2014-12-27 22:44:27 +01:00
|
|
|
"""
|
|
|
|
This module contains the Django admin classes of the :py:mod:`osusers` app.
|
|
|
|
|
2016-09-24 21:57:28 +02:00
|
|
|
The module starts Celery_ tasks.
|
|
|
|
|
|
|
|
.. _Celery: http://www.celeryproject.org/
|
|
|
|
|
2014-12-27 22:44:27 +01:00
|
|
|
"""
|
2014-05-25 23:35:14 +02:00
|
|
|
from django import forms
|
2015-01-31 22:26:17 +01:00
|
|
|
from django.utils.translation import ugettext_lazy as _
|
2014-05-24 21:28:33 +02:00
|
|
|
from django.contrib import admin
|
|
|
|
|
2015-01-31 23:39:09 +01:00
|
|
|
from fileservertasks.tasks import set_file_ssh_authorized_keys
|
2015-01-25 12:02:31 +01:00
|
|
|
from gvawebcore.forms import (
|
2015-01-24 16:15:42 +01:00
|
|
|
PASSWORD_MISMATCH_ERROR
|
|
|
|
)
|
2015-01-31 23:39:09 +01:00
|
|
|
from taskresults.models import TaskResult
|
|
|
|
|
2015-02-01 00:44:31 +01:00
|
|
|
from .forms import (
|
|
|
|
INVALID_SSH_PUBLIC_KEY,
|
|
|
|
DUPLICATE_SSH_PUBLIC_KEY_FOR_USER,
|
|
|
|
)
|
2014-05-24 21:53:49 +02:00
|
|
|
from .models import (
|
|
|
|
AdditionalGroup,
|
|
|
|
Group,
|
|
|
|
Shadow,
|
2015-01-31 22:26:17 +01:00
|
|
|
SshPublicKey,
|
2014-05-24 21:53:49 +02:00
|
|
|
User,
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
class AdditionalGroupInline(admin.TabularInline):
|
2014-12-27 22:44:27 +01:00
|
|
|
"""
|
|
|
|
Inline for :py:class:`osusers.models.AdditionalGroup` instances.
|
|
|
|
|
|
|
|
"""
|
2014-05-24 21:53:49 +02:00
|
|
|
model = AdditionalGroup
|
|
|
|
|
|
|
|
|
|
|
|
class ShadowInline(admin.TabularInline):
|
2014-12-27 22:44:27 +01:00
|
|
|
"""
|
|
|
|
Inline for :py:class:`osusers.models.ShadowInline` instances.
|
|
|
|
|
|
|
|
"""
|
2014-05-24 21:53:49 +02:00
|
|
|
model = Shadow
|
2014-05-24 23:15:14 +02:00
|
|
|
readonly_fields = ['passwd']
|
|
|
|
can_delete = False
|
2014-05-24 21:53:49 +02:00
|
|
|
|
|
|
|
|
2014-05-25 23:35:14 +02:00
|
|
|
class UserCreationForm(forms.ModelForm):
|
|
|
|
"""
|
2014-12-27 22:44:27 +01:00
|
|
|
A form for creating :py:class:`operating system users
|
|
|
|
<osusers.models.User>`.
|
2014-05-25 23:35:14 +02:00
|
|
|
|
|
|
|
"""
|
2014-12-27 18:26:52 +01:00
|
|
|
password1 = forms.CharField(
|
|
|
|
label=_('Password'), widget=forms.PasswordInput,
|
|
|
|
required=False,
|
|
|
|
)
|
|
|
|
password2 = forms.CharField(
|
|
|
|
label=_('Password (again)'), widget=forms.PasswordInput,
|
|
|
|
required=False,
|
|
|
|
)
|
2014-05-25 23:35:14 +02:00
|
|
|
|
|
|
|
class Meta:
|
|
|
|
model = User
|
2014-12-27 19:26:16 +01:00
|
|
|
fields = ['customer']
|
2014-05-25 23:35:14 +02:00
|
|
|
|
|
|
|
def clean_password2(self):
|
|
|
|
"""
|
|
|
|
Check that the two password entries match.
|
|
|
|
|
2014-12-27 22:44:27 +01:00
|
|
|
:return: the validated password
|
|
|
|
:rtype: str or None
|
|
|
|
|
2014-05-25 23:35:14 +02:00
|
|
|
"""
|
|
|
|
password1 = self.cleaned_data.get('password1')
|
|
|
|
password2 = self.cleaned_data.get('password2')
|
|
|
|
if password1 and password2 and password1 != password2:
|
|
|
|
raise forms.ValidationError(PASSWORD_MISMATCH_ERROR)
|
|
|
|
return password2
|
|
|
|
|
|
|
|
def save(self, commit=True):
|
|
|
|
"""
|
|
|
|
Save the provided password in hashed format.
