kunsi/bundlewrap
1
0
Fork 0
Code Issues 1 Pull requests 1 Releases Activity

bundles/pretalx: add script to automatically set is_administrator and is_staff based on group membership
All checks were successful
kunsi/bundlewrap/pipeline/head This commit looks good
Details

Browse source
This commit is contained in:
Franzi 2021-10-15 20:03:15 +02:00
parent f02088d9fe
commit 86953e60bd
Signed by: kunsi
GPG key ID: 12E3D2136B818350
4 changed files with 90 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
bundles/pretalx/files/cron-pretalx-administrators-from-group Normal file
View file

@ -0,0 +1,8 @@
# CAUTION! This file is managed with bundlewrap.
# Any manual edits will be lost!
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=${node.metadata.get('pretalx/mail_from')}
*/10 * * * * pretalx /opt/pretalx/pretalx-administrators-from-group ${node.metadata.get('pretalx/administrators-from-group-id')}

68
bundles/pretalx/files/pretalx-administrators-from-group Normal file
View file

@ -0,0 +1,68 @@
#!/usr/bin/env python3
import psycopg2
from psycopg2.extras import LoggingConnection
from configparser import ConfigParser
from sys import argv, exit
def main():
try:
group_id = int(argv[1])
except IndexError:
print(f'Usage: {argv[0]} <group_id>')
print()
print('Sets pretalx administrator permissions based on that group id')
exit(1)
config = ConfigParser()
config.read('/opt/pretalx/pretalx.cfg')
try:
db = psycopg2.connect(
dbname=config['database']['name'],
user=config['database']['user'],
password=config['database']['password'],
)
with db.cursor() as sel:
sel.execute(
'SELECT id, user_id FROM event_team_members WHERE team_id=%s ORDER BY user_id ASC;',
(group_id,),
)
admin_users = set()
for perm_id, user_id in sel.fetchall():
admin_users.add(user_id)
if not admin_users:
raise ValueError(f'There are no users in group {argv[1]}')
update_queries = []
with db.cursor() as sel:
sel.execute('SELECT id, name, email, is_administrator, is_staff FROM person_user ORDER BY name ASC;')
for uid, name, email, is_admin, is_staff in sel.fetchall():
should_admin = (uid in admin_users)
if not (
should_admin == is_admin and
should_admin == is_staff
):
print(f'Fixing user "{name}" ({email}) - is: {is_admin} {is_staff} - should: {should_admin}')
update_queries.append({
'admin': should_admin,
'uid': uid,
})
with db.cursor() as upd:
for query in update_queries:
upd.execute(
'UPDATE person_user SET is_administrator=%(admin)s, is_staff=%(admin)s WHERE id=%(uid)s;',
query,
)
db.commit()
finally:
db.close()
if __name__ == '__main__':
main()

13
bundles/pretalx/items.py
View file

@ -129,6 +129,9 @@ files = {
'svc_systemd:pretalx-worker:restart',
},
},
'/opt/pretalx/pretalx-administrators-from-group': {
'mode': '0755',
},
'/etc/systemd/system/pretalx-runperiodic.timer': {
'triggers': {
'action:systemd-reload',
@ -165,6 +168,16 @@ files = {
},
}
if node.metadata.get('pretalx/administrators-from-group-id', None):
files['/etc/cron.d/pretalx-administrators-from-group'] = {
'source': 'cron-pretalx-administrators-from-group',
'content_type': 'mako',
}
else:
files['/etc/cron.d/pretalx-administrators-from-group'] = {
'delete': True,
}
# run `pip install` one after another due to concurrency issues
last_action = 'action:pretalx_install'
for plugin_name, plugin_config in node.metadata.get('pretalx/plugins', {}).items():

1
nodes/voc/pretalx.py
View file

@ -49,6 +49,7 @@ nodes['voc.pretalx'] = {
'version': 'v2.2.0',
'domain': 'pretalx.c3voc.de',
'mail_from': 'pretalx@c3voc.de',
'administrators-from-group-id': 1,
'plugins': {
'downstream': {
'repo': 'https://github.com/pretalx/pretalx-downstream.git',