From bca4e39b2466d6bda68c489ef456a384b0bef991 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Tue, 5 Mar 2019 03:13:14 +0100 Subject: [PATCH] Make the PEP gods happy --- .../0009_setup_group_permission.py | 11 ++--- src/yunohost/permission.py | 47 +++++++++---------- src/yunohost/user.py | 37 +++++++++------ 3 files changed, 50 insertions(+), 45 deletions(-) diff --git a/src/yunohost/data_migrations/0009_setup_group_permission.py b/src/yunohost/data_migrations/0009_setup_group_permission.py index a1f4ca6ee..3c6958cac 100644 --- a/src/yunohost/data_migrations/0009_setup_group_permission.py +++ b/src/yunohost/data_migrations/0009_setup_group_permission.py @@ -1,7 +1,6 @@ import yaml import time import os -import shutil from moulinette import m18n from moulinette.core import init_authenticator @@ -9,8 +8,7 @@ from yunohost.utils.error import YunohostError from moulinette.utils.log import getActionLogger from yunohost.tools import Migration -from yunohost.utils.filesystem import free_space_in_directory, space_used_by_directory -from yunohost.user import user_list, user_group_add, user_group_update +from yunohost.user import user_group_add, user_group_update from yunohost.app import app_setting, app_list from yunohost.service import service_regen_conf from yunohost.permission import permission_add, permission_sync_to_user @@ -22,6 +20,7 @@ logger = getActionLogger('yunohost.migration') # Tools used also for restoration ################################################### + def migrate_LDAP_db(auth): logger.info(m18n.n("migration_0009_update_LDAP_database")) try: @@ -46,7 +45,7 @@ def migrate_LDAP_db(auth): logger.info(m18n.n("migration_0009_create_group")) - #Create a group for each yunohost user + # Create a group for each yunohost user user_list = auth.search('ou=users,dc=yunohost,dc=org', '(&(objectclass=person)(!(uid=root))(!(uid=nobody)))', ['uid', 'uidNumber']) @@ -116,7 +115,7 @@ class MyMigration(Migration): 'user_rdn': 'gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth'} auth = init_authenticator(AUTH_IDENTIFIER, AUTH_PARAMETERS) - #Update LDAP database + # Update LDAP database migrate_LDAP_db(auth) # Migrate permission @@ -126,7 +125,7 @@ class MyMigration(Migration): except Exception as e: logger.warn(m18n.n("migration_0009_migration_failed_trying_to_rollback")) os.system("systemctl stop slapd") - os.system("rm -r /etc/ldap/slapd.d") # To be sure that we don't keep some part of the old config + os.system("rm -r /etc/ldap/slapd.d") # To be sure that we don't keep some part of the old config os.system("cp -r --preserve %s/ldap_config/. /etc/ldap/" % backup_folder) os.system("cp -r --preserve %s/ldap_db/. /var/lib/ldap/" % backup_folder) os.system("cp -r --preserve %s/apps_settings/. /etc/yunohost/apps/" % backup_folder) diff --git a/src/yunohost/permission.py b/src/yunohost/permission.py index aabf7f7a0..57de63f25 100644 --- a/src/yunohost/permission.py +++ b/src/yunohost/permission.py @@ -30,11 +30,12 @@ import random from moulinette import m18n from moulinette.utils.log import getActionLogger from yunohost.utils.error import YunohostError -from yunohost.user import user_list, user_group_list +from yunohost.user import user_list from yunohost.log import is_unit_operation logger = getActionLogger('yunohost.user') + def user_permission_list(auth, app=None, permission=None, username=None, group=None): """ List permission for specific application @@ -47,8 +48,6 @@ def user_permission_list(auth, app=None, permission=None, username=None, group=N """ - user_l = user_list(auth, ['uid'])['users'] - permission_attrs = [ 'cn', 'groupPermission', @@ -86,20 +85,20 @@ def user_permission_list(auth, app=None, permission=None, username=None, group=N for u in res['inheritPermission']: user_name.append(u.split("=")[1].split(",")[0]) - # Don't show the result if the user diffined a specific permission, user or group - if app and not app_name in app: + # Don't show the result if the user defined a specific permission, user or group + if app and app_name not in app: continue - if permission and not permission_name in permission: + if permission and permission_name not in permission: continue if username[0] and not set(username) & set(user_name): continue if group[0] and not set(group) & set(group_name): continue - if not app_name in permissions: + if app_name not in permissions: permissions[app_name] = {} - permissions[app_name][permission_name] = {'allowed_users':[], 'allowed_groups':[]} + permissions[app_name][permission_name] = {'allowed_users': [], 'allowed_groups': []} for g in group_name: permissions[app_name][permission_name]['allowed_groups'].append(g) for u in user_name: @@ -160,16 +159,16 @@ def user_permission_update(operation_logger, auth, app=[], permission=None, add_ # Validate that the group exist for g in add_group: - if not g in user_group_list(auth, ['cn'])['groups']: + if g not in user_group_list(auth, ['cn'])['groups']: raise YunohostError('group_unknown', group=g) for u in add_username: - if not u in user_list(auth, ['uid'])['users']: + if u not in user_list(auth, ['uid'])['users']: raise YunohostError('user_unknown', user=u) for g in del_group: - if not g in user_group_list(auth, ['cn'])['groups']: + if g not in user_group_list(auth, ['cn'])['groups']: raise YunohostError('group_unknown', group=g) for u in del_username: - if not u in user_list(auth, ['uid'])['users']: + if u not in user_list(auth, ['uid'])['users']: raise YunohostError('user_unknown', user=u) # Merge user and group (note that we consider all user as a group) @@ -193,7 +192,7 @@ def user_permission_update(operation_logger, auth, app=[], permission=None, add_ for a in app: for per in permission: permission_name = per + '.' + a - if not permission_name in result: + if permission_name not in result: raise YunohostError('permission_not_found', permission=per, app=a) new_per_dict[permission_name] = set() if 'groupPermission' in result[permission_name]: @@ -203,7 +202,7 @@ def user_permission_update(operation_logger, auth, app=[], permission=None, add_ if 'cn=all_users,ou=groups,dc=yunohost,dc=org' in new_per_dict[permission_name]: raise YunohostError('need_define_permission_before') group_name = 'cn=' + g + ',ou=groups,dc=yunohost,dc=org' - if not group_name in new_per_dict[permission_name]: + if group_name not in new_per_dict[permission_name]: logger.warning(m18n.n('group_already_disallowed', permission=per, app=a, group=g)) else: new_per_dict[permission_name].remove(group_name) @@ -287,11 +286,11 @@ def user_permission_clear(operation_logger, auth, app=[], permission=None, sync_ for a in app: for per in permission: permission_name = per + '.' + a - if not permission_name in result: + if permission_name not in result: raise YunohostError('permission_not_found', permission=per, app=a) if 'groupPermission' in result[permission_name] and 'cn=all_users,ou=groups,dc=yunohost,dc=org' in result[permission_name]['groupPermission']: - logger.warning(m18n.n('permission_already_clear', permission=per, app=a)) - continue + logger.warning(m18n.n('permission_already_clear', permission=per, app=a)) + continue if auth.update('cn=%s,ou=permission' % permission_name, default_permission): logger.success(m18n.n('permission_updated', permission=per, app=a)) else: @@ -311,7 +310,7 @@ def user_permission_clear(operation_logger, auth, app=[], permission=None, sync_ return user_permission_list(auth, app, permission) -@is_unit_operation(['permission','app']) +@is_unit_operation(['permission', 'app']) def permission_add(operation_logger, auth, app, permission, urls=None, default_allow=True, sync_perm=True): """ Create a new permission for a specific application @@ -325,7 +324,7 @@ def permission_add(operation_logger, auth, app, permission, urls=None, default_a from yunohost.domain import _normalize_domain_path # Validate uniqueness of permission in LDAP - permission_name = str(permission + '.' + app) # str(...) Fix encoding issue + permission_name = str(permission + '.' + app) # str(...) Fix encoding issue conflict = auth.get_conflict({ 'cn': permission_name }, base_dn='ou=permission,dc=yunohost,dc=org') @@ -366,7 +365,7 @@ def permission_add(operation_logger, auth, app, permission, urls=None, default_a raise YunohostError('permission_creation_failed') -@is_unit_operation(['permission','app']) +@is_unit_operation(['permission', 'app']) def permission_update(operation_logger, auth, app, permission, add_url=None, remove_url=None, sync_perm=True): """ Update a permission for a specific application @@ -380,7 +379,7 @@ def permission_update(operation_logger, auth, app, permission, add_url=None, rem """ from yunohost.domain import _normalize_domain_path - permission_name = str(permission + '.' + app) # str(...) Fix encoding issue + permission_name = str(permission + '.' + app) # str(...) Fix encoding issue # Populate permission informations result = auth.search(base='ou=permission,dc=yunohost,dc=org', @@ -389,7 +388,7 @@ def permission_update(operation_logger, auth, app, permission, add_url=None, rem raise YunohostError('permission_not_found', permission=permission, app=app) permission_obj = result[0] - if not 'URL' in permission_obj: + if 'URL' not in