|
|
|
|
|
2014-12-27 22:44:27 +01:00
|
|
|
:param boolean commit: whether to save the created user
|
|
|
|
:return: user instance
|
|
|
|
:rtype: :py:class:`osusers.models.User`
|
|
|
|
|
2014-05-25 23:35:14 +02:00
|
|
|
"""
|
|
|
|
user = User.objects.create_user(
|
2014-12-27 19:26:16 +01:00
|
|
|
customer=self.cleaned_data['customer'],
|
2014-05-25 23:35:14 +02:00
|
|
|
password=self.cleaned_data['password1'], commit=commit)
|
|
|
|
return user
|
|
|
|
|
|
|
|
def save_m2m(self):
|
2014-06-01 22:18:16 +02:00
|
|
|
"""
|
|
|
|
No additional groups are created when this form is saved, so this
|
|
|
|
method just does nothing.
|
2014-12-27 22:44:27 +01:00
|
|
|
|
2014-06-01 22:18:16 +02:00
|
|
|
"""
|
2014-05-25 23:35:14 +02:00
|
|
|
|
|
|
|
|
2014-05-24 21:53:49 +02:00
|
|
|
class UserAdmin(admin.ModelAdmin):
|
2014-12-27 22:44:27 +01:00
|
|
|
"""
|
|
|
|
Admin class for working with :py:class:`operating system users
|
|
|
|
<osusers.models.User>`.
|
|
|
|
|
|
|
|
"""
|
2014-12-22 20:07:11 +01:00
|
|
|
actions = ['perform_delete_selected']
|
2014-05-25 23:35:14 +02:00
|
|
|
add_form = UserCreationForm
|
2014-12-22 20:07:11 +01:00
|
|
|
inlines = [AdditionalGroupInline, ShadowInline]
|
2014-05-25 23:35:14 +02:00
|
|
|
|
|
|
|
add_fieldsets = (
|
|
|
|
(None, {
|
|
|
|
'classes': ('wide',),
|
2014-12-27 19:26:16 +01:00
|
|
|
'fields': ('customer', 'password1', 'password2')}),
|
2014-05-25 23:35:14 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
def get_form(self, request, obj=None, **kwargs):
|
|
|
|
"""
|
|
|
|
Use special form during user creation.
|
|
|
|
|
2014-12-27 22:44:27 +01:00
|
|
|
:param request: the current HTTP request
|
|
|
|
:param obj: either a :py:class:`User <osusers.models.User>` instance or
|
|
|
|
None for a new user
|
|
|
|
:param kwargs: keyword arguments to be passed to
|
|
|
|
:py:meth:`django.contrib.admin.ModelAdmin.get_form`
|
|
|
|
:return: form instance
|
|
|
|
|
2014-05-25 23:35:14 +02:00
|
|
|
"""
|
|
|
|
defaults = {}
|
|
|
|
if obj is None:
|
|
|
|
defaults.update({
|
|
|
|
'form': self.add_form,
|
2014-12-17 21:22:37 +01:00
|
|
|
'fields': admin.options.flatten_fieldsets(self.add_fieldsets),
|
2014-05-25 23:35:14 +02:00
|
|
|
})
|
|
|
|
defaults.update(kwargs)
|
|
|
|
return super(UserAdmin, self).get_form(request, obj, **defaults)
|
|
|
|
|
2014-12-22 20:07:11 +01:00
|
|
|
def get_readonly_fields(self, request, obj=None):
|
2014-12-27 22:44:27 +01:00
|
|
|
"""
|
|
|
|
Make sure that uid is not editable for existing users.
|
|
|
|
|
|
|
|
:param request: the current HTTP request
|
|
|
|
:param obj: either a :py:class:`User <osusers.models.User>` instance or
|
|
|
|
None for a new user
|
|
|
|
:return: a list of fields
|
|
|
|
:rtype: list
|
|
|
|
|
|
|
|
"""
|
2014-12-22 20:07:11 +01:00
|
|
|
if obj:
|
|
|
|
return ['uid']
|
|
|
|
return []
|
|
|
|
|
|
|
|
def perform_delete_selected(self, request, queryset):
|
2014-12-27 22:44:27 +01:00
|
|
|
"""
|
|
|
|
Action to delete a list of selected users.
