2014-12-27 22:44:27 +01:00
|
|
|
"""
|
|
|
|
This module contains the Django admin classes of the :py:mod:`osusers` app.
|
|
|
|
|
2016-09-24 21:57:28 +02:00
|
|
|
The module starts Celery_ tasks.
|
|
|
|
|
|
|
|
.. _Celery: http://www.celeryproject.org/
|
|
|
|
|
2014-12-27 22:44:27 +01:00
|
|
|
"""
|
2014-05-25 23:35:14 +02:00
|
|
|
from django import forms
|
2014-05-24 21:28:33 +02:00
|
|
|
from django.contrib import admin
|
2023-02-18 22:46:48 +01:00
|
|
|
from django.utils.translation import gettext_lazy as _
|
2014-05-24 21:28:33 +02:00
|
|
|
|
2015-01-31 23:39:09 +01:00
|
|
|
from fileservertasks.tasks import set_file_ssh_authorized_keys
|
2019-01-30 21:27:25 +01:00
|
|
|
from gvawebcore.forms import PASSWORD_MISMATCH_ERROR
|
2015-01-31 23:39:09 +01:00
|
|
|
from taskresults.models import TaskResult
|
2023-02-18 22:46:48 +01:00
|
|
|
|
2019-01-30 21:27:25 +01:00
|
|
|
from .forms import DUPLICATE_SSH_PUBLIC_KEY_FOR_USER, INVALID_SSH_PUBLIC_KEY
|
|
|
|
from .models import AdditionalGroup, Group, Shadow, SshPublicKey, User
|
2014-05-24 21:53:49 +02:00
|
|
|
|
|
|
|
|
|
|
|
class AdditionalGroupInline(admin.TabularInline):
|
2014-12-27 22:44:27 +01:00
|
|
|
"""
|
|
|
|
Inline for :py:class:`osusers.models.AdditionalGroup` instances.
|
|
|
|
|
|
|
|
"""
|
2019-01-30 21:27:25 +01:00
|
|
|
|
2014-05-24 21:53:49 +02:00
|
|
|
model = AdditionalGroup
|
|
|
|
|
|
|
|
|
|
|
|
class ShadowInline(admin.TabularInline):
|
2014-12-27 22:44:27 +01:00
|
|
|
"""
|
|
|
|
Inline for :py:class:`osusers.models.ShadowInline` instances.
|
|
|
|
|
|
|
|
"""
|
2019-01-30 21:27:25 +01:00
|
|
|
|
2014-05-24 21:53:49 +02:00
|
|
|
model = Shadow
|
2019-01-30 21:27:25 +01:00
|
|
|
readonly_fields = ["passwd"]
|
2014-05-24 23:15:14 +02:00
|
|
|
can_delete = False
|
2014-05-24 21:53:49 +02:00
|
|
|
|
|
|
|
|
2014-05-25 23:35:14 +02:00
|
|
|
class UserCreationForm(forms.ModelForm):
|
|
|
|
"""
|
2014-12-27 22:44:27 +01:00
|
|
|
A form for creating :py:class:`operating system users
|
|
|
|
<osusers.models.User>`.
|
2014-05-25 23:35:14 +02:00
|
|
|
|
|
|
|
"""
|
2019-01-30 21:27:25 +01:00
|
|
|
|
2014-12-27 18:26:52 +01:00
|
|
|
password1 = forms.CharField(
|
2019-01-30 21:27:25 +01:00
|
|
|
label=_("Password"), widget=forms.PasswordInput, required=False
|
2014-12-27 18:26:52 +01:00
|
|
|
)
|
|
|
|
password2 = forms.CharField(
|
2019-01-30 21:27:25 +01:00
|
|
|
label=_("Password (again)"), widget=forms.PasswordInput, required=False
|
2014-12-27 18:26:52 +01:00
|
|
|
)
|
2014-05-25 23:35:14 +02:00
|
|
|
|
|
|
|
class Meta:
|
|
|
|
model = User
|
2019-01-30 21:27:25 +01:00
|
|
|
fields = ["customer"]
|
2014-05-25 23:35:14 +02:00
|
|
|
|
|
|
|
def clean_password2(self):
|
|
|
|
"""
|
|
|
|
Check that the two password entries match.
