
|
if access_refresh:
|
||||||
|
user_ldap.dialupAccess = str(self.has_access())
|
||||||
|
if mac_refresh:
|
||||||
|
user_ldap.macs = [inter.mac_address for inter in Interface.objects.filter(machine=Machine.objects.filter(user=self))]
|
||||||
|
user_ldap.save()
|
||||||
|
|
||||||
|
def ldap_del(self):
|
||||||
|
try:
|
||||||
|
user_ldap = LdapUser.objects.get(name=self.pseudo)
|
||||||
|
user_ldap.delete()
|
||||||
|
except LdapUser.DoesNotExist:
|
||||||
|
pass
|
||||||
|
|
||||||
def __str__(self):
|
def __str__(self):
|
||||||
return self.pseudo
|
return self.pseudo
|
||||||
|
|
||||||
|
@receiver(post_save, sender=User)
|
||||||
|
def user_post_save(sender, **kwargs):
|
||||||
|
user = kwargs['instance']
|
||||||
|
user.ldap_sync(base=True, access_refresh=True, mac_refresh=False)
|
||||||
|
|
||||||
|
@receiver(post_delete, sender=User)
|
||||||
|
def user_post_delete(sender, **kwargs):
|
||||||
|
user = kwargs['instance']
|
||||||
|
user.ldap_del()
|
||||||
|
|
||||||
class Right(models.Model):
|
class Right(models.Model):
|
||||||
user = models.ForeignKey('User', on_delete=models.PROTECT)
|
user = models.ForeignKey('User', on_delete=models.PROTECT)
|
||||||
|
@ -232,6 +276,15 @@ class Right(models.Model):
|
||||||
def __str__(self):
|
def __str__(self):
|
||||||
return str(self.user) + " - " + str(self.right)
|
return str(self.user) + " - " + str(self.right)
|
||||||
|
|
||||||
|
@receiver(post_save, sender=Right)
|
||||||
|
def right_post_save(sender, **kwargs):
|
||||||
|
right = kwargs['instance'].right
|
||||||
|
right.ldap_sync()
|
||||||
|
|
||||||
|
@receiver(post_delete, sender=Right)
|
||||||
|
def right_post_delete(sender, **kwargs):
|
||||||
|
right = kwargs['instance'].right
|
||||||
|
right.ldap_sync()
|
||||||
|
|
||||||
class School(models.Model):
|
class School(models.Model):
|
||||||
name = models.CharField(max_length=255)
|
name = models.CharField(max_length=255)
|
||||||
|
@ -242,10 +295,42 @@ class School(models.Model):
|
||||||
|
|
||||||
class ListRight(models.Model):
|
class ListRight(models.Model):
|
||||||
listright = models.CharField(max_length=255, unique=True)
|
listright = models.CharField(max_length=255, unique=True)
|
||||||
|
gid = models.IntegerField(unique=True, null=True)
|
||||||
|
|
||||||
def __str__(self):
|
def __str__(self):
|
||||||
return self.listright
|
return self.listright
|
||||||
|
|
||||||
|
def ldap_sync(self):
|
||||||
|
try:
|
||||||
|
group_ldap = LdapUserGroup.objects.get(gid=self.gid)
|
||||||
|
except LdapUserGroup.DoesNotExist:
|
||||||
|
group_ldap = LdapUserGroup(gid=self.gid)
|
||||||
|
group_ldap.name = self.listright
|
||||||
|
group_ldap.members = [right.user.pseudo for right in Right.objects.filter(right=self)]
|
||||||
|
group_ldap.save()
|
||||||
|
|
||||||
|
def ldap_del(self):
|
||||||
|
try:
|
||||||
|
group_ldap = LdapUserGroup.objects.get(gid=self.gid)
|
||||||
|
group_ldap.delete()
|
||||||
|
except LdapUserGroup.DoesNotExist:
|
||||||
|
pass
|
||||||
|
|
||||||
|
@receiver(post_save, sender=ListRight)
|
||||||
|
def listright_post_save(sender, **kwargs):
|
||||||
|
right = kwargs['instance']
|
||||||
|
right.ldap_sync()
|
||||||
|
|
||||||
|
@receiver(post_delete, sender=ListRight)
|
||||||
|
def listright_post_delete(sender, **kwargs):
|
||||||
|
right = kwargs['instance']
|
||||||
|
right.ldap_del()
|
||||||
|
|
||||||
|
class ListShell(models.Model):
|
||||||
|
shell = models.CharField(max_length=255, unique=True)
|
||||||
|
|
||||||
|
def __str__(self):
|
||||||
|
return self.shell
|
||||||
|
|
||||||
class Ban(models.Model):
|
class Ban(models.Model):
|
||||||
user = models.ForeignKey('User', on_delete=models.PROTECT)
|
user = models.ForeignKey('User', on_delete=models.PROTECT)
|
||||||
|
@ -287,6 +372,59 @@ class Request(models.Model):
|
||||||
self.token = str(uuid.uuid4()).replace('-', '') # remove hyphens
|
self.token = str(uuid.uuid4()).replace('-', '') # remove hyphens
|
||||||
super(Request, self).save()
|
super(Request, self).save()
|
||||||
|
|
||||||
|
class LdapUser(ldapdb.models.Model):
|
||||||
|
"""
|
||||||
|
Class for representing an LDAP user entry.
