YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

Make the PEP gods happy

Browse source
This commit is contained in:
Alexandre Aubin 2019-03-05 03:13:14 +01:00
parent 650232b1c3
commit bca4e39b24
3 changed files with 50 additions and 45 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
src/yunohost/data_migrations/0009_setup_group_permission.py
View file

@ -1,7 +1,6 @@
import yaml import yaml
import time import time
import os import os
import shutil
from moulinette import m18n from moulinette import m18n
from moulinette.core import init_authenticator from moulinette.core import init_authenticator
@ -9,8 +8,7 @@ from yunohost.utils.error import YunohostError
from moulinette.utils.log import getActionLogger from moulinette.utils.log import getActionLogger
from yunohost.tools import Migration from yunohost.tools import Migration
from yunohost.utils.filesystem import free_space_in_directory, space_used_by_directory from yunohost.user import user_group_add, user_group_update
from yunohost.user import user_list, user_group_add, user_group_update
from yunohost.app import app_setting, app_list from yunohost.app import app_setting, app_list
from yunohost.service import service_regen_conf from yunohost.service import service_regen_conf
from yunohost.permission import permission_add, permission_sync_to_user from yunohost.permission import permission_add, permission_sync_to_user
@ -22,6 +20,7 @@ logger = getActionLogger('yunohost.migration')
# Tools used also for restoration # Tools used also for restoration
################################################### ###################################################
def migrate_LDAP_db(auth): def migrate_LDAP_db(auth):
logger.info(m18n.n("migration_0009_update_LDAP_database")) logger.info(m18n.n("migration_0009_update_LDAP_database"))
try: try:

29
src/yunohost/permission.py
View file

@ -30,11 +30,12 @@ import random
from moulinette import m18n from moulinette import m18n
from moulinette.utils.log import getActionLogger from moulinette.utils.log import getActionLogger
from yunohost.utils.error import YunohostError from yunohost.utils.error import YunohostError
from yunohost.user import user_list, user_group_list from yunohost.user import user_list
from yunohost.log import is_unit_operation from yunohost.log import is_unit_operation
logger = getActionLogger('yunohost.user') logger = getActionLogger('yunohost.user')
def user_permission_list(auth, app=None, permission=None, username=None, group=None): def user_permission_list(auth, app=None, permission=None, username=None, group=None):
""" """
List permission for specific application List permission for specific application
@ -47,8 +48,6 @@ def user_permission_list(auth, app=None, permission=None, username=None, group=N
""" """
user_l = user_list(auth, ['uid'])['users']
permission_attrs = [ permission_attrs = [
'cn', 'cn',
'groupPermission', 'groupPermission',
@ -86,17 +85,17 @@ def user_permission_list(auth, app=None, permission=None, username=None, group=N
for u in res['inheritPermission']: for u in res['inheritPermission']:
user_name.append(u.split("=")[1].split(",")[0]) user_name.append(u.split("=")[1].split(",")[0])
# Don't show the result if the user diffined a specific permission, user or group # Don't show the result if the user defined a specific permission, user or group
if app and not app_name in app: if app and app_name not in app:
continue continue
if permission and not permission_name in permission: if permission and permission_name not in permission:
continue continue
if username[0] and not set(username) & set(user_name): if username[0] and not set(username) & set(user_name):
continue continue
if group[0] and not set(group) & set(group_name): if group[0] and not set(group) & set(group_name):
continue continue
if not app_name in permissions: if app_name not in permissions:
permissions[app_name] = {} permissions[app_name] = {}
permissions[app_name][permission_name] = {'allowed_users': [], 'allowed_groups': []} permissions[app_name][permission_name] = {'allowed_users': [], 'allowed_groups': []}
@ -160,16 +159,16 @@ def user_permission_update(operation_logger, auth, app=[], permission=None, add_
# Validate that the group exist # Validate that the group exist
for g in add_group: for g in add_group:
if not g in user_group_list(auth, ['cn'])['groups']: if g not in user_group_list(auth, ['cn'])['groups']:
raise YunohostError('group_unknown', group=g) raise YunohostError('group_unknown', group=g)
for u in add_username: for u in add_username:
if not u in user_list(auth, ['uid'])['users']: if u not in user_list(auth, ['uid'])['users']:
raise YunohostError('user_unknown', user=u) raise YunohostError('user_unknown', user=u)
for g in del_group: for g in del_group:
if not g in user_group_list(auth, ['cn'])['groups']: if g not in user_group_list(auth, ['cn'])['groups']:
raise YunohostError('group_unknown', group=g) raise YunohostError('group_unknown', group=g)
for u in del_username: for u in del_username:
if not u in user_list(auth, ['uid'])['users']: if u not in user_list(auth, ['uid'])['users']:
raise YunohostError('user_unknown', user=u) raise YunohostError('user_unknown', user=u)
# Merge user and group (note that we consider all user as a group) # Merge user and group (note that we consider all user as a group)
@ -193,7 +192,7 @@ def user_permission_update(operation_logger, auth, app=[], permission=None, add_
for a in app: for a in app:
for per in permission: for per in permission:
permission_name = per + '.' + a permission_name = per + '.' + a
if not permission_name in result: if permission_name not in result:
raise YunohostError('permission_not_found', permission=per, app=a) raise YunohostError('permission_not_found', permission=per, app=a)
new_per_dict[permission_name] = set() new_per_dict[permission_name] = set()
if 'groupPermission' in result[permission_name]: if 'groupPermission' in result[permission_name]:
@ -203,7 +202,7 @@ def user_permission_update(operation_logger, auth, app=[], permission=None, add_
if 'cn=all_users,ou=groups,dc=yunohost,dc=org' in new_per_dict[permission_name]: if 'cn=all_users,ou=groups,dc=yunohost,dc=org' in new_per_dict[permission_name]:
raise YunohostError('need_define_permission_before') raise YunohostError('need_define_permission_before')
group_name = 'cn=' + g + ',ou=groups,dc=yunohost,dc=org' group_name = 'cn=' + g + ',ou=groups,dc=yunohost,dc=org'
if not group_name in new_per_dict[permission_name]: if group_name not in new_per_dict[permission_name]:
logger.warning(m18n.n('group_already_disallowed', permission=per, app=a, group=g)) logger.warning(m18n.n('group_already_disallowed', permission=per, app=a, group=g))
else: else:
new_per_dict[permission_name].remove(group_name) new_per_dict[permission_name].remove(group_name)
@ -287,7 +286,7 @@ def user_permission_clear(operation_logger, auth, app=[], permission=None, sync_
for a in app: for a in app:
for per in permission: for per in permission:
permission_name = per + '.' + a permission_name = per + '.' + a
if not permission_name in result: if permission_name not in result:
raise YunohostError('permission_not_found', permission=per, app=a) raise YunohostError('permission_not_found', permission=per, app=a)
if 'groupPermission' in result[permission_name] and 'cn=all_users,ou=groups,dc=yunohost,dc=org' in result[permission_name]['groupPermission']: if 'groupPermission' in result[permission_name] and 'cn=all_users,ou=groups,dc=yunohost,dc=org' in result[permission_name]['groupPermission']:
logger.warning(m18n.n('permission_already_clear', permission=per, app=a)) logger.warning(m18n.n('permission_already_clear', permission=per, app=a))
@ -389,7 +388,7 @@ def permission_update(operation_logger, auth, app, permission, add_url=None, rem
raise YunohostError('permission_not_found', permission=permission, app=app) raise YunohostError('permission_not_found', permission=permission, app=app)
permission_obj = result[0] permission_obj = result[0]
if not 'URL' in permission_obj: if 'URL' not in permission_obj:
permission_obj['URL'] = [] permission_obj['URL'] = []
url = set(permission_obj['URL']) url = set(permission_obj['URL'])

