YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

Make the PEP gods happy

Browse source
This commit is contained in:
Alexandre Aubin 2019-03-05 03:13:14 +01:00
parent 650232b1c3
commit bca4e39b24
3 changed files with 50 additions and 45 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
src/yunohost/data_migrations/0009_setup_group_permission.py
View file

@ -1,7 +1,6 @@
import yaml
import time
import os
import shutil
from moulinette import m18n
from moulinette.core import init_authenticator
@ -9,8 +8,7 @@ from yunohost.utils.error import YunohostError
from moulinette.utils.log import getActionLogger
from yunohost.tools import Migration
from yunohost.utils.filesystem import free_space_in_directory, space_used_by_directory
from yunohost.user import user_list, user_group_add, user_group_update
from yunohost.user import user_group_add, user_group_update
from yunohost.app import app_setting, app_list
from yunohost.service import service_regen_conf
from yunohost.permission import permission_add, permission_sync_to_user
@ -22,6 +20,7 @@ logger = getActionLogger('yunohost.migration')
# Tools used also for restoration
###################################################
def migrate_LDAP_db(auth):
logger.info(m18n.n("migration_0009_update_LDAP_database"))
try:

29
src/yunohost/permission.py
View file

@ -30,11 +30,12 @@ import random
from moulinette import m18n
from moulinette.utils.log import getActionLogger
from yunohost.utils.error import YunohostError
from yunohost.user import user_list, user_group_list
from yunohost.user import user_list
from yunohost.log import is_unit_operation
logger = getActionLogger('yunohost.user')
def user_permission_list(auth, app=None, permission=None, username=None, group=None):
"""
List permission for specific application
@ -47,8 +48,6 @@ def user_permission_list(auth, app=None, permission=None, username=None, group=N
"""
user_l = user_list(auth, ['uid'])['users']
permission_attrs = [
'cn',
'groupPermission',
@ -86,17 +85,17 @@ def user_permission_list(auth, app=None, permission=None, username=None, group=N
for u in res['inheritPermission']:
user_name.append(u.split("=")[1].split(",")[0])
# Don't show the result if the user diffined a specific permission, user or group
if app and not app_name in app:
# Don't show the result if the user defined a specific permission, user or group
if app and app_name not in app:
continue
if permission and not permission_name in permission:
if permission and permission_name not in permission:
continue
if username[0] and not set(username) & set(user_name):
continue
if group[0] and not set(group) & set(group_name):
continue
if not app_name in permissions:
if app_name not in permissions:
permissions[app_name] = {}
permissions[app_name][permission_name] = {'allowed_users': [], 'allowed_groups': []}
@ -160,16 +159,16 @@ def user_permission_update(operation_logger, auth, app=[], permission=None, add_
# Validate that the group exist
for g in add_group:
if not g in user_group_list(auth, ['cn'])['groups']:
if g not in user_group_list(auth, ['cn'])['groups']:
raise YunohostError('group_unknown', group=g)
for u in add_username:
if not u in user_list(auth, ['uid'])['users']:
if u not in user_list(auth, ['uid'])['users']:
raise YunohostError('user_unknown', user=u)
for g in del_group:
if not g in user_group_list(auth, ['cn'])['groups']:
if g not in user_group_list(auth, ['cn'])['groups']:
raise YunohostError('group_unknown', group=g)
for u in del_username:
if not u in user_list(auth, ['uid'])['users']:
if u not in user_list(auth, ['uid'])['users']:
raise YunohostError('user_unknown', user=u)
# Merge user and group (note that we consider all user as a group)
@ -193,7 +192,7 @@ def user_permission_update(operation_logger, auth, app=[], permission=None, add_
for a in app:
for per in permission:
permission_name = per + '.' + a
if not permission_name in result:
if permission_name not in result:
raise YunohostError('permission_not_found', permission=per, app=a)
new_per_dict[permission_name] = set()
if 'groupPermission' in result[permission_name]:
@ -203,7 +202,7 @@ def user_permission_update(operation_logger, auth, app=[], permission=None, add_
if 'cn=all_users,ou=groups,dc=yunohost,dc=org' in new_per_dict[permission_name]:
raise YunohostError('need_define_permission_before')
group_name = 'cn=' + g + ',ou=groups,dc=yunohost,dc=org'
if not group_name in new_per_dict[permission_name]:
if group_name not in new_per_dict[permission_name]:
logger.warning(m18n.n('group_already_disallowed', permission=per, app=a, group=g))
else:
new_per_dict[permission_name].remove(group_name)
@ -287,7 +286,7 @@ def user_permission_clear(operation_logger, auth, app=[], permission=None, sync_
for a in app:
for per in permission:
permission_name = per + '.' + a
if not permission_name in result:
if permission_name not in result:
raise YunohostError('permission_not_found', permission=per, app=a)
if 'groupPermission' in result[permission_name] and 'cn=all_users,ou=groups,dc=yunohost,dc=org' in result[permission_name]['groupPermission']:
logger.warning(m18n.n('permission_already_clear', permission=per, app=a))
@ -389,7 +388,7 @@ def permission_update(operation_logger, auth, app, permission, add_url=None, rem
raise YunohostError('permission_not_found', permission=permission, app=app)
permission_obj = result[0]
if not 'URL' in permission_obj:
if 'URL' not in permission_obj:
permission_obj['URL'] = []
url = set(permission_obj['URL'])

17
src/yunohost/user.py
View file

@ -469,10 +469,10 @@ def user_info(auth, username):
else:
raise YunohostError('user_info_failed')
#
# Group subcategory
#
#
def user_group_list(auth, fields=None):
"""
List users
@ -531,6 +531,7 @@ def user_group_list(auth, fields=None):
groupname = entry[group_attr['cn']]
groups[groupname] = entry
return {'groups': groups}
@ -645,7 +646,7 @@ def user_group_update(operation_logger, auth, groupname, add_user=None, remove_u
add_user = [add_user]
for user in add_user:
if not user in existing_users:
if user not in existing_users:
raise YunohostError('user_unknown', user=user)
for user in add_user:
@ -717,38 +718,44 @@ def user_group_info(auth, groupname):
result_dict['member'] = {m.split("=")[1].split(",")[0] for m in group['member']}
return result_dict
#
# Permission subcategory
#
#
import yunohost.permission
def user_permission_list(auth, app=None, permission=None, username=None, group=None, sync_perm=True):
import yunohost.permission
return yunohost.permission.user_permission_list(auth, app, permission, username, group)
@is_unit_operation([('app', 'user')])
def user_permission_add(operation_logger, auth, app, permission="main", username=None, group=None, sync_perm=True):
import yunohost.permission
return yunohost.permission.user_permission_update(operation_logger, auth, app, permission=permission,
add_username=username, add_group=group,
del_username=None, del_group=None,
sync_perm=sync_perm)
@is_unit_operation([('app', 'user')])
def user_permission_remove(operation_logger, auth, app, permission="main", username=None, group=None, sync_perm=True):
import yunohost.permission
return yunohost.permission.user_permission_update(operation_logger, auth, app, permission=permission,
add_username=None, add_group=None,
del_username=username, del_group=group,
sync_perm=sync_perm)
@is_unit_operation([('app', 'user')])
def user_permission_clear(operation_logger, auth, app, permission=None, sync_perm=True):
import yunohost.permission
return yunohost.permission.user_permission_clear(operation_logger, auth, app, permission,
sync_perm=sync_perm)
#
# SSH subcategory
#
#
import yunohost.ssh