|
||||||
|
"""
|
||||||
|
# LDAP meta-data
|
||||||
|
base_dn = LDAP_SETTINGS['base_user_dn']
|
||||||
|
object_classes = ['inetOrgPerson','top','posixAccount','sambaSamAccount','radiusprofile']
|
||||||
|
|
||||||
|
# attributes
|
||||||
|
gid = ldapdb.models.fields.IntegerField(db_column='gidNumber')
|
||||||
|
name = ldapdb.models.fields.CharField(db_column='cn', max_length=200, primary_key=True)
|
||||||
|
uid = ldapdb.models.fields.CharField(db_column='uid', max_length=200)
|
||||||
|
uidNumber = ldapdb.models.fields.IntegerField(db_column='uidNumber', unique=True)
|
||||||
|
sn = ldapdb.models.fields.CharField(db_column='sn', max_length=200)
|
||||||
|
loginShell = ldapdb.models.fields.CharField(db_column='loginShell', max_length=200, default="/bin/zsh")
|
||||||
|
mail = ldapdb.models.fields.CharField(db_column='mail', max_length=200)
|
||||||
|
given_name = ldapdb.models.fields.CharField(db_column='givenName', max_length=200)
|
||||||
|
home_directory = ldapdb.models.fields.CharField(db_column='homeDirectory', max_length=200)
|
||||||
|
display_name = ldapdb.models.fields.CharField(db_column='displayName', max_length=200)
|
||||||
|
dialupAccess = ldapdb.models.fields.CharField(db_column='dialupAccess')
|
||||||
|
sambaSID = ldapdb.models.fields.IntegerField(db_column='sambaSID', unique=True)
|
||||||
|
user_password = ldapdb.models.fields.CharField(db_column='userPassword', max_length=200, blank=True, null=True)
|
||||||
|
sambat_nt_password = ldapdb.models.fields.CharField(db_column='sambaNTPassword', max_length=200, blank=True, null=True)
|
||||||
|
macs = ldapdb.models.fields.ListField(db_column='radiusCallingStationId', max_length=200, blank=True, null=True)
|
||||||
|
|
||||||
|
def __str__(self):
|
||||||
|
return self.name
|
||||||
|
|
||||||
|
def __unicode__(self):
|
||||||
|
return self.name
|
||||||
|
|
||||||
|
def save(self, *args, **kwargs):
|
||||||
|
self.sn = self.name
|
||||||
|
self.uid = self.name
|
||||||
|
self.sambaSID = self.uidNumber
|
||||||
|
super(LdapUser, self).save(*args, **kwargs)
|
||||||
|
|
||||||
|
class LdapUserGroup(ldapdb.models.Model):
|
||||||
|
"""
|
||||||
|
Class for representing an LDAP user entry.