|
|
|
|
|
|
|
|
This action calls the delete method of each selected user in contrast
|
|
|
|
to the default `delete_selected`.
|
|
|
|
|
|
|
|
:param request: the current HTTP request
|
|
|
|
:param queryset: Django ORM queryset representing the selected users
|
|
|
|
|
|
|
|
"""
|
2014-12-22 20:07:11 +01:00
|
|
|
for user in queryset.all():
|
|
|
|
user.delete()
|
|
|
|
perform_delete_selected.short_description = _('Delete selected users')
|
|
|
|
|
|
|
|
def get_actions(self, request):
|
2014-12-27 22:44:27 +01:00
|
|
|
"""
|
|
|
|
Get the available actions for users.
|
|
|
|
|
|
|
|
This overrides the default behavior to remove the default
|
|
|
|
`delete_selected` action.
|
|
|
|
|
|
|
|
:param request: the current HTTP request
|
|
|
|
:return: list of actions
|
|
|
|
:rtype: list
|
|
|
|
|
|
|
|
"""
|
2014-12-22 20:07:11 +01:00
|
|
|
actions = super(UserAdmin, self).get_actions(request)
|
2015-12-05 23:23:25 +01:00
|
|
|
if 'delete_selected' in actions: # pragma: no cover
|
2014-12-22 20:07:11 +01:00
|
|
|
del actions['delete_selected']
|
|
|
|
return actions
|
2014-05-24 21:53:49 +02:00
|
|
|
|
|
|
|
|
2014-05-30 21:46:10 +02:00
|
|
|
class GroupAdmin(admin.ModelAdmin):
|
2014-12-27 22:44:27 +01:00
|
|
|
"""
|
|
|
|
Admin class for workint with :py:class:`operating system groups
|
|
|
|
<osusers.models.Group>`.
|
2014-05-30 21:46:10 +02:00
|
|
|
|
2014-12-27 22:44:27 +01:00
|
|
|
"""
|
|
|
|
actions = ['perform_delete_selected']
|
2014-05-30 21:46:10 +02:00
|
|
|
|
2014-12-22 20:07:11 +01:00
|
|
|
def perform_delete_selected(self, request, queryset):
|
2014-12-27 22:44:27 +01:00
|
|
|
"""
|
|
|
|
Action to delete a list of selected groups.
|
|
|
|
|
|
|
|
This action calls the delete method of each selected group in contrast
|
|
|
|
to the default `delete_selected`.
|
|
|
|
|
|
|
|
:param request: the current HTTP request
|
|
|
|
:param queryset: Django ORM queryset representing the selected groups
|
|
|
|
|
|
|
|
"""
|
2014-12-22 20:07:11 +01:00
|
|
|
for group in queryset.all():
|
|
|
|
group.delete()
|
|
|
|
perform_delete_selected.short_description = _('Delete selected groups')
|
|
|
|
|
|
|
|
def get_actions(self, request):
|
2014-12-27 22:44:27 +01:00
|
|
|
"""
|
|
|
|
Get the available actions for groups.
|
|
|
|
|
|
|
|
This overrides the default behavior to remove the default
|
|
|
|
`delete_selected` action.
|
|
|
|
|
|
|
|
:param request: the current HTTP request
|
|
|
|
:return: list of actions
|
|
|
|
:rtype: list
|
|
|
|
|
|
|
|
"""
|
2014-12-22 20:07:11 +01:00
|
|
|
actions = super(GroupAdmin, self).get_actions(request)
|
2015-12-05 23:23:25 +01:00
|
|
|
if 'delete_selected' in actions: # pragma: no cover
|
2014-12-22 20:07:11 +01:00
|
|
|
del actions['delete_selected']
|
|
|
|
return actions
|
2014-05-30 21:46:10 +02:00
|
|
|
|
|
|
|
|
2015-01-31 22:26:17 +01:00
|
|
|
class SshPublicKeyCreationForm(forms.ModelForm):
|
|
|
|
"""
|
|
|
|
A form for creating :py:class:`SSH public keys
|
|
|
|
<osusers.models.SshPublicKey>`.