|
|
|
|
|
2014-12-27 22:44:27 +01:00
|
|
|
:return: the validated password
|
|
|
|
:rtype: str or None
|
|
|
|
|
2014-05-25 23:35:14 +02:00
|
|
|
"""
|
2019-01-30 21:27:25 +01:00
|
|
|
password1 = self.cleaned_data.get("password1")
|
|
|
|
password2 = self.cleaned_data.get("password2")
|
2014-05-25 23:35:14 +02:00
|
|
|
if password1 and password2 and password1 != password2:
|
|
|
|
raise forms.ValidationError(PASSWORD_MISMATCH_ERROR)
|
|
|
|
return password2
|
|
|
|
|
|
|
|
def save(self, commit=True):
|
|
|
|
"""
|
|
|
|
Save the provided password in hashed format.
|
|
|
|
|
2014-12-27 22:44:27 +01:00
|
|
|
:param boolean commit: whether to save the created user
|
|
|
|
:return: user instance
|
|
|
|
:rtype: :py:class:`osusers.models.User`
|
|
|
|
|
2014-05-25 23:35:14 +02:00
|
|
|
"""
|
|
|
|
user = User.objects.create_user(
|
2019-01-30 21:27:25 +01:00
|
|
|
customer=self.cleaned_data["customer"],
|
|
|
|
password=self.cleaned_data["password1"],
|
|
|
|
commit=commit,
|
|
|
|
)
|
2014-05-25 23:35:14 +02:00
|
|
|
return user
|
|
|
|
|
|
|
|
def save_m2m(self):
|
2014-06-01 22:18:16 +02:00
|
|
|
"""
|
|
|
|
No additional groups are created when this form is saved, so this
|
|
|
|
method just does nothing.
|
2014-12-27 22:44:27 +01:00
|
|
|
|
2014-06-01 22:18:16 +02:00
|
|
|
"""
|
2014-05-25 23:35:14 +02:00
|
|
|
|
|
|
|
|
2014-05-24 21:53:49 +02:00
|
|
|
class UserAdmin(admin.ModelAdmin):
|
2014-12-27 22:44:27 +01:00
|
|
|
"""
|
|
|
|
Admin class for working with :py:class:`operating system users
|
|
|
|
<osusers.models.User>`.
|
|
|
|
|
|
|
|
"""
|
2019-01-30 21:27:25 +01:00
|
|
|
|
|
|
|
actions = ["perform_delete_selected"]
|
2014-05-25 23:35:14 +02:00
|
|
|
add_form = UserCreationForm
|
2014-12-22 20:07:11 +01:00
|
|
|
inlines = [AdditionalGroupInline, ShadowInline]
|
2014-05-25 23:35:14 +02:00
|
|
|
|
|
|
|
add_fieldsets = (
|
2019-01-30 21:27:25 +01:00
|
|
|
(
|
|
|
|
None,
|
|
|
|
{"classes": ("wide",), "fields": ("customer", "password1", "password2")},
|
|
|
|
),
|
2014-05-25 23:35:14 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
def get_form(self, request, obj=None, **kwargs):
|
|
|
|
"""
|
|
|
|
Use special form during user creation.
|
|
|
|
|
2014-12-27 22:44:27 +01:00
|
|
|
:param request: the current HTTP request
|
|
|
|
:param obj: either a :py:class:`User <osusers.models.User>` instance or
|
|
|
|
None for a new user
|
|
|
|
:param kwargs: keyword arguments to be passed to
|
|
|
|
:py:meth:`django.contrib.admin.ModelAdmin.get_form`
|
|
|
|
:return: form instance
|
|
|
|
|
2014-05-25 23:35:14 +02:00
|
|
|
"""
|
|
|
|
defaults = {}
|
|
|
|
if obj is None:
|
2019-01-30 21:27:25 +01:00
|
|
|
defaults.update(
|
|
|
|
{
|
|
|
|
"form": self.add_form,
|
|
|
|
"fields": admin.options.flatten_fieldsets(self.add_fieldsets),
|
|
|
|
}
|
|
|
|
)
|
2014-05-25 23:35:14 +02:00
|
|
|
defaults.update(kwargs)
|
|
|
|
return super(UserAdmin, self).get_form(request, obj, **defaults)
|
|
|
|
|
2014-12-22 20:07:11 +01:00
|
|
|
def get_readonly_fields(self, request, obj=None):
|
2014-12-27 22:44:27 +01:00
|
|
|
"""
|
|
|
|
Make sure that uid is not editable for existing users.