|
||||||
|
"""
|
||||||
|
# LDAP meta-data
|
||||||
|
base_dn = LDAP_SETTINGS['base_usergroup_dn']
|
||||||
|
object_classes = ['posixGroup']
|
||||||
|
|
||||||
|
# attributes
|
||||||
|
gid = ldapdb.models.fields.IntegerField(db_column='gidNumber')
|
||||||
|
members = ldapdb.models.fields.ListField(db_column='memberUid', blank=True)
|
||||||
|
name = ldapdb.models.fields.CharField(db_column='cn', max_length=200, primary_key=True)
|
||||||
|
|
||||||
|
def __str__(self):
|
||||||
|
return self.name
|
||||||
|
|
||||||
class BaseInfoForm(ModelForm):
|
class BaseInfoForm(ModelForm):
|
||||||
def __init__(self, *args, **kwargs):
|
def __init__(self, *args, **kwargs):
|
||||||
super(BaseInfoForm, self).__init__(*args, **kwargs)
|
super(BaseInfoForm, self).__init__(*args, **kwargs)
|
||||||
|
@ -343,6 +481,29 @@ class SchoolForm(ModelForm):
|
||||||
super(SchoolForm, self).__init__(*args, **kwargs)
|
super(SchoolForm, self).__init__(*args, **kwargs)
|
||||||
self.fields['name'].label = 'Établissement'
|
self.fields['name'].label = 'Établissement'
|
||||||
|
|
||||||
|
class ListRightForm(ModelForm):
|
||||||
|
class Meta:
|
||||||
|
model = ListRight
|
||||||
|
fields = ['listright']
|
||||||
|
|
||||||
|
def __init__(self, *args, **kwargs):
|
||||||
|
super(ListRightForm, self).__init__(*args, **kwargs)
|
||||||
|
self.fields['listright'].label = 'Nom du droit/groupe'
|
||||||
|
|
||||||
|
class NewListRightForm(ListRightForm):
|
||||||
|
class Meta(ListRightForm.Meta):
|
||||||
|
fields = '__all__'
|
||||||
|
|
||||||
|
def __init__(self, *args, **kwargs):
|
||||||
|
super(NewListRightForm, self).__init__(*args, **kwargs)
|
||||||
|
self.fields['gid'].label = 'Gid, attention, cet attribut ne doit pas être modifié après création'
|
||||||
|
|
||||||
|
class DelListRightForm(ModelForm):
|
||||||
|
listrights = forms.ModelMultipleChoiceField(queryset=ListRight.objects.all(), label="Droits actuels", widget=forms.CheckboxSelectMultiple)
|
||||||
|
|
||||||
|
class Meta:
|
||||||
|
exclude = ['listright','gid']
|
||||||
|
model = ListRight
|
||||||
|
|
||||||
class DelSchoolForm(ModelForm):
|
class DelSchoolForm(ModelForm):
|
||||||
schools = forms.ModelMultipleChoiceField(queryset=School.objects.all(), label="Etablissements actuels", widget=forms.CheckboxSelectMultiple)
|
schools = forms.ModelMultipleChoiceField(queryset=School.objects.all(), label="Etablissements actuels", widget=forms.CheckboxSelectMultiple)
|
||||||
|
|
19
users/templates/users/aff_listright.html
Normal file
19
users/templates/users/aff_listright.html
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
<table class="table table-striped">
|
||||||
|
<thead>
|
||||||
|
<tr>
|
||||||
|
<th>Droit</th>
|
||||||
|
<th>Gid</th>
|
||||||
|
<th></th>
|
||||||
|
<th></th>
|
||||||
|
</tr>
|
||||||
|
</thead>
|
||||||
|
{% for listright in listright_list %}
|
||||||
|
<tr>
|
||||||
|
<td>{{ listright.listright }}</td>
|
||||||
|
<td>{{ listright.gid }}</td>
|
||||||
|
<td><a class="btn btn-primary btn-sm" role="button" href="{% url 'users:edit-listright' listright.id %}"><i class="glyphicon glyphicon-pushpin"></i> Editer</a></td>
|
||||||
|
<td><a class="btn btn-info btn-sm" role="button" href="{% url 'users:history' 'listright' listright.id %}"><i class="glyphicon glyphicon-repeat"></i> Historique</a></td>
|
||||||
|
</tr>
|
||||||
|
{% endfor %}
|
||||||
|
</table>
|
||||||
|
|
17
users/templates/users/aff_rights.html
Normal file
17
users/templates/users/aff_rights.html
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
<table class="table table-striped">
|
||||||
|
<thead>
|
||||||
|
<tr>
|
||||||
|
{% for right in right_list %}
|
||||||
|
<th>{{ right }}</th>
|
||||||
|
<th></th>
|
||||||
|
{% endfor %}
|
||||||
|
</tr>
|
||||||
|
</thead>
|
