YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

Make the PEP gods happy

Browse source
This commit is contained in:
Alexandre Aubin 2019-03-05 03:13:14 +01:00
parent 650232b1c3
commit bca4e39b24
3 changed files with 50 additions and 45 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
src/yunohost/data_migrations/0009_setup_group_permission.py
View file

@ -1,7 +1,6 @@
import yaml
import time
import os
import shutil
from moulinette import m18n
from moulinette.core import init_authenticator
@ -9,8 +8,7 @@ from yunohost.utils.error import YunohostError
from moulinette.utils.log import getActionLogger
from yunohost.tools import Migration
from yunohost.utils.filesystem import free_space_in_directory, space_used_by_directory
from yunohost.user import user_list, user_group_add, user_group_update
from yunohost.user import user_group_add, user_group_update
from yunohost.app import app_setting, app_list
from yunohost.service import service_regen_conf
from yunohost.permission import permission_add, permission_sync_to_user
@ -22,6 +20,7 @@ logger = getActionLogger('yunohost.migration')
# Tools used also for restoration
###################################################
def migrate_LDAP_db(auth):
logger.info(m18n.n("migration_0009_update_LDAP_database"))
try:
@ -46,7 +45,7 @@ def migrate_LDAP_db(auth):
logger.info(m18n.n("migration_0009_create_group"))
#Create a group for each yunohost user
# Create a group for each yunohost user
user_list = auth.search('ou=users,dc=yunohost,dc=org',
'(&(objectclass=person)(!(uid=root))(!(uid=nobody)))',
['uid', 'uidNumber'])
@ -116,7 +115,7 @@ class MyMigration(Migration):
'user_rdn': 'gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth'}
auth = init_authenticator(AUTH_IDENTIFIER, AUTH_PARAMETERS)
#Update LDAP database
# Update LDAP database
migrate_LDAP_db(auth)
# Migrate permission
@ -126,7 +125,7 @@ class MyMigration(Migration):
except Exception as e:
logger.warn(m18n.n("migration_0009_migration_failed_trying_to_rollback"))
os.system("systemctl stop slapd")
os.system("rm -r /etc/ldap/slapd.d") # To be sure that we don't keep some part of the old config
os.system("rm -r /etc/ldap/slapd.d") # To be sure that we don't keep some part of the old config
os.system("cp -r --preserve %s/ldap_config/. /etc/ldap/" % backup_folder)
os.system("cp -r --preserve %s/ldap_db/. /var/lib/ldap/" % backup_folder)
os.system("cp -r --preserve %s/apps_settings/. /etc/yunohost/apps/" % backup_folder)

