14 |
14 |
# You should have received a copy of the GNU General Public License
|
15 |
15 |
# along with this program; if not, see <http://www.gnu.org/licenses/>.
|
16 |
16 |
|
|
17 |
import urlparse
|
|
18 |
import urllib
|
|
19 |
|
17 |
20 |
from quixote import get_request, get_publisher
|
18 |
21 |
from qommon.form import *
|
19 |
22 |
from wcs.workflows import WorkflowStatusItem, register_item_class
|
20 |
|
from wcs.roles import get_user_roles
|
|
23 |
from wcs.roles import get_user_roles, Role
|
|
24 |
from qommon.ident.idp import is_idp_manage_user_attributes
|
|
25 |
from qommon.misc import http_post_request, http_delete_request
|
|
26 |
from qommon.publisher import get_cfg, get_logger
|
|
27 |
|
|
28 |
|
|
29 |
def roles_ws_url(role_uuid, user_uuid):
|
|
30 |
idps = get_cfg('idp', {})
|
|
31 |
entity_id = idps.values()[0]['metadata']
|
|
32 |
base_url = entity_id.split('idp/saml2/metadata')[0]
|
|
33 |
return urlparse.urljoin(base_url, '/api/roles/%s/members/%s/' % (urllib.urlquote(role_uuid),
|
|
34 |
urllib.urlquote(user_uuid)))
|
|
35 |
|
21 |
36 |
|
22 |
37 |
class AddRoleWorkflowStatusItem(WorkflowStatusItem):
|
23 |
38 |
description = N_('Add Role to User')
|
... | ... | |
50 |
65 |
# we can't work on anonymous or user_hash'ed forms
|
51 |
66 |
return
|
52 |
67 |
user = get_publisher().user_class.get(formdata.user_id)
|
|
68 |
if user.name_identifiers and is_idp_manage_user_attributes():
|
|
69 |
self.perform_idp(user, formdata)
|
|
70 |
else:
|
|
71 |
self.perform_local(user, formdata)
|
|
72 |
|
|
73 |
def perform_local(self, user, formdata):
|
53 |
74 |
if not user.roles:
|
54 |
75 |
user.roles = []
|
55 |
76 |
if not self.role_id in user.roles:
|
... | ... | |
60 |
81 |
# changes.
|
61 |
82 |
get_request().user = user
|
62 |
83 |
|
|
84 |
def perform_idp(self, user, formdata):
|
|
85 |
role = Role.get(self.role_id)
|
|
86 |
role_uuid = role.slug
|
|
87 |
user_uuid = user.name_identifiers[0]
|
|
88 |
response, status, data, auth_header = http_post_request(
|
|
89 |
roles_ws_url(role_uuid, user_uuid))
|
|
90 |
if status != 201:
|
|
91 |
get_logger().error('failed to add role %r to user %r',
|
|
92 |
role, user)
|
|
93 |
|
|
94 |
|
63 |
95 |
register_item_class(AddRoleWorkflowStatusItem)
|
64 |
96 |
|
65 |
97 |
|
... | ... | |
86 |
118 |
# we can't work on anonymous or user_hash'ed forms
|
87 |
119 |
return
|
88 |
120 |
user = get_publisher().user_class.get(formdata.user_id)
|
|
121 |
if user.name_identifiers and is_idp_manage_user_attributes():
|
|
122 |
self.perform_idp(user, formdata)
|
|
123 |
else:
|
|
124 |
self.perform_local(user, formdata)
|
|
125 |
|
|
126 |
def perform_local(self, user, formdata):
|
89 |
127 |
if user.roles and self.role_id in user.roles:
|
90 |
128 |
user.roles.remove(self.role_id)
|
91 |
129 |
user.store()
|
... | ... | |
94 |
132 |
# with the changes.
|
95 |
133 |
get_request().user = user
|
96 |
134 |
|
|
135 |
def perform_idp(self, user, formdata):
|
|
136 |
role = Role.get(self.role_id)
|
|
137 |
role_uuid = role.slug
|
|
138 |
user_uuid = user.name_identifiers[0]
|
|
139 |
response, status, data, auth_header = http_delete_request(
|
|
140 |
roles_ws_url(role_uuid, user_uuid))
|
|
141 |
if status != 200:
|
|
142 |
get_logger().error('failed to remove role %r from user %r',
|
|
143 |
role, user)
|
|
144 |
|
97 |
145 |
register_item_class(RemoveRoleWorkflowStatusItem)
|
98 |
|
-
|