||||||
|
{% for user_right in user_right_list %}
|
||||||
|
<tr>
|
||||||
|
<td> {{ user_right }}</td>
|
||||||
|
</tr>
|
||||||
|
{% endfor %}
|
||||||
|
</table>
|
||||||
|
|
||||||
|
|
15
users/templates/users/index_listright.html
Normal file
15
users/templates/users/index_listright.html
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
{% extends "users/sidebar.html" %}
|
||||||
|
{% load bootstrap3 %}
|
||||||
|
|
||||||
|
{% block title %}Utilisateurs{% endblock %}
|
||||||
|
|
||||||
|
{% block content %}
|
||||||
|
<h2>Liste des droits</h2>
|
||||||
|
<a class="btn btn-primary btn-sm" role="button" href="{% url 'users:add-listright' %}"><i class="glyphicon glyphicon-plus"></i> Ajouter un droit ou groupe</a>
|
||||||
|
<a class="btn btn-danger btn-sm" role="button" href="{% url 'users:del-listright' %}"><i class="glyphicon glyphicon-trash"></i> Supprimer un ou plusieurs droits/groupes</a>
|
||||||
|
{% include "users/aff_listright.html" with listright_list=listright_list %}
|
||||||
|
<br />
|
||||||
|
<br />
|
||||||
|
<br />
|
||||||
|
{% endblock %}
|
||||||
|
|
13
users/templates/users/index_rights.html
Normal file
13
users/templates/users/index_rights.html
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
{% extends "users/sidebar.html" %}
|
||||||
|
{% load bootstrap3 %}
|
||||||
|
|
||||||
|
{% block title %}Utilisateurs{% endblock %}
|
||||||
|
|
||||||
|
{% block content %}
|
||||||
|
<h2>Droits</h2>
|
||||||
|
{% include "users/aff_rights.html" %}
|
||||||
|
<br />
|
||||||
|
<br />
|
||||||
|
<br />
|
||||||
|
{% endblock %}
|
||||||
|
|
|
@ -7,6 +7,7 @@
|
||||||
<p><a href="{% url "users:index-ban" %}">Liste des bannissements</a></p>
|
<p><a href="{% url "users:index-ban" %}">Liste des bannissements</a></p>
|
||||||
<p><a href="{% url "users:index-white" %}">Liste des accès à titre gracieux</a></p>
|
<p><a href="{% url "users:index-white" %}">Liste des accès à titre gracieux</a></p>
|
||||||
<p><a href="{% url "users:index-school" %}">Liste des établissements</a></p>
|
<p><a href="{% url "users:index-school" %}">Liste des établissements</a></p>
|
||||||
|
<p><a href="{% url "users:index-listright" %}">Liste des droits</a></p>
|
||||||
{% if is_bureau %}
|
{% if is_bureau %}
|
||||||
<p><a href="{% url "users:del-right" %}">Retirer un droit</a></p>
|
<p><a href="{% url "users:del-right" %}">Retirer un droit</a></p>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
|
@ -16,10 +16,14 @@ urlpatterns = [
|
||||||
url(r'^add_school/$', views.add_school, name='add-school'),
|
url(r'^add_school/$', views.add_school, name='add-school'),
|
||||||
url(r'^edit_school/(?P<schoolid>[0-9]+)$', views.edit_school, name='edit-school'),
|
url(r'^edit_school/(?P<schoolid>[0-9]+)$', views.edit_school, name='edit-school'),
|
||||||
url(r'^del_school/$', views.del_school, name='del-school'),
|
url(r'^del_school/$', views.del_school, name='del-school'),
|
||||||
|
url(r'^add_listright/$', views.add_listright, name='add-listright'),
|
||||||
|
url(r'^edit_listright/(?P<listrightid>[0-9]+)$', views.edit_listright, name='edit-listright'),
|
||||||
|
url(r'^del_listright/$', views.del_listright, name='del-listright'),
|
||||||
url(r'^profil/(?P<userid>[0-9]+)$', views.profil, name='profil'),
|
url(r'^profil/(?P<userid>[0-9]+)$', views.profil, name='profil'),
|
||||||
url(r'^index_ban/$', views.index_ban, name='index-ban'),
|
url(r'^index_ban/$', views.index_ban, name='index-ban'),
|
||||||
url(r'^index_white/$', views.index_white, name='index-white'),
|
url(r'^index_white/$', views.index_white, name='index-white'),
|
||||||
url(r'^index_school/$', views.index_school, name='index-school'),
|
url(r'^index_school/$', views.index_school, name='index-school'),
|
||||||
|
url(r'^index_listright/$', views.index_listright, name='index-listright'),