|
|
|
|
|
|
|
|
:param request: the current HTTP request
|
|
|
|
:param obj: either a :py:class:`User <osusers.models.User>` instance or
|
|
|
|
None for a new user
|
|
|
|
:return: a list of fields
|
|
|
|
:rtype: list
|
|
|
|
|
|
|
|
"""
|
2014-12-22 20:07:11 +01:00
|
|
|
if obj:
|
2019-01-30 21:27:25 +01:00
|
|
|
return ["uid"]
|
2014-12-22 20:07:11 +01:00
|
|
|
return []
|
|
|
|
|
|
|
|
def perform_delete_selected(self, request, queryset):
|
2014-12-27 22:44:27 +01:00
|
|
|
"""
|
|
|
|
Action to delete a list of selected users.
|
|
|
|
|
|
|
|
This action calls the delete method of each selected user in contrast
|
|
|
|
to the default `delete_selected`.
|
|
|
|
|
|
|
|
:param request: the current HTTP request
|
|
|
|
:param queryset: Django ORM queryset representing the selected users
|
|
|
|
|
|
|
|
"""
|
2014-12-22 20:07:11 +01:00
|
|
|
for user in queryset.all():
|
|
|
|
user.delete()
|
2019-01-30 21:27:25 +01:00
|
|
|
|
|
|
|
perform_delete_selected.short_description = _("Delete selected users")
|
2014-12-22 20:07:11 +01:00
|
|
|
|
|
|
|
def get_actions(self, request):
|
2014-12-27 22:44:27 +01:00
|
|
|
"""
|
|
|
|
Get the available actions for users.
|
|
|
|
|
|
|
|
This overrides the default behavior to remove the default
|
|
|
|
`delete_selected` action.
|
|
|
|
|
|
|
|
:param request: the current HTTP request
|
|
|
|
:return: list of actions
|
|
|
|
:rtype: list
|
|
|
|
|
|
|
|
"""
|
2014-12-22 20:07:11 +01:00
|
|
|
actions = super(UserAdmin, self).get_actions(request)
|
2019-01-30 21:27:25 +01:00
|
|
|
if "delete_selected" in actions: # pragma: no cover
|
|
|
|
del actions["delete_selected"]
|
2014-12-22 20:07:11 +01:00
|
|
|
return actions
|
2014-05-24 21:53:49 +02:00
|
|
|
|
|
|
|
|
2014-05-30 21:46:10 +02:00
|
|
|
class GroupAdmin(admin.ModelAdmin):
|
2014-12-27 22:44:27 +01:00
|
|
|
"""
|
|
|
|
Admin class for workint with :py:class:`operating system groups
|
|
|
|
<osusers.models.Group>`.
|
2014-05-30 21:46:10 +02:00
|
|
|
|
2014-12-27 22:44:27 +01:00
|
|
|
"""
|
2019-01-30 21:27:25 +01:00
|
|
|
|
|
|
|
actions = ["perform_delete_selected"]
|
2014-05-30 21:46:10 +02:00
|
|
|
|
2014-12-22 20:07:11 +01:00
|
|
|
def perform_delete_selected(self, request, queryset):
|
2014-12-27 22:44:27 +01:00
|
|
|
"""
|
|
|
|
Action to delete a list of selected groups.
|
|
|
|
|
|
|
|
This action calls the delete method of each selected group in contrast
|
|
|
|
to the default `delete_selected`.