47
src/yunohost/permission.py
View file

@ -30,11 +30,12 @@ import random
from moulinette import m18n
from moulinette.utils.log import getActionLogger
from yunohost.utils.error import YunohostError
from yunohost.user import user_list, user_group_list
from yunohost.user import user_list
from yunohost.log import is_unit_operation
logger = getActionLogger('yunohost.user')
def user_permission_list(auth, app=None, permission=None, username=None, group=None):
"""
List permission for specific application
@ -47,8 +48,6 @@ def user_permission_list(auth, app=None, permission=None, username=None, group=N
"""
user_l = user_list(auth, ['uid'])['users']
permission_attrs = [
'cn',
'groupPermission',
@ -86,20 +85,20 @@ def user_permission_list(auth, app=None, permission=None, username=None, group=N
for u in res['inheritPermission']:
user_name.append(u.split("=")[1].split(",")[0])
# Don't show the result if the user diffined a specific permission, user or group
if app and not app_name in app:
# Don't show the result if the user defined a specific permission, user or group
if app and app_name not in app:
continue
if permission and not permission_name in permission:
if permission and permission_name not in permission:
continue
if username[0] and not set(username) & set(user_name):
continue
if group[0] and not set(group) & set(group_name):
continue
if not app_name in permissions:
if app_name not in permissions:
permissions[app_name] = {}
permissions[app_name][permission_name] = {'allowed_users':[], 'allowed_groups':[]}
permissions[app_name][permission_name] = {'allowed_users': [], 'allowed_groups': []}
for g in group_name:
permissions[app_name][permission_name]['allowed_groups'].append(g)
for u in user_name:
@ -160,16 +159,16 @@ def user_permission_update(operation_logger, auth, app=[], permission=None, add_
# Validate that the group exist
for g in add_group:
if not g in user_group_list(auth, ['cn'])['groups']:
if g not in user_group_list(auth, ['cn'])['groups']:
raise YunohostError('group_unknown', group=g)
for u in add_username:
if not u in user_list(auth, ['uid'])['users']:
if u not in user_list(auth, ['uid'])['users']:
raise YunohostError('user_unknown', user=u)
for g in del_group:
if not g in user_group_list(auth, ['cn'])['groups']:
if g not in user_group_list(auth, ['cn'])['groups']:
raise YunohostError('group_unknown', group=g)
for u in del_username:
if not u in user_list(auth, ['uid'])['users']:
if u not in user_list(auth, ['uid'])['users']:
raise YunohostError('user_unknown', user=u)
# Merge user and group (note that we consider all user as a group)
@ -193,7 +192,7 @@ def user_permission_update(operation_logger, auth, app=[], permission=None, add_
for a in app:
for per in permission:
permission_name = per + '.' + a
if not permission_name in result:
if permission_name not in result:
raise YunohostError('permission_not_found', permission=per, app=a)
new_per_dict[permission_name] = set()
if 'groupPermission' in result[permission_name]:
@ -203,7 +202,7 @@ def user_permission_update(operation_logger, auth, app=[], permission=None, add_
if 'cn=all_users,ou=groups,dc=yunohost,dc=org' in new_per_dict[permission_name]:
raise YunohostError('need_define_permission_before')
group_name = 'cn=' + g + ',ou=groups,dc=yunohost,dc=org'
if not group_name in new_per_dict[permission_name]:
if group_name not in new_per_dict[permission_name]:
logger.warning(m18n.n('group_already_disallowed', permission=per, app=a, group=g))
else:
new_per_dict[permission_name].remove(group_name)
@ -287,11 +286,11 @@ def user_permission_clear(operation_logger, auth, app=[], permission=None, sync_
for a in app:
for per in permission:
permission_name = per + '.' + a
if not permission_name in result:
if permission_name not in result:
raise YunohostError('permission_not_found', permission=per, app=a)
if 'groupPermission' in result[permission_name] and 'cn=all_users,ou=groups,dc=yunohost,dc=org' in result[permission_name]['groupPermission']:
logger.warning(m18n.n('permission_already_clear', permission=per, app=a))
continue
logger.warning(m18n.n('permission_already_clear', permission=per, app=a))
continue
if auth.update('cn=%s,ou=permission' % permission_name, default_permission):
logger.success(m18n.n('permission_updated', permission=per, app=a))
else:
@ -311,7 +310,7 @@ def user_permission_clear(operation_logger, auth, app=[], permission=None, sync_
return user_permission_list(auth, app, permission)
@is_unit_operation(['permission','app'])
@is_unit_operation(['permission', 'app'])
def permission_add(operation_logger, auth, app, permission, urls=None, default_allow=True, sync_perm=True):
"""
Create a new permission for a specific application
@ -325,7 +324,7 @@ def permission_add(operation_logger, auth, app, permission, urls=None, default_a
from yunohost.domain import _normalize_domain_path
# Validate uniqueness of permission in LDAP
permission_name = str(permission + '.' + app) # str(...) Fix encoding issue
permission_name = str(permission + '.' + app) # str(...) Fix encoding issue
conflict = auth.get_conflict({
'cn': permission_name
}, base_dn='ou=permission,dc=yunohost,dc=org')
@ -366,7 +365,7 @@ def permission_add(operation_logger, auth, app, permission, urls=None, default_a
raise YunohostError('permission_creation_failed')
@is_unit_operation(['permission','app'])
@is_unit_operation(['permission', 'app'])
def permission_update(operation_logger, auth, app, permission, add_url=None, remove_url=None, sync_perm=True):
"""
Update a permission for a specific application
@ -380,7 +379,7 @@ def permission_update(operation_logger, auth, app, permission, add_url=None, rem
"""
from yunohost.domain import _normalize_domain_path
permission_name = str(permission + '.' + app) # str(...) Fix encoding issue
permission_name = str(permission + '.' + app) # str(...) Fix encoding issue
# Populate permission informations
result = auth.search(base='ou=permission,dc=yunohost,dc=org',
@ -389,7 +388,7 @@ def permission_update(operation_logger, auth, app, permission, add_url=None, rem
raise YunohostError('permission_not_found', permission=permission, app=app)
permission_obj = result[0]
if not 'URL' in permission_obj:
if 'URL' not in permission_obj:
permission_obj['URL'] = []
url = set(permission_obj['URL'])
@ -412,7 +411,7 @@ def permission_update(operation_logger, auth, app, permission, add_url=None, rem
return user_permission_list(auth, app, permission)
operation_logger.start()
if auth.update('cn=%s,ou=permission' % permission_name, {'cn':permission_name, 'URL': url}):
if auth.update('cn=%s,ou=permission' % permission_name, {'cn': permission_name, 'URL': url}):
if sync_perm:
permission_sync_to_user(auth)
logger.success(m18n.n('permission_updated', permission=permission, app=app))
@ -421,7 +420,7 @@ def permission_update(operation_logger, auth, app, permission, add_url=None, rem
raise YunohostError('premission_update_failed')
@is_unit_operation(['permission','app'])
@is_unit_operation(['permission', 'app'])
def permission_remove(operation_logger, auth, app, permission, force=False, sync_perm=True):
"""
Remove a permission for a specific application