|
||||||
url(r'^mon_profil/$', views.mon_profil, name='mon-profil'),
|
url(r'^mon_profil/$', views.mon_profil, name='mon-profil'),
|
||||||
url(r'^process/(?P<token>[a-z0-9]{32})/$', views.process, name='process'),
|
url(r'^process/(?P<token>[a-z0-9]{32})/$', views.process, name='process'),
|
||||||
url(r'^reset_password/$', views.reset_password, name='reset-password'),
|
url(r'^reset_password/$', views.reset_password, name='reset-password'),
|
||||||
|
@ -27,6 +31,7 @@ urlpatterns = [
|
||||||
url(r'^history/(?P<object>ban)/(?P<id>[0-9]+)$', views.history, name='history'),
|
url(r'^history/(?P<object>ban)/(?P<id>[0-9]+)$', views.history, name='history'),
|
||||||
url(r'^history/(?P<object>whitelist)/(?P<id>[0-9]+)$', views.history, name='history'),
|
url(r'^history/(?P<object>whitelist)/(?P<id>[0-9]+)$', views.history, name='history'),
|
||||||
url(r'^history/(?P<object>school)/(?P<id>[0-9]+)$', views.history, name='history'),
|
url(r'^history/(?P<object>school)/(?P<id>[0-9]+)$', views.history, name='history'),
|
||||||
|
url(r'^history/(?P<object>listright)/(?P<id>[0-9]+)$', views.history, name='history'),
|
||||||
url(r'^$', views.index, name='index'),
|
url(r'^$', views.index, name='index'),
|
||||||
]
|
]
|
||||||
|
|
||||||
|
|
|
@ -16,8 +16,8 @@ from django.db import transaction
|
||||||
|
|
||||||
from reversion import revisions as reversion
|
from reversion import revisions as reversion
|
||||||
from users.models import User, Right, Ban, Whitelist, School, ListRight, Request
|
from users.models import User, Right, Ban, Whitelist, School, ListRight, Request
|
||||||
from users.models import DelRightForm, BanForm, WhitelistForm, DelSchoolForm
|
from users.models import DelRightForm, BanForm, WhitelistForm, DelSchoolForm, DelListRightForm, NewListRightForm
|
||||||
from users.models import InfoForm, BaseInfoForm, StateForm, RightForm, SchoolForm
|
from users.models import InfoForm, BaseInfoForm, StateForm, RightForm, SchoolForm, ListRightForm
|
||||||
from cotisations.models import Facture
|
from cotisations.models import Facture
|
||||||
from machines.models import Machine, Interface
|
from machines.models import Machine, Interface
|
||||||
from users.forms import PassForm, ResetPasswordForm
|
from users.forms import PassForm, ResetPasswordForm
|
||||||
|
@ -93,7 +93,7 @@ def new_user(request):
|
||||||
req.save()
|
req.save()
|
||||||
reset_passwd_mail(req, request)
|
reset_passwd_mail(req, request)
|
||||||
messages.success(request, "L'utilisateur %s a été crée, un mail pour l'initialisation du mot de passe a été envoyé" % user.pseudo)
|
messages.success(request, "L'utilisateur %s a été crée, un mail pour l'initialisation du mot de passe a été envoyé" % user.pseudo)
|
||||||
return redirect("/users/profil/" + user.id)
|
return redirect("/users/profil/" + str(user.id))
|
||||||
return form({'userform': user}, 'users/user.html', request)
|
return form({'userform': user}, 'users/user.html', request)
|
||||||
|
|
||||||
@login_required
|
@login_required
|
||||||
|
@ -327,6 +327,57 @@ def del_school(request):
|
||||||
return redirect("/users/index_school/")
|
return redirect("/users/index_school/")
|
||||||
return form({'userform': school}, 'users/user.html', request)
|
return form({'userform': school}, 'users/user.html', request)
|
||||||
|
|
||||||
|
@login_required
|
||||||
|
@permission_required('bureau')
|
||||||
|
def add_listright(request):
|
||||||
|
listright = NewListRightForm(request.POST or None)
|
||||||
|
if listright.is_valid():
|
||||||
|
with transaction.atomic(), reversion.create_revision():
|
||||||
|
listright.save()
|
||||||
|
reversion.set_user(request.user)
|
||||||
|
reversion.set_comment("Création")
|
||||||
|
messages.success(request, "Le droit/groupe a été ajouté")