|
|
|
|
|
|
|
|
:param request: the current HTTP request
|
|
|
|
:param queryset: Django ORM queryset representing the selected groups
|
|
|
|
|
|
|
|
"""
|
2014-12-22 20:07:11 +01:00
|
|
|
for group in queryset.all():
|
|
|
|
group.delete()
|
2019-01-30 21:27:25 +01:00
|
|
|
|
|
|
|
perform_delete_selected.short_description = _("Delete selected groups")
|
2014-12-22 20:07:11 +01:00
|
|
|
|
|
|
|
def get_actions(self, request):
|
2014-12-27 22:44:27 +01:00
|
|
|
"""
|
|
|
|
Get the available actions for groups.
|
|
|
|
|
|
|
|
This overrides the default behavior to remove the default
|
|
|
|
`delete_selected` action.
|
|
|
|
|
|
|
|
:param request: the current HTTP request
|
|
|
|
:return: list of actions
|
|
|
|
:rtype: list
|
|
|
|
|
|
|
|
"""
|
2014-12-22 20:07:11 +01:00
|
|
|
actions = super(GroupAdmin, self).get_actions(request)
|
2019-01-30 21:27:25 +01:00
|
|
|
if "delete_selected" in actions: # pragma: no cover
|
|
|
|
del actions["delete_selected"]
|
2014-12-22 20:07:11 +01:00
|
|
|
return actions
|
2014-05-30 21:46:10 +02:00
|
|
|
|
|
|
|
|
2015-01-31 22:26:17 +01:00
|
|
|
class SshPublicKeyCreationForm(forms.ModelForm):
|
|
|
|
"""
|
|
|
|
A form for creating :py:class:`SSH public keys
|
|
|
|
<osusers.models.SshPublicKey>`.
|
|
|
|
|
|
|
|
"""
|
2019-01-30 21:27:25 +01:00
|
|
|
|
2015-01-31 22:26:17 +01:00
|
|
|
publickeytext = forms.CharField(
|
2019-01-30 21:27:25 +01:00
|
|
|
label=_("Key text"),
|
|
|
|
widget=forms.Textarea,
|
|
|
|
help_text=_("A SSH public key in either OpenSSH or RFC 4716 format"),
|
|
|
|
)
|
2015-01-31 22:26:17 +01:00
|
|
|
|
|
|
|
class Meta:
|
|
|
|
model = SshPublicKey
|
2019-01-30 21:27:25 +01:00
|
|
|
fields = ["user"]
|
2015-01-31 22:26:17 +01:00
|
|
|
|
|
|
|
def clean_publickeytext(self):
|
2019-01-30 21:27:25 +01:00
|
|
|
keytext = self.cleaned_data.get("publickeytext")
|
2015-01-31 22:26:17 +01:00
|
|
|
try:
|
2019-01-30 21:27:25 +01:00
|
|
|
SshPublicKey.objects.parse_key_text(keytext)
|
2015-01-31 22:26:17 +01:00
|
|
|
except:
|
|
|
|
raise forms.ValidationError(INVALID_SSH_PUBLIC_KEY)
|
|
|
|
return keytext
|
|
|
|
|
|
|
|
def clean(self):
|
2019-01-30 21:27:25 +01:00
|
|
|
user = self.cleaned_data.get("user")
|
|
|
|
keytext = self.cleaned_data.get("publickeytext")
|
2015-01-31 22:26:17 +01:00
|
|
|
if user and keytext:
|
2019-01-30 21:27:25 +01:00
|
|
|
alg, data, comment = SshPublicKey.objects.parse_key_text(keytext)
|
2015-01-31 22:26:17 +01:00
|
|
|
if SshPublicKey.objects.filter(
|
|
|
|
user=user, algorithm=alg, data=data
|
|
|
|
).exists():
|
|
|
|
self.add_error(
|
2019-01-30 21:27:25 +01:00
|
|
|
"publickeytext",
|
|
|
|
forms.ValidationError(DUPLICATE_SSH_PUBLIC_KEY_FOR_USER),
|
|
|
|
)
|
2015-12-05 23:23:25 +01:00
|
|
|
super(SshPublicKeyCreationForm, self).clean()
|
2015-01-31 22:26:17 +01:00
|
|
|
|
|
|
|
def save(self, commit=True):
|
|
|
|
"""
|
|
|
|
Save the provided ssh public key in properly split format.
