From e940782bc93899e131c3c992dd8b5ed936229f2a Mon Sep 17 00:00:00 2001 From: Gabriel Detraz Date: Sun, 18 Jun 2017 14:59:53 +0200 Subject: [PATCH] Gestion des services users par re2o --- install_utils/schema.ldiff | 2 +- users/admin.py | 11 ++- users/migrations/0043_auto_20161224_1156.py | 29 ++++++++ users/migrations/0044_user_ssh_public_key.py | 19 +++++ users/migrations/0045_merge.py | 15 ++++ users/migrations/0046_auto_20170617_1433.py | 39 ++++++++++ users/migrations/0047_auto_20170618_0156.py | 32 +++++++++ users/migrations/0048_auto_20170618_0210.py | 21 ++++++ users/migrations/0049_auto_20170618_1424.py | 20 ++++++ users/models.py | 54 +++++++++++--- users/templates/users/aff_serviceusers.html | 45 ++++++++++++ users/templates/users/delete.html | 40 +++++++++++ users/templates/users/index_serviceusers.html | 38 ++++++++++ users/templates/users/sidebar.html | 6 +- users/urls.py | 5 ++ users/views.py | 72 ++++++++++++++++++- 16 files changed, 433 insertions(+), 15 deletions(-) create mode 100644 users/migrations/0043_auto_20161224_1156.py create mode 100644 users/migrations/0044_user_ssh_public_key.py create mode 100644 users/migrations/0045_merge.py create mode 100644 users/migrations/0046_auto_20170617_1433.py create mode 100644 users/migrations/0047_auto_20170618_0156.py create mode 100644 users/migrations/0048_auto_20170618_0210.py create mode 100644 users/migrations/0049_auto_20170618_1424.py create mode 100644 users/templates/users/aff_serviceusers.html create mode 100644 users/templates/users/delete.html create mode 100644 users/templates/users/index_serviceusers.html diff --git a/install_utils/schema.ldiff b/install_utils/schema.ldiff index 662f8850..aa17263b 100644 --- a/install_utils/schema.ldiff +++ b/install_utils/schema.ldiff @@ -219,7 +219,7 @@ olcObjectClasses: {6}( 2.5.6.8 NAME 'organizationalRole' DESC 'RFC2256: an o street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOffic eName $ ou $ st $ l $ description ) ) olcObjectClasses: {7}( 2.5.6.9 NAME 'groupOfNames' DESC 'RFC2256: a group of - names (DNs)' SUP top STRUCTURAL MUST ( member $ cn ) MAY ( businessCategor + names (DNs)' SUP top STRUCTURAL MUST ( cn ) MAY ( member $ businessCategor y $ seeAlso $ owner $ ou $ o $ description ) ) olcObjectClasses: {8}( 2.5.6.10 NAME 'residentialPerson' DESC 'RFC2256: an r esidential person' SUP person STRUCTURAL MUST l MAY ( businessCategory $ x1 diff --git a/users/admin.py b/users/admin.py index 78c53c41..1b3c7d5c 100644 --- a/users/admin.py +++ b/users/admin.py @@ -25,7 +25,7 @@ from django.contrib.auth.models import Group from django.contrib.auth.admin import UserAdmin as BaseUserAdmin from reversion.admin import VersionAdmin -from .models import User, ServiceUser, School, Right, ListRight, ListShell, Ban, Whitelist, Request, LdapUser, LdapServiceUser, LdapUserGroup +from .models import User, ServiceUser, School, Right, ListRight, ListShell, Ban, Whitelist, Request, LdapUser, LdapServiceUser, LdapServiceUserGroup, LdapUserGroup from .forms import UserChangeForm, UserCreationForm, ServiceUserChangeForm, ServiceUserCreationForm @@ -57,6 +57,10 @@ class LdapUserGroupAdmin(admin.ModelAdmin): list_display = ('name','members','gid') search_fields = ('name',) +class LdapServiceUserGroupAdmin(admin.ModelAdmin): + list_display = ('name',) + search_fields = ('name',) + class SchoolAdmin(VersionAdmin): list_display = ('name',) @@ -116,10 +120,10 @@ class ServiceUserAdmin(VersionAdmin, BaseUserAdmin): # The fields to be used in displaying the User model. # These override the definitions on the base UserAdmin # that reference specific fields on auth.User. - list_display = ('pseudo',) + list_display = ('pseudo', 'access_group') list_filter = () fieldsets = ( - (None, {'fields': ('pseudo', 'password')}), + (None, {'fields': ('pseudo', 'password', 'access_group')}), ) # add_fieldsets is not a standard ModelAdmin attribute. UserAdmin # overrides get_fieldsets to use this attribute when creating a user. @@ -138,6 +142,7 @@ admin.site.register(ServiceUser, ServiceUserAdmin) admin.site.register(LdapUser, LdapUserAdmin) admin.site.register(LdapUserGroup, LdapUserGroupAdmin) admin.site.register(LdapServiceUser, LdapServiceUserAdmin) +admin.site.register(LdapServiceUserGroup, LdapServiceUserGroupAdmin) admin.site.register(School, SchoolAdmin) admin.site.register(Right, RightAdmin) admin.site.register(ListRight, ListRightAdmin) diff --git a/users/migrations/0043_auto_20161224_1156.py b/users/migrations/0043_auto_20161224_1156.py new file mode 100644 index 00000000..18aa1e35 --- /dev/null +++ b/users/migrations/0043_auto_20161224_1156.py @@ -0,0 +1,29 @@ +# -*- coding: utf-8 -*- +from __future__ import unicode_literals + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('users', '0042_auto_20161126_2028'), + ] + + operations = [ + migrations.AlterField( + model_name='ldapserviceuser', + name='dn', + field=models.CharField(max_length=200), + ), + migrations.AlterField( + model_name='ldapuser', + name='dn', + field=models.CharField(max_length=200), + ), + migrations.AlterField( + model_name='ldapusergroup', + name='dn', + field=models.CharField(max_length=200), + ), + ] diff --git a/users/migrations/0044_user_ssh_public_key.py b/users/migrations/0044_user_ssh_public_key.py new file mode 100644 index 00000000..e25194d2 --- /dev/null +++ b/users/migrations/0044_user_ssh_public_key.py @@ -0,0 +1,19 @@ +# -*- coding: utf-8 -*- +from __future__ import unicode_literals + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('users', '0043_auto_20161224_1156'), + ] + + operations = [ + migrations.AddField( + model_name='user', + name='ssh_public_key', + field=models.CharField(max_length=2047, null=True, blank=True), + ), + ] diff --git a/users/migrations/0045_merge.py b/users/migrations/0045_merge.py new file mode 100644 index 00000000..fa8b8712 --- /dev/null +++ b/users/migrations/0045_merge.py @@ -0,0 +1,15 @@ +# -*- coding: utf-8 -*- +from __future__ import unicode_literals + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('users', '0043_ban_state'), + ('users', '0044_user_ssh_public_key'), + ] + + operations = [ + ] diff --git a/users/migrations/0046_auto_20170617_1433.py b/users/migrations/0046_auto_20170617_1433.py new file mode 100644 index 00000000..7b846abf --- /dev/null +++ b/users/migrations/0046_auto_20170617_1433.py @@ -0,0 +1,39 @@ +# -*- coding: utf-8 -*- +# Generated by Django 1.10.7 on 2017-06-17 12:33 +from __future__ import unicode_literals + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('users', '0045_merge'), + ] + + operations = [ + migrations.RemoveField( + model_name='user', + name='ssh_public_key', + ), + migrations.AlterField( + model_name='ban', + name='state', + field=models.IntegerField(choices=[(0, 'HARD (aucun accès)'), (1, 'SOFT (accès local seulement)'), (2, 'BRIDAGE (bridage du débit)')], default=0), + ), + migrations.AlterField( + model_name='ldapserviceuser', + name='dn', + field=models.CharField(max_length=200, primary_key=True, serialize=False), + ), + migrations.AlterField( + model_name='ldapuser', + name='dn', + field=models.CharField(max_length=200, primary_key=True, serialize=False), + ), + migrations.AlterField( + model_name='ldapusergroup', + name='dn', + field=models.CharField(max_length=200, primary_key=True, serialize=False), + ), + ] diff --git a/users/migrations/0047_auto_20170618_0156.py b/users/migrations/0047_auto_20170618_0156.py new file mode 100644 index 00000000..dc19b38a --- /dev/null +++ b/users/migrations/0047_auto_20170618_0156.py @@ -0,0 +1,32 @@ +# -*- coding: utf-8 -*- +# Generated by Django 1.10.7 on 2017-06-17 23:56 +from __future__ import unicode_literals + +from django.db import migrations, models +import ldapdb.models.fields + + +class Migration(migrations.Migration): + + dependencies = [ + ('users', '0046_auto_20170617_1433'), + ] + + operations = [ + migrations.CreateModel( + name='LdapServiceUserGroup', + fields=[ + ('dn', models.CharField(max_length=200, primary_key=True, serialize=False)), + ('name', ldapdb.models.fields.CharField(db_column='cn', max_length=200, serialize=False)), + ('members', ldapdb.models.fields.ListField(blank=True, db_column='member')), + ], + options={ + 'abstract': False, + }, + ), + migrations.AddField( + model_name='serviceuser', + name='access_group', + field=models.IntegerField(choices=[(0, 'auth'), (1, 'readonly'), (2, 'usermgmt')], default=1), + ), + ] diff --git a/users/migrations/0048_auto_20170618_0210.py b/users/migrations/0048_auto_20170618_0210.py new file mode 100644 index 00000000..7ef8c397 --- /dev/null +++ b/users/migrations/0048_auto_20170618_0210.py @@ -0,0 +1,21 @@ +# -*- coding: utf-8 -*- +# Generated by Django 1.10.7 on 2017-06-18 00:10 +from __future__ import unicode_literals + +from django.db import migrations +import ldapdb.models.fields + + +class Migration(migrations.Migration): + + dependencies = [ + ('users', '0047_auto_20170618_0156'), + ] + + operations = [ + migrations.AlterField( + model_name='ldapserviceusergroup', + name='name', + field=ldapdb.models.fields.CharField(db_column='cn', max_length=200, primary_key=True, serialize=False), + ), + ] diff --git a/users/migrations/0049_auto_20170618_1424.py b/users/migrations/0049_auto_20170618_1424.py new file mode 100644 index 00000000..773544a0 --- /dev/null +++ b/users/migrations/0049_auto_20170618_1424.py @@ -0,0 +1,20 @@ +# -*- coding: utf-8 -*- +# Generated by Django 1.10.7 on 2017-06-18 12:24 +from __future__ import unicode_literals + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('users', '0048_auto_20170618_0210'), + ] + + operations = [ + migrations.AlterField( + model_name='serviceuser', + name='access_group', + field=models.CharField(choices=[('auth', 'auth'), ('readonly', 'readonly'), ('usermgmt', 'usermgmt')], default='readonly', max_length=32), + ), + ] diff --git a/users/models.py b/users/models.py index 31247d30..c69a8b0c 100644 --- a/users/models.py +++ b/users/models.py @@ -38,6 +38,7 @@ import datetime from django.utils import timezone from django.contrib.auth.models import AbstractBaseUser, BaseUserManager +from django.core.validators import MinLengthValidator from topologie.models import Room from cotisations.models import Cotisation, Facture, Vente from machines.models import Interface, Machine @@ -373,9 +374,17 @@ def user_post_delete(sender, **kwargs): user.ldap_del() class ServiceUser(AbstractBaseUser): + readonly = 'readonly' + ACCESS = ( + ('auth', 'auth'), + ('readonly', 'readonly'), + ('usermgmt', 'usermgmt'), + ) + PRETTY_NAME = "Utilisateurs de service" pseudo = models.CharField(max_length=32, unique=True, help_text="Doit contenir uniquement des lettres, chiffres, ou tirets", validators=[linux_user_validator]) + access_group = models.CharField(choices=ACCESS, default=readonly, max_length=32) USERNAME_FIELD = 'pseudo' @@ -386,8 +395,9 @@ class ServiceUser(AbstractBaseUser): user_ldap = LdapServiceUser.objects.get(name=self.pseudo) except LdapServiceUser.DoesNotExist: user_ldap = LdapServiceUser(name=self.pseudo) - user_ldap.user_password = self.password + user_ldap.user_password = self.password[:6] + self.password[7:] user_ldap.save() + self.serviceuser_group_sync() def ldap_del(self): try: @@ -395,6 +405,15 @@ class ServiceUser(AbstractBaseUser): user_ldap.delete() except LdapUser.DoesNotExist: pass + self.serviceuser_group_sync() + + def serviceuser_group_sync(self): + try: + group = LdapServiceUserGroup.objects.get(name=self.access_group) + except: + group = LdapServiceUserGroup(name=self.access_group) + group.members = [serviceuser.dn for serviceuser in LdapServiceUser.objects.filter(name__in=[user.pseudo for user in ServiceUser.objects.filter(access_group=self.access_group)])] + group.save() def __str__(self): return self.pseudo @@ -402,12 +421,12 @@ class ServiceUser(AbstractBaseUser): @receiver(post_save, sender=ServiceUser) def service_user_post_save(sender, **kwargs): service_user = kwargs['instance'] -# service_user.ldap_sync() + service_user.ldap_sync() @receiver(post_delete, sender=ServiceUser) def