|
|
|
|
|
|
|
|
"""
|
|
|
|
publickeytext = forms.CharField(
|
|
|
|
label=_('Key text'), widget=forms.Textarea,
|
|
|
|
help_text=_('A SSH public key in either OpenSSH or RFC 4716 format'))
|
|
|
|
|
|
|
|
class Meta:
|
|
|
|
model = SshPublicKey
|
|
|
|
fields = ['user']
|
|
|
|
|
|
|
|
def clean_publickeytext(self):
|
|
|
|
keytext = self.cleaned_data.get('publickeytext')
|
|
|
|
try:
|
|
|
|
SshPublicKey.objects.parse_keytext(keytext)
|
|
|
|
except:
|
|
|
|
raise forms.ValidationError(INVALID_SSH_PUBLIC_KEY)
|
|
|
|
return keytext
|
|
|
|
|
|
|
|
def clean(self):
|
|
|
|
user = self.cleaned_data.get('user')
|
|
|
|
keytext = self.cleaned_data.get('publickeytext')
|
|
|
|
if user and keytext:
|
|
|
|
alg, data, comment = SshPublicKey.objects.parse_keytext(keytext)
|
|
|
|
if SshPublicKey.objects.filter(
|
|
|
|
user=user, algorithm=alg, data=data
|
|
|
|
).exists():
|
|
|
|
self.add_error(
|
|
|
|
'publickeytext',
|
|
|
|
forms.ValidationError(DUPLICATE_SSH_PUBLIC_KEY_FOR_USER))
|
2015-12-05 23:23:25 +01:00
|
|
|
super(SshPublicKeyCreationForm, self).clean()
|
2015-01-31 22:26:17 +01:00
|
|
|
|
|
|
|
def save(self, commit=True):
|
|
|
|
"""
|
|
|
|
Save the provided ssh public key in properly split format.
|
|
|
|
|
|
|
|
:param boolean commit: whether to save the created public key
|
|
|
|
:return: ssh public key instance
|
|
|
|
:rtype: :py:class:`osusers.models.SshPublicKey`
|
|
|
|
|
|
|
|
"""
|
|
|
|
algorithm, keydata, comment = SshPublicKey.objects.parse_keytext(
|
|
|
|
self.cleaned_data.get('publickeytext'))
|
|
|
|
self.instance.algorithm = algorithm
|
|
|
|
self.instance.data = keydata
|
|
|
|
self.instance.comment = comment
|
|
|
|
return super(SshPublicKeyCreationForm, self).save(commit)
|
|
|
|
|
|
|
|
|
|
|
|
class SshPublicKeyAdmin(admin.ModelAdmin):
|
|
|
|
"""
|
|
|
|
Admin class for working with :py:class:`SSH public keys
|
|
|
|
<osusers.models.SshPublicKey>`.
|
|
|
|
|
|
|
|
"""
|
2015-01-31 23:39:09 +01:00
|
|
|
actions = ['perform_delete_selected']
|
2015-01-31 22:26:17 +01:00
|
|
|
add_form = SshPublicKeyCreationForm
|
|
|
|
list_display = ['user', 'algorithm', 'comment']
|
|
|
|
|
|
|
|
add_fieldsets = (
|
|
|
|
(None, {
|
|
|
|
'classes': ('wide',),
|
|
|
|
'fields': ('user', 'publickeytext')}),
|
|
|
|
)
|
|
|
|
|
|
|
|
def get_form(self, request, obj=None, **kwargs):
|
|
|
|
"""
|
|
|
|
Use special form for ssh public key creation."
|
|
|
|
|
|
|
|
:param request: the current HTTP request
|
|
|
|
:param obj: either a :py:class:`SshPublicKey
|
|
|
|
<osusers.models.SshPublicKey>` instance or None for a new SSH
|
|
|
|
public key
|
|
|
|
:param kwargs: keyword arguments to be passed to
|
|
|
|
:py:meth:`django.contrib.admin.ModelAdmin.get_form`
|
|
|
|
:return: form instance
|
|
|
|
|
|
|
|
"""
|
|
|
|
defaults = {}
|
|
|
|
if obj is None:
|
|
|
|
defaults.update({
|
|
|
|
'form': self.add_form,
|
|
|
|
'fields': admin.options.flatten_fieldsets(self.add_fieldsets),
|
|
|
|
})
|
|
|
|
defaults.update(kwargs)
|
|
|
|
return super(SshPublicKeyAdmin, self).get_form(
|
|
|
|
request, obj, **defaults)
|
|
|
|
|
2015-01-31 23:39:09 +01:00
|
|
|
def get_readonly_fields(self, request, obj=None):
|
|
|
|
"""
|
|
|
|
Make sure that algorithm and data of SSH public keys are not editable.