|
|
|
|
|
|
|
|
:param boolean commit: whether to save the created public key
|
|
|
|
:return: ssh public key instance
|
|
|
|
:rtype: :py:class:`osusers.models.SshPublicKey`
|
|
|
|
|
|
|
|
"""
|
2019-01-30 21:27:25 +01:00
|
|
|
algorithm, keydata, comment = SshPublicKey.objects.parse_key_text(
|
|
|
|
self.cleaned_data.get("publickeytext")
|
|
|
|
)
|
2015-01-31 22:26:17 +01:00
|
|
|
self.instance.algorithm = algorithm
|
|
|
|
self.instance.data = keydata
|
|
|
|
self.instance.comment = comment
|
|
|
|
return super(SshPublicKeyCreationForm, self).save(commit)
|
|
|
|
|
|
|
|
|
|
|
|
class SshPublicKeyAdmin(admin.ModelAdmin):
|
|
|
|
"""
|
|
|
|
Admin class for working with :py:class:`SSH public keys
|
|
|
|
<osusers.models.SshPublicKey>`.
|
|
|
|
|
|
|
|
"""
|
2019-01-30 21:27:25 +01:00
|
|
|
|
|
|
|
actions = ["perform_delete_selected"]
|
2015-01-31 22:26:17 +01:00
|
|
|
add_form = SshPublicKeyCreationForm
|
2019-01-30 21:27:25 +01:00
|
|
|
list_display = ["user", "algorithm", "comment"]
|
2015-01-31 22:26:17 +01:00
|
|
|
|
|
|
|
add_fieldsets = (
|
2019-01-30 21:27:25 +01:00
|
|
|
(None, {"classes": ("wide",), "fields": ("user", "publickeytext")}),
|
2015-01-31 22:26:17 +01:00
|
|
|
)
|
|
|
|
|
|
|
|
def get_form(self, request, obj=None, **kwargs):
|
|
|
|
"""
|
|
|
|
Use special form for ssh public key creation."
|
|
|
|
|
|
|
|
:param request: the current HTTP request
|
|
|
|
:param obj: either a :py:class:`SshPublicKey
|
|
|
|
<osusers.models.SshPublicKey>` instance or None for a new SSH
|
|
|
|
public key
|
|
|
|
:param kwargs: keyword arguments to be passed to
|
|
|
|
:py:meth:`django.contrib.admin.ModelAdmin.get_form`
|
|
|
|
:return: form instance
|
|
|
|
|
|
|
|
"""
|
|
|
|
defaults = {}
|
|
|
|
if obj is None:
|
2019-01-30 21:27:25 +01:00
|
|
|
defaults.update(
|
|
|
|
{
|
|
|
|
"form": self.add_form,
|
|
|
|
"fields": admin.options.flatten_fieldsets(self.add_fieldsets),
|
|
|
|
}
|
|
|
|
)
|
2015-01-31 22:26:17 +01:00
|
|
|
defaults.update(kwargs)
|
2019-01-30 21:27:25 +01:00
|
|
|
return super(SshPublicKeyAdmin, self).get_form(request, obj, **defaults)
|
2015-01-31 22:26:17 +01:00
|
|
|
|
2015-01-31 23:39:09 +01:00
|
|
|
def get_readonly_fields(self, request, obj=None):
|
|
|
|
"""
|
|
|
|
Make sure that algorithm and data of SSH public keys are not editable.
|
|
|
|
|
|
|
|
:param request: the current HTTP request
|
|
|
|
:param obj: either a :py:class:`SshPublicKey
|
|
|
|
<osusers.models.SshPublicKey>` instance or None for a new SSH
|
|
|
|
public key
|
|
|
|
:return: a list of fields
|
|
|
|
:rtype: list
|
|
|
|
|
|
|
|
"""
|
|
|
|
if obj:
|
2019-01-30 21:27:25 +01:00
|
|
|
return ["algorithm", "data"]
|
2015-01-31 23:39:09 +01:00
|
|
|
return []
|
|
|
|
|
|
|
|
def perform_delete_selected(self, request, queryset):
|
|
|
|
"""
|
|
|
|
Action to delete a list of selected ssh keys.