permission_obj: permission_obj['URL'] = [] url = set(permission_obj['URL']) @@ -412,7 +411,7 @@ def permission_update(operation_logger, auth, app, permission, add_url=None, rem return user_permission_list(auth, app, permission) operation_logger.start() - if auth.update('cn=%s,ou=permission' % permission_name, {'cn':permission_name, 'URL': url}): + if auth.update('cn=%s,ou=permission' % permission_name, {'cn': permission_name, 'URL': url}): if sync_perm: permission_sync_to_user(auth) logger.success(m18n.n('permission_updated', permission=permission, app=app)) @@ -421,7 +420,7 @@ def permission_update(operation_logger, auth, app, permission, add_url=None, rem raise YunohostError('premission_update_failed') -@is_unit_operation(['permission','app']) +@is_unit_operation(['permission', 'app']) def permission_remove(operation_logger, auth, app, permission, force=False, sync_perm=True): """ Remove a permission for a specific application diff --git a/src/yunohost/user.py b/src/yunohost/user.py index d6981ed36..0fca858a3 100644 --- a/src/yunohost/user.py +++ b/src/yunohost/user.py @@ -209,7 +209,7 @@ def user_create(operation_logger, auth, username, firstname, lastname, mail, pas except subprocess.CalledProcessError: if not os.path.isdir('/home/{0}'.format(username)): logger.warning(m18n.n('user_home_creation_failed'), - exc_info=1) + exc_info=1) # Create group for user and add to group 'all_users' user_group_add(auth, groupname=username, gid=uid, sync_perm=False) @@ -220,7 +220,7 @@ def user_create(operation_logger, auth, username, firstname, lastname, mail, pas logger.success(m18n.n('user_created')) hook_callback('post_user_create', - args=[username, mail, password, firstname, lastname]) + args=[username, mail, password, firstname, lastname]) return {'fullname': fullname, 'username': username, 'mail': mail} @@ -469,10 +469,10 @@ def user_info(auth, username): else: raise YunohostError('user_info_failed') + # # Group subcategory # -# def user_group_list(auth, fields=None): """ List users @@ -485,9 +485,9 @@ def user_group_list(auth, fields=None): """ group_attr = { - 'cn' : 'groupname', - 'member' : 'members', - 'permission' : 'permission' + 'cn': 'groupname', + 'member': 'members', + 'permission': 'permission' } attrs = ['cn'] groups = {} @@ -531,11 +531,12 @@ def user_group_list(auth, fields=None): groupname = entry[group_attr['cn']] groups[groupname] = entry - return {'groups' : groups} + + return {'groups': groups} @is_unit_operation([('groupname', 'user')]) -def user_group_add(operation_logger, auth, groupname,gid=None, sync_perm=True): +def user_group_add(operation_logger, auth, groupname, gid=None, sync_perm=True): """ Create group @@ -645,7 +646,7 @@ def user_group_update(operation_logger, auth, groupname, add_user=None, remove_u add_user = [add_user] for user in add_user: - if not user in existing_users: + if user not in existing_users: raise YunohostError('user_unknown', user=user) for user in add_user: @@ -717,38 +718,44 @@ def user_group_info(auth, groupname): result_dict['member'] = {m.split("=")[1].split(",")[0] for m in group['member']} return result_dict + # # Permission subcategory # -# -import yunohost.permission def user_permission_list(auth, app=None, permission=None, username=None, group=None, sync_perm=True): + import yunohost.permission return yunohost.permission.user_permission_list(auth, app, permission, username, group) + @is_unit_operation([('app', 'user')]) def user_permission_add(operation_logger, auth, app, permission="main", username=None, group=None, sync_perm=True): + import yunohost.permission return yunohost.permission.user_permission_update(operation_logger, auth, app, permission=permission, - add_username=username, add_group=group, - del_username=None, del_group=None, - sync_perm=sync_perm) + add_username=username, add_group=group, + del_username=None, del_group=None, + sync_perm=sync_perm) + @is_unit_operation([('app', 'user')]) def user_permission_remove(operation_logger, auth, app, permission="main", username=None, group=None, sync_perm=True): + import yunohost.permission return yunohost.permission.user_permission_update(operation_logger, auth, app, permission=permission, add_username=None, add_group=None, del_username=username, del_group=group, sync_perm=sync_perm) + @is_unit_operation([('app', 'user')]) def user_permission_clear(operation_logger, auth, app, permission=None, sync_perm=True): + import yunohost.permission return yunohost.permission.user_permission_clear(operation_logger, auth, app, permission, sync_perm=sync_perm) + # # SSH subcategory # -# import yunohost.ssh