From 026fbf3c58fedfa98f28023f8dc730beadad88a3 Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Tue, 21 Dec 2021 09:27:25 +0100 Subject: [PATCH] add some group management --- ldap_frontend/__init__.py | 53 ++++++++++++++++++++- ldap_frontend/helpers/flask.py | 38 +++++++++++++++ ldap_frontend/helpers/ldap.py | 32 ++++++------- ldap_frontend/templates/groups/list.html | 26 ++++++++++ ldap_frontend/templates/groups/members.html | 27 +++++++++++ ldap_frontend/templates/layout/default.html | 2 +- 6 files changed, 157 insertions(+), 21 deletions(-) create mode 100644 ldap_frontend/helpers/flask.py create mode 100644 ldap_frontend/templates/groups/list.html create mode 100644 ldap_frontend/templates/groups/members.html diff --git a/ldap_frontend/__init__.py b/ldap_frontend/__init__.py index 0e5985a..d64b11e 100644 --- a/ldap_frontend/__init__.py +++ b/ldap_frontend/__init__.py @@ -2,9 +2,17 @@ from json import load from os import environ from flask import Flask, flash, redirect, request, session, url_for +from ldap3 import ALL_ATTRIBUTES from ldap3.core.exceptions import LDAPException -from .helpers.ldap import login_required, try_auth, get_user, template, update_user +from .helpers.flask import template +from .helpers.ldap import ( + admin_required, + get_user, + login_required, + try_auth, + update_user, +) app = Flask(__name__) app.secret_key = environ.get("FLASK_SECRET_KEY", default="test") @@ -66,7 +74,7 @@ def selfservice(ldap): request.form["givenName"], request.form["sn"], ), - "mail": request.form["mail"] + "mail": request.form["mail"], }, ) flash("data updated") @@ -82,3 +90,44 @@ def selfservice(ldap): flash(e) return template(ldap, "selfservice.html") + + +@app.route("/groups", methods=["GET"]) +@login_required +def groups(ldap): + ldap.search( + APP_CONFIG["ldap"]["group_base"], + "(objectclass=groupOfNames)", + attributes=ALL_ATTRIBUTES, + ) + + return template( + ldap, + "groups/list.html", + groups=ldap.entries, + ) + + +@app.route("/groups/", methods=["GET", "POST"]) +@admin_required +def group_edit(ldap, ou): + if request.method == "POST": + if request.form.get("remove"): + flash( + f"did not remove {request.form['remove']} because not yet implemented" + ) + + return redirect(url_for("group_edit", ou=ou)) + + ldap.search( + APP_CONFIG["ldap"]["user_base"], + APP_CONFIG["template"]["group_members"].format(ou), + attributes=ALL_ATTRIBUTES, + ) + + return template( + ldap, + "groups/members.html", + members=ldap.entries, + ou=ou, + ) diff --git a/ldap_frontend/helpers/flask.py b/ldap_frontend/helpers/flask.py new file mode 100644 index 0000000..36fb7a3 --- /dev/null +++ b/ldap_frontend/helpers/flask.py @@ -0,0 +1,38 @@ +from functools import wraps +from json import load +from os import environ + +from flask import redirect, render_template, session, url_for + +from .ldap import get_user + +with open(environ["APP_CONFIG"]) as f: + APP_CONFIG = load(f) + + +def template(ldap, name, **kwargs): + user = None + is_admin = False + + if ldap: + user = get_user(ldap, session["username"]) + + ldap.search( + APP_CONFIG["ldap"]["user_base"], + APP_CONFIG["template"]["group_admin"].format(user["uid"]), + attributes=["uid"], + ) + if len(ldap.entries) == 1: + is_admin = True + + return render_template( + name, + APP_CONFIG=APP_CONFIG, + CURRENT_USER=user, + USER_IS_ADMIN=is_admin, + **kwargs, + ) + + +class UserNotFoundException(Exception): + pass diff --git a/ldap_frontend/helpers/ldap.py b/ldap_frontend/helpers/ldap.py index 862ff3d..0c5fa73 100644 --- a/ldap_frontend/helpers/ldap.py +++ b/ldap_frontend/helpers/ldap.py @@ -2,9 +2,8 @@ from functools import wraps from json import load from os import environ -from flask import redirect, session, url_for, render_template -from ldap3 import ALL, Connection, Server -from ldap3 import ALL_ATTRIBUTES, MODIFY_REPLACE +from flask import redirect, session, url_for +from ldap3 import ALL, ALL_ATTRIBUTES, MODIFY_REPLACE, Connection, Server from ldap3.core.exceptions import LDAPException with open(environ["APP_CONFIG"]) as f: @@ -21,7 +20,7 @@ def login_required(func): ): ldap = connect() - return func(ldap, *args, **kwargs) + return func(ldap, **kwargs) else: return redirect(url_for("login")) else: @@ -41,7 +40,16 @@ def admin_required(func): ): ldap = connect() - return func(ldap, *args, **kwargs) + ldap.search( + APP_CONFIG["ldap"]["user_base"], + APP_CONFIG["template"]["group_admin"].format(session["username"]), + attributes=["uid"], + ) + + if len(ldap.entries) == 1: + return func(ldap, **kwargs) + else: + return redirect(url_for("selfservice")) else: return redirect(url_for("login")) else: @@ -89,6 +97,7 @@ def get_user(ldap, username): else: raise UserNotFoundException(username) + def update_user(ldap, username, settings): attrs = {} for attr, value in settings.items(): @@ -100,18 +109,5 @@ def update_user(ldap, username, settings): ) -def template(ldap, name, **kwargs): - user = None - if ldap: - user = get_user(ldap, session["username"]) - - return render_template( - name, - APP_CONFIG=APP_CONFIG, - CURRENT_USER=user, - **kwargs, - ) - - class UserNotFoundException(Exception): pass diff --git a/ldap_frontend/templates/groups/list.html b/ldap_frontend/templates/groups/list.html new file mode 100644 index 0000000..72557cf --- /dev/null +++ b/ldap_frontend/templates/groups/list.html @@ -0,0 +1,26 @@ +{% extends "layout/default.html" %} +{% block title %}groups{% endblock %} +{% block content %} + + + + + + + + + +{% for group in groups|sort %} + +{% if USER_IS_ADMIN %} + +{% else %} + +{% endif %} + + + +{% endfor %} + +
group namegroup descriptionmember count
{{ group["ou"] }}{{ group["ou"] }}{{ group["description"] }}{{ group["member"]|length }}
+{% endblock %} diff --git a/ldap_frontend/templates/groups/members.html b/ldap_frontend/templates/groups/members.html new file mode 100644 index 0000000..6d34abf --- /dev/null +++ b/ldap_frontend/templates/groups/members.html @@ -0,0 +1,27 @@ +{% extends "layout/default.html" %} +{% block title %}group {{ ou }}{% endblock %} +{% block content %} + + + + + + + + + +{% for member in members|sort %} + + + + + +{% endfor %} + +
uidcnremove
{{ member["uid"] }}{{ member["cn"] }} +
+ + +
+
+{% endblock %} diff --git a/ldap_frontend/templates/layout/default.html b/ldap_frontend/templates/layout/default.html index 9e3d9a8..3f14345 100644 --- a/ldap_frontend/templates/layout/default.html +++ b/ldap_frontend/templates/layout/default.html @@ -23,7 +23,7 @@ self service
  • - groups + groups
    • Signed in as {{ CURRENT_USER["uid"] }} - logout