service_user_post_delete(sender, **kwargs): service_user = kwargs['instance'] -# service_user.ldap_del() + service_user.ldap_del() class Right(models.Model): PRETTY_NAME = "Droits affectés à des users" @@ -624,6 +643,24 @@ class LdapServiceUser(ldapdb.models.Model): name = ldapdb.models.fields.CharField(db_column='cn', max_length=200, primary_key=True) user_password = ldapdb.models.fields.CharField(db_column='userPassword', max_length=200, blank=True, null=True) + def __str__(self): + return self.name + +class LdapServiceUserGroup(ldapdb.models.Model): + """ + Class for representing an LDAP userservice entry. + """ + # LDAP meta-data + base_dn = LDAP['base_userservicegroup_dn'] + object_classes = ['groupOfNames'] + + # attributes + name = ldapdb.models.fields.CharField(db_column='cn', max_length=200, primary_key=True) + members = ldapdb.models.fields.ListField(db_column='member', blank=True) + + def __str__(self): + return self.name + class BaseInfoForm(ModelForm): def __init__(self, *args, **kwargs): super(BaseInfoForm, self).__init__(*args, **kwargs) @@ -678,14 +715,15 @@ class PasswordForm(ModelForm): fields = ['password', 'pwd_ntlm'] class ServiceUserForm(ModelForm): + password = forms.CharField(label=u'Nouveau mot de passe', max_length=255, validators=[MinLengthValidator(8)], widget=forms.PasswordInput, required=False) + class Meta: model = ServiceUser - fields = ('pseudo','password') + fields = ('pseudo','access_group') -class ServicePasswordForm(ModelForm): - class Meta: - model = ServiceUser - fields = ('password',) +class EditServiceUserForm(ServiceUserForm): + class Meta(ServiceUserForm.Meta): + fields = ['access_group'] class StateForm(ModelForm): class Meta: diff --git a/users/templates/users/aff_serviceusers.html b/users/templates/users/aff_serviceusers.html new file mode 100644 index 00000000..217892b0 --- /dev/null +++ b/users/templates/users/aff_serviceusers.html @@ -0,0 +1,45 @@ +{% comment %} +Re2o est un logiciel d'administration développé initiallement au rezometz. Il +se veut agnostique au réseau considéré, de manière à être installable en +quelques clics. + +Copyright © 2017 Gabriel Détraz +Copyright © 2017 Goulven Kermarec +Copyright © 2017 Augustin Lemesle + +This program is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2 of the License, or +(at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License along +with this program; if not, write to the Free Software Foundation, Inc., +51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +{% endcomment %} + + + + + + + + + + {% for serviceuser in serviceusers_list %} + + + + + + {% endfor %} +
NomRôle
{{ serviceuser.pseudo }}{{ serviceuser.access_group }} + {% include 'buttons/suppr.html' with href='users:del-serviceuser' id=serviceuser.id %} + {% include 'buttons/edit.html' with href='users:edit-serviceuser' id=serviceuser.id %} + {% include 'buttons/history.html' with href='users:history' name='serviceuser' id=serviceuser.id %} +
+ diff --git a/users/templates/users/delete.html b/users/templates/users/delete.html new file mode 100644 index 00000000..727694d3 --- /dev/null +++ b/users/templates/users/delete.html @@ -0,0 +1,40 @@ +{% extends "machines/sidebar.html" %} +{% comment %} +Re2o est un logiciel d'administration développé initiallement au rezometz. Il +se veut agnostique au réseau considéré, de manière à être installable en +quelques clics. + +Copyright © 2017 Gabriel Détraz +Copyright © 2017 Goulven Kermarec +Copyright © 2017 Augustin Lemesle + +This program is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2 of the License, or +(at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License along +with this program; if not, write to the Free Software Foundation, Inc., +51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +{% endcomment %} + +{% load bootstrap3 %} + +{% block title %}Destruction d'objets{% endblock %} + +{% block content %} + +
+ {% csrf_token %} +

Attention, voulez-vous vraiment supprimer cet objet {{ objet_name }} ( {{ objet }} ) ?