|
|
|
|
|
|
|
|
This action makes sure that the ssh keys of all users affected by the
|
|
|
|
current deletion are refreshed on the file server.
|
|
|
|
|
|
|
|
:param request: the current HTTP request
|
|
|
|
:param queryset: Django ORM queryset representing the selected ssh keys
|
|
|
|
|
2016-09-24 21:57:28 +02:00
|
|
|
This method starts a Celery_ task to update the list of authorized keys
|
|
|
|
for each affected user.
|
|
|
|
|
|
|
|
.. blockdiag::
|
|
|
|
:desctable:
|
|
|
|
|
|
|
|
blockdiag {
|
|
|
|
node_width = 200;
|
|
|
|
|
|
|
|
A -> B;
|
|
|
|
|
|
|
|
A [ label = "", shape = beginpoint,
|
|
|
|
description = "this method"
|
|
|
|
];
|
|
|
|
B [ label = "set file ssh authorized_keys",
|
|
|
|
description = ":py:func:`set_file_ssh_authorized_keys()
|
|
|
|
<fileservertasks.tasks.set_file_ssh_authorized_keys>`
|
|
|
|
called with username and a list of keys, returning the path
|
|
|
|
of the ssh authorized_keys file",
|
|
|
|
color = "LightGreen",
|
|
|
|
stacked
|
|
|
|
];
|
|
|
|
}
|
|
|
|
|
2015-01-31 23:39:09 +01:00
|
|
|
"""
|
2019-01-30 21:27:25 +01:00
|
|
|
users = set([item["user"] for item in queryset.values("user").distinct()])
|
2015-01-31 23:39:09 +01:00
|
|
|
queryset.delete()
|
|
|
|
for user in users:
|
2015-12-05 23:23:25 +01:00
|
|
|
# TODO: move to model/signal
|
2015-01-31 23:39:09 +01:00
|
|
|
TaskResult.objects.create_task_result(
|
2019-01-30 21:27:25 +01:00
|
|
|
"perform_delete_selected",
|
2015-12-05 23:23:25 +01:00
|
|
|
set_file_ssh_authorized_keys.s(
|
2015-11-22 15:03:47 +01:00
|
|
|
User.objects.get(uid=user).username,
|
2019-01-30 21:27:25 +01:00
|
|
|
[str(key) for key in SshPublicKey.objects.filter(user_id=user)],
|
|
|
|
),
|
2015-01-31 23:39:09 +01:00
|
|
|
)
|
2019-01-30 21:27:25 +01:00
|
|
|
|
|
|
|
perform_delete_selected.short_description = _("Delete selected SSH public keys")
|
2015-01-31 23:39:09 +01:00
|
|
|
|
|
|
|
def get_actions(self, request):
|
|
|
|
"""
|
|
|
|
Get the available actions for SSH public keys.
|
|
|
|
|
|
|
|
This overrides the default behavior to remove the default
|
|
|
|
`delete_selected` action.
|
|
|
|
|
|
|
|
:param request: the current HTTP request
|
|
|
|
:return: list of actions
|
|
|
|
:rtype: list
|
|
|
|
|
|
|
|
"""
|
|
|
|
actions = super(SshPublicKeyAdmin, self).get_actions(request)
|
2019-01-30 21:27:25 +01:00
|
|
|
if "delete_selected" in actions: # pragma: no cover
|
|
|
|
del actions["delete_selected"]
|
2015-01-31 23:39:09 +01:00
|
|
|
return actions
|
|
|
|
|
2015-01-31 22:26:17 +01:00
|
|
|
|
2014-05-30 21:46:10 +02:00
|
|
|
admin.site.register(Group, GroupAdmin)
|
2014-05-24 21:53:49 +02:00
|
|
|
admin.site.register(User, UserAdmin)
|
2015-01-31 22:26:17 +01:00
|
|
|
admin.site.register(SshPublicKey, SshPublicKeyAdmin)
|