17
src/yunohost/user.py
View file

@ -469,10 +469,10 @@ def user_info(auth, username):
else: else:
raise YunohostError('user_info_failed') raise YunohostError('user_info_failed')
# #
# Group subcategory # Group subcategory
# #
#
def user_group_list(auth, fields=None): def user_group_list(auth, fields=None):
""" """
List users List users
@ -531,6 +531,7 @@ def user_group_list(auth, fields=None):
groupname = entry[group_attr['cn']] groupname = entry[group_attr['cn']]
groups[groupname] = entry groups[groupname] = entry
return {'groups': groups} return {'groups': groups}
@ -645,7 +646,7 @@ def user_group_update(operation_logger, auth, groupname, add_user=None, remove_u
add_user = [add_user] add_user = [add_user]
for user in add_user: for user in add_user:
if not user in existing_users: if user not in existing_users:
raise YunohostError('user_unknown', user=user) raise YunohostError('user_unknown', user=user)
for user in add_user: for user in add_user:
@ -717,38 +718,44 @@ def user_group_info(auth, groupname):
result_dict['member'] = {m.split("=")[1].split(",")[0] for m in group['member']} result_dict['member'] = {m.split("=")[1].split(",")[0] for m in group['member']}
return result_dict return result_dict
# #
# Permission subcategory # Permission subcategory
# #
#
import yunohost.permission
def user_permission_list(auth, app=None, permission=None, username=None, group=None, sync_perm=True): def user_permission_list(auth, app=None, permission=None, username=None, group=None, sync_perm=True):
import yunohost.permission
return yunohost.permission.user_permission_list(auth, app, permission, username, group) return yunohost.permission.user_permission_list(auth, app, permission, username, group)
@is_unit_operation([('app', 'user')]) @is_unit_operation([('app', 'user')])
def user_permission_add(operation_logger, auth, app, permission="main", username=None, group=None, sync_perm=True): def user_permission_add(operation_logger, auth, app, permission="main", username=None, group=None, sync_perm=True):
import yunohost.permission
return yunohost.permission.user_permission_update(operation_logger, auth, app, permission=permission, return yunohost.permission.user_permission_update(operation_logger, auth, app, permission=permission,
add_username=username, add_group=group, add_username=username, add_group=group,
del_username=None, del_group=None, del_username=None, del_group=None,
sync_perm=sync_perm) sync_perm=sync_perm)
@is_unit_operation([('app', 'user')]) @is_unit_operation([('app', 'user')])
def user_permission_remove(operation_logger, auth, app, permission="main", username=None, group=None, sync_perm=True): def user_permission_remove(operation_logger, auth, app, permission="main", username=None, group=None, sync_perm=True):
import yunohost.permission
return yunohost.permission.user_permission_update(operation_logger, auth, app, permission=permission, return yunohost.permission.user_permission_update(operation_logger, auth, app, permission=permission,
add_username=None, add_group=None, add_username=None, add_group=None,
del_username=username, del_group=group, del_username=username, del_group=group,
sync_perm=sync_perm) sync_perm=sync_perm)
@is_unit_operation([('app', 'user')]) @is_unit_operation([('app', 'user')])
def user_permission_clear(operation_logger, auth, app, permission=None, sync_perm=True): def user_permission_clear(operation_logger, auth, app, permission=None, sync_perm=True):
import yunohost.permission
return yunohost.permission.user_permission_clear(operation_logger, auth, app, permission, return yunohost.permission.user_permission_clear(operation_logger, auth, app, permission,
sync_perm=sync_perm) sync_perm=sync_perm)
# #
# SSH subcategory # SSH subcategory
# #
#
import yunohost.ssh import yunohost.ssh