37
src/yunohost/user.py
View file

@ -209,7 +209,7 @@ def user_create(operation_logger, auth, username, firstname, lastname, mail, pas
except subprocess.CalledProcessError:
if not os.path.isdir('/home/{0}'.format(username)):
logger.warning(m18n.n('user_home_creation_failed'),
exc_info=1)
exc_info=1)
# Create group for user and add to group 'all_users'
user_group_add(auth, groupname=username, gid=uid, sync_perm=False)
@ -220,7 +220,7 @@ def user_create(operation_logger, auth, username, firstname, lastname, mail, pas
logger.success(m18n.n('user_created'))
hook_callback('post_user_create',
args=[username, mail, password, firstname, lastname])
args=[username, mail, password, firstname, lastname])
return {'fullname': fullname, 'username': username, 'mail': mail}
@ -469,10 +469,10 @@ def user_info(auth, username):
else:
raise YunohostError('user_info_failed')
#
# Group subcategory
#
#
def user_group_list(auth, fields=None):
"""
List users
@ -485,9 +485,9 @@ def user_group_list(auth, fields=None):
"""
group_attr = {
'cn' : 'groupname',
'member' : 'members',
'permission' : 'permission'
'cn': 'groupname',
'member': 'members',
'permission': 'permission'
}
attrs = ['cn']
groups = {}
@ -531,11 +531,12 @@ def user_group_list(auth, fields=None):
groupname = entry[group_attr['cn']]
groups[groupname] = entry
return {'groups' : groups}
return {'groups': groups}
@is_unit_operation([('groupname', 'user')])
def user_group_add(operation_logger, auth, groupname,gid=None, sync_perm=True):
def user_group_add(operation_logger, auth, groupname, gid=None, sync_perm=True):
"""
Create group
@ -645,7 +646,7 @@ def user_group_update(operation_logger, auth, groupname, add_user=None, remove_u
add_user = [add_user]
for user in add_user:
if not user in existing_users:
if user not in existing_users:
raise YunohostError('user_unknown', user=user)
for user in add_user:
@ -717,38 +718,44 @@ def user_group_info(auth, groupname):
result_dict['member'] = {m.split("=")[1].split(",")[0] for m in group['member']}
return result_dict
#
# Permission subcategory
#
#
import yunohost.permission
def user_permission_list(auth, app=None, permission=None, username=None, group=None, sync_perm=True):
import yunohost.permission
return yunohost.permission.user_permission_list(auth, app, permission, username, group)
@is_unit_operation([('app', 'user')])
def user_permission_add(operation_logger, auth, app, permission="main", username=None, group=None, sync_perm=True):
import yunohost.permission
return yunohost.permission.user_permission_update(operation_logger, auth, app, permission=permission,
add_username=username, add_group=group,
del_username=None, del_group=None,
sync_perm=sync_perm)
add_username=username, add_group=group,
del_username=None, del_group=None,
sync_perm=sync_perm)
@is_unit_operation([('app', 'user')])
def user_permission_remove(operation_logger, auth, app, permission="main", username=None, group=None, sync_perm=True):
import yunohost.permission
return yunohost.permission.user_permission_update(operation_logger, auth, app, permission=permission,
add_username=None, add_group=None,
del_username=username, del_group=group,
sync_perm=sync_perm)
@is_unit_operation([('app', 'user')])
def user_permission_clear(operation_logger, auth, app, permission=None, sync_perm=True):
import yunohost.permission
return yunohost.permission.user_permission_clear(operation_logger, auth, app, permission,
sync_perm=sync_perm)
#
# SSH subcategory
#
#
import yunohost.ssh