+ {% bootstrap_button "Confirmer" button_type="submit" icon="trash" %} +
+
+
+
+{% endblock %} diff --git a/users/templates/users/index_serviceusers.html b/users/templates/users/index_serviceusers.html new file mode 100644 index 00000000..8fdab8c2 --- /dev/null +++ b/users/templates/users/index_serviceusers.html @@ -0,0 +1,38 @@ +{% extends "users/sidebar.html" %} +{% comment %} +Re2o est un logiciel d'administration développé initiallement au rezometz. Il +se veut agnostique au réseau considéré, de manière à être installable en +quelques clics. + +Copyright © 2017 Gabriel Détraz +Copyright © 2017 Goulven Kermarec +Copyright © 2017 Augustin Lemesle + +This program is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2 of the License, or +(at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License along +with this program; if not, write to the Free Software Foundation, Inc., +51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +{% endcomment %} + +{% load bootstrap3 %} + +{% block title %}Utilisateurs{% endblock %} + +{% block content %} +

Liste des service users

+ Ajouter un service user + {% include "users/aff_serviceusers.html" with serviceusers_list=serviceusers_list %} +
+
+
+{% endblock %} + diff --git a/users/templates/users/sidebar.html b/users/templates/users/sidebar.html index f3b28029..ef94c0a9 100644 --- a/users/templates/users/sidebar.html +++ b/users/templates/users/sidebar.html @@ -50,7 +50,11 @@ with this program; if not, write to the Free Software Foundation, Inc., Droits - {% if is_bureau %} + + + Gérer les service users + + {% if is_bureau %} Retirer un droit diff --git a/users/urls.py b/users/urls.py index 66d64f90..c869e226 100644 --- a/users/urls.py +++ b/users/urls.py @@ -29,6 +29,9 @@ urlpatterns = [ url(r'^edit_info/(?P[0-9]+)$', views.edit_info, name='edit-info'), url(r'^state/(?P[0-9]+)$', views.state, name='state'), url(r'^password/(?P[0-9]+)$', views.password, name='password'), + url(r'^new_serviceuser/$', views.new_serviceuser, name='new-serviceuser'), + url(r'^edit_serviceuser/(?P[0-9]+)$', views.edit_serviceuser, name='edit-serviceuser'), + url(r'^del_serviceuser/(?P[0-9]+)$', views.del_serviceuser, name='del-serviceuser'), url(r'^add_ban/(?P[0-9]+)$', views.add_ban, name='add-ban'), url(r'^edit_ban/(?P[0-9]+)$', views.edit_ban, name='edit-ban'), url(r'^add_whitelist/(?P[0-9]+)$', views.add_whitelist, name='add-whitelist'), @@ -46,6 +49,7 @@ urlpatterns = [ url(r'^index_white/$', views.index_white, name='index-white'), url(r'^index_school/$', views.index_school, name='index-school'), url(r'^index_listright/$', views.index_listright, name='index-listright'), + url(r'^index_serviceusers/$', views.index_serviceusers, name='index-serviceusers'), url(r'^mon_profil/$', views.mon_profil, name='mon-profil'), url(r'^process/(?P[a-z0-9]{32})/$', views.process, name='process'), url(r'^reset_password/$', views.reset_password, name='reset-password'), @@ -55,6 +59,7 @@ urlpatterns = [ url(r'^history/(?Pwhitelist)/(?P[0-9]+)$', views.history, name='history'), url(r'^history/(?Pschool)/(?P[0-9]+)$', views.history, name='history'), url(r'^history/(?Plistright)/(?P[0-9]+)$', views.history, name='history'), + url(r'^history/(?Pserviceuser)/(?P[0-9]+)$', views.history, name='history'), url(r'^$', views.index, name='index'), ] diff --git a/users/views.py b/users/views.py index aab2826c..708b7f8e 100644 --- a/users/views.py +++ b/users/views.py @@ -38,9 +38,9 @@ from django.db import transaction from reversion.models import Version from reversion import revisions as reversion -from users.models import User, Right, Ban, Whitelist, School, ListRight, Request +from users.models import User, Right, Ban, Whitelist, School, ListRight, Request, ServiceUser from users.models import DelRightForm, BanForm, WhitelistForm, DelSchoolForm, DelListRightForm, NewListRightForm -from users.models import EditInfoForm, InfoForm, BaseInfoForm, StateForm, RightForm, SchoolForm, ListRightForm +from users.models