|
||||||
|
return redirect("/users/index_listright/")
|
||||||
|
return form({'userform': listright}, 'users/user.html', request)
|
||||||
|
|
||||||
|
@login_required
|
||||||
|
@permission_required('bureau')
|
||||||
|
def edit_listright(request, listrightid):
|
||||||
|
try:
|
||||||
|
listright_instance = ListRight.objects.get(pk=listrightid)
|
||||||
|
except ListRight.DoesNotExist:
|
||||||
|
messages.error(request, u"Entrée inexistante" )
|
||||||
|
return redirect("/users/")
|
||||||
|
listright = ListRightForm(request.POST or None, instance=listright_instance)
|
||||||
|
if listright.is_valid():
|
||||||
|
with transaction.atomic(), reversion.create_revision():
|
||||||
|
listright.save()
|
||||||
|
reversion.set_user(request.user)
|
||||||
|
reversion.set_comment("Champs modifié(s) : %s" % ', '.join(field for field in listright.changed_data))
|
||||||
|
messages.success(request, "Droit modifié")
|
||||||
|
return redirect("/users/index_listright/")
|
||||||
|
return form({'userform': listright}, 'users/user.html', request)
|
||||||
|
|
||||||
|
@login_required
|
||||||
|
@permission_required('bureau')
|
||||||
|
def del_listright(request):
|
||||||
|
listright = DelListRightForm(request.POST or None)
|
||||||
|
if listright.is_valid():
|
||||||
|
listright_dels = listright.cleaned_data['listrights']
|
||||||
|
for listright_del in listright_dels:
|
||||||
|
try:
|
||||||
|
with transaction.atomic(), reversion.create_revision():
|
||||||
|
listright_del.delete()
|
||||||
|
reversion.set_comment("Destruction")
|
||||||
|
messages.success(request, "Le droit/groupe a été supprimé")
|
||||||
|
except ProtectedError:
|
||||||
|
messages.error(
|
||||||
|
request,
|
||||||
|
"L'établissement %s est affecté à au moins un user, \
|
||||||
|
vous ne pouvez pas le supprimer" % listright_del)
|
||||||
|
return redirect("/users/index_listright/")
|
||||||
|
return form({'userform': listright}, 'users/user.html', request)
|
||||||
|
|
||||||
@login_required
|
@login_required
|
||||||
@permission_required('cableur')
|
@permission_required('cableur')
|
||||||
def index(request):
|
def index(request):
|
||||||
|
@ -365,6 +416,12 @@ def index_school(request):
|
||||||
school_list = School.objects.order_by('name')
|
school_list = School.objects.order_by('name')
|
||||||
return render(request, 'users/index_schools.html', {'school_list':school_list})
|
return render(request, 'users/index_schools.html', {'school_list':school_list})
|
||||||
|
|
||||||
|
@login_required
|
||||||
|
@permission_required('cableur')
|
||||||
|
def index_listright(request):
|
||||||
|
listright_list = ListRight.objects.order_by('listright')
|
||||||
|
return render(request, 'users/index_listright.html', {'listright_list':listright_list})
|
||||||
|
|
||||||
@login_required
|
@login_required
|
||||||
def history(request, object, id):
|
def history(request, object, id):
|
||||||
if object == 'user':
|
if object == 'user':
|
||||||
|
@ -400,6 +457,12 @@ def history(request, object, id):
|
||||||
except School.DoesNotExist:
|
except School.DoesNotExist:
|
||||||
messages.error(request, "Ecole inexistante")
|
messages.error(request, "Ecole inexistante")
|
||||||
return redirect("/users/")
|
return redirect("/users/")
|
||||||
|
elif object == 'listright' and request.user.has_perms(('cableur',)):
|
||||||
|
try:
|
||||||
|
object_instance = ListRight.objects.get(pk=id)
|
||||||
|
except ListRight.DoesNotExist:
|
||||||
|
messages.error(request, "Droit inexistant")
|
||||||
|
return redirect("/users/")
|
||||||
else:
|
else:
|
||||||
messages.error(request, "Objet inconnu")
|
messages.error(request, "Objet inconnu")
|
||||||
return redirect("/users/")
|
return redirect("/users/")
|
||||||
|
|
Loading…
Reference in a new issue