|
|
|
|
|
|
|
|
:param request: the current HTTP request
|
|
|
|
:param obj: either a :py:class:`SshPublicKey
|
|
|
|
<osusers.models.SshPublicKey>` instance or None for a new SSH
|
|
|
|
public key
|
|
|
|
:return: a list of fields
|
|
|
|
:rtype: list
|
|
|
|
|
|
|
|
"""
|
|
|
|
if obj:
|
|
|
|
return ['algorithm', 'data']
|
|
|
|
return []
|
|
|
|
|
|
|
|
def perform_delete_selected(self, request, queryset):
|
|
|
|
"""
|
|
|
|
Action to delete a list of selected ssh keys.
|
|
|
|
|
|
|
|
This action makes sure that the ssh keys of all users affected by the
|
|
|
|
current deletion are refreshed on the file server.
|
|
|
|
|
|
|
|
:param request: the current HTTP request
|
|
|
|
:param queryset: Django ORM queryset representing the selected ssh keys
|
|
|
|
|
2016-09-24 21:57:28 +02:00
|
|
|
This method starts a Celery_ task to update the list of authorized keys
|
|
|
|
for each affected user.
|
|
|
|
|
|
|
|
.. blockdiag::
|
|
|
|
:desctable:
|
|
|
|
|
|
|
|
blockdiag {
|
|
|
|
node_width = 200;
|
|
|
|
|
|
|
|
A -> B;
|
|
|
|
|
|
|
|
A [ label = "", shape = beginpoint,
|
|
|
|
description = "this method"
|
|
|
|
];
|
|
|
|
B [ label = "set file ssh authorized_keys",
|
|
|
|
description = ":py:func:`set_file_ssh_authorized_keys()
|
|
|
|
<fileservertasks.tasks.set_file_ssh_authorized_keys>`
|
|
|
|
called with username and a list of keys, returning the path
|
|
|
|
of the ssh authorized_keys file",
|
|
|
|
color = "LightGreen",
|
|
|
|
stacked
|
|
|
|
];
|
|
|
|
}
|
|
|
|
|
2015-01-31 23:39:09 +01:00
|
|
|
"""
|
|
|
|
users = set([
|
|
|
|
item['user'] for item in
|
|
|
|
queryset.values('user').distinct()
|
|
|
|
])
|
|
|
|
queryset.delete()
|
|
|
|
for user in users:
|
2015-12-05 23:23:25 +01:00
|
|
|
# TODO: move to model/signal
|
2015-01-31 23:39:09 +01:00
|
|
|
TaskResult.objects.create_task_result(
|
2015-12-05 23:23:25 +01:00
|
|
|
'perform_delete_selected',
|
|
|
|
set_file_ssh_authorized_keys.s(
|
2015-11-22 15:03:47 +01:00
|
|
|
User.objects.get(uid=user).username,
|
|
|
|
[str(key) for key in SshPublicKey.objects.filter(
|
|
|
|
user_id=user)]
|
2015-12-05 23:23:25 +01:00
|
|
|
)
|
2015-01-31 23:39:09 +01:00
|
|
|
)
|
|
|
|
perform_delete_selected.short_description = _(
|
|
|
|
'Delete selected SSH public keys')
|
|
|
|
|
|
|
|
def get_actions(self, request):
|
|
|
|
"""
|
|
|
|
Get the available actions for SSH public keys.
|
|
|
|
|
|
|
|
This overrides the default behavior to remove the default
|
|
|
|
`delete_selected` action.
|
|
|
|
|
|
|
|
:param request: the current HTTP request
|
|
|
|
:return: list of actions
|
|
|
|
:rtype: list
|
|
|
|
|
|
|
|
"""
|
|
|
|
actions = super(SshPublicKeyAdmin, self).get_actions(request)
|
2015-12-05 23:23:25 +01:00
|
|
|
if 'delete_selected' in actions: # pragma: no cover
|
2015-01-31 23:39:09 +01:00
|
|
|
del actions['delete_selected']
|
|
|
|
return actions
|
|
|
|
|
2015-01-31 22:26:17 +01:00
|
|
|
|
2014-05-30 21:46:10 +02:00
|
|
|
admin.site.register(Group, GroupAdmin)
|
2014-05-24 21:53:49 +02:00
|
|
|
admin.site.register(User, UserAdmin)
|
2015-01-31 22:26:17 +01:00
|
|
|
admin.site.register(SshPublicKey, SshPublicKeyAdmin)
|