import EditInfoForm, InfoForm, BaseInfoForm, StateForm, RightForm, SchoolForm, EditServiceUserForm, ServiceUserForm, ListRightForm from cotisations.models import Facture from machines.models import Machine, Interface from users.forms import MassArchiveForm, PassForm, ResetPasswordForm @@ -213,6 +213,61 @@ def password(request, userid): return password_change_action(u_form, user, request) return form({'userform': u_form}, 'users/user.html', request) +@login_required +@permission_required('infra') +def new_serviceuser(request): + """ Vue de création d'un nouvel utilisateur service""" + user = ServiceUserForm(request.POST or None) + if user.is_valid(): + user_object = user.save(commit=False) + with transaction.atomic(), reversion.create_revision(): + user_object.set_password(user.cleaned_data['password']) + user_object.save() + reversion.set_user(request.user) + reversion.set_comment("Création") + messages.success(request, "L'utilisateur %s a été crée" % user_object.pseudo) + return redirect("/users/index_serviceusers/") + return form({'userform': user}, 'users/user.html', request) + +@login_required +@permission_required('infra') +def edit_serviceuser(request, userid): + """ Edite un utilisateur à partir de son id, + si l'id est différent de request.user, vérifie la possession du droit cableur """ + try: + user = ServiceUser.objects.get(pk=userid) + except ServiceUser.DoesNotExist: + messages.error(request, "Utilisateur inexistant") + return redirect("/users/") + user = EditServiceUserForm(request.POST or None, instance=user) + if user.is_valid(): + user_object = user.save(commit=False) + with transaction.atomic(), reversion.create_revision(): + if user.cleaned_data['password']: + user_object.set_password(user.cleaned_data['password']) + user_object.save() + reversion.set_user(request.user) + reversion.set_comment("Champs modifié(s) : %s" % ', '.join(field for field in user.changed_data)) + messages.success(request, "L'user a bien été modifié") + return redirect("/users/index_serviceusers") + return form({'userform': user}, 'users/user.html', request) + +@login_required +@permission_required('infra') +def del_serviceuser(request, userid): + try: + user = ServiceUser.objects.get(pk=userid) + except ServiceUser.DoesNotExist: + messages.error(request, u"Utilisateur inexistant" ) + return redirect("/users/") + if request.method == "POST": + with transaction.atomic(), reversion.create_revision(): + user.delete() + reversion.set_user(request.user) + messages.success(request, "L'user a été détruite") + return redirect("/users/index_serviceusers/") + return form({'objet': user, 'objet_name': 'serviceuser'}, 'users/delete.html', request) + @login_required @permission_required('bureau') def add_right(request, userid): @@ -534,6 +589,13 @@ def index_listright(request): listright_list = ListRight.objects.order_by('listright') return render(request, 'users/index_listright.html', {'listright_list':listright_list}) +@login_required +@permission_required('cableur') +def index_serviceusers(request): + """ Affiche les users de services (pour les accès ldap)""" + serviceusers_list = ServiceUser.objects.order_by('pseudo') + return render(request, 'users/index_serviceusers.html', {'serviceusers_list':serviceusers_list}) + @login_required def history(request, object, id): """ Affichage de l'historique : (acl, argument) @@ -551,6 +613,12 @@ def history(request, object, id): if not request.user.has_perms(('cableur',)) and object_instance != request.user: messages.error(request, "Vous ne pouvez pas afficher l'historique d'un autre user que vous sans droit cableur") return redirect("/users/profil/" + str(request.user.id)) + elif object == 'serviceuser' and request.user.has_perms(('cableur',)): + try: + object_instance = ServiceUser.objects.get(pk=id) + except ServiceUser.DoesNotExist: + messages.error(request, "User service inexistant") + return redirect("/users/") elif object == 'ban': try: object_instance = Ban.objects.get(pk=id)