mirror of
https://github.com/YunoHost/yunohost.git
synced 2024-09-03 20:06:10 +02:00
c.f. issue 1405 ... those 'if ldap.stuff()' are complete bullshit from the very beginning since they never return False : instead they trigger an exception which means the current error management is completely meaningless ... so this refactorize all the places if found those + add proper error messages
This commit is contained in:
Alexandre Aubin
parent
2e14834e6b
commit
bdad4ffd71
4 changed files with 144 additions and 112 deletions
|
|
@ -164,9 +164,9 @@
|
|||
"domain_cannot_remove_main": "Cannot remove main domain. Set a new main domain first",
|
||||
"domain_cert_gen_failed": "Unable to generate certificate",
|
||||
"domain_created": "The domain has been created",
|
||||
"domain_creation_failed": "Unable to create domain",
|
||||
"domain_creation_failed": "Failed to create domain {domain}: {error}",
|
||||
"domain_deleted": "The domain has been deleted",
|
||||
"domain_deletion_failed": "Unable to delete domain",
|
||||
"domain_deletion_failed": "Failed to delete domain {domain}: {error}",
|
||||
"domain_dns_conf_is_just_a_recommendation": "This command shows you what is the *recommended* configuration. It does not actually set up the DNS configuration for you. It is your responsability to configure your DNS zone in your registrar according to this recommendation.",
|
||||
"domain_dyndns_already_subscribed": "You've already subscribed to a DynDNS domain",
|
||||
"domain_dyndns_dynette_is_unreachable": "Unable to reach YunoHost dynette, either your YunoHost is not correctly connected to the internet or the dynette server is down. Error: {error}",
|
||||
|
|
@ -229,14 +229,14 @@
|
|||
"group_already_exist": "Group {group} already exist",
|
||||
"group_already_exist_on_system": "Group {group} already exists in the system group",
|
||||
"group_created": "Group '{group}' successfully created",
|
||||
"group_creation_failed": "Group creation failed for group '{group}'",
|
||||
"group_creation_failed": "Failed to create group {group}: {error}",
|
||||
"group_cannot_be_edited": "The group {group} cannot be edited manually.",
|
||||
"group_cannot_be_deleted": "The group {group} cannot be deleted manually.",
|
||||
"group_deleted": "Group '{group}' deleted",
|
||||
"group_deletion_failed": "Group '{group} 'deletion failed",
|
||||
"group_deletion_failed": "Failed to delete group {group}: {error}",
|
||||
"group_unknown": "Group {group} unknown",
|
||||
"group_updated": "Group '{group}' updated",
|
||||
"group_update_failed": "Group update failed for group '{group}'",
|
||||
"group_update_failed": "Failed to update group {group}: {error}",
|
||||
"group_user_already_in_group": "User {user} is already in group {group}",
|
||||
"group_user_not_in_group": "User {user} is not in group {group}",
|
||||
"hook_exec_failed": "Script execution failed: {path:s}",
|
||||
|
|
@ -430,11 +430,11 @@
|
|||
"permission_already_exist": "Permission '{permission}' already exists",
|
||||
"permission_cannot_remove_main": "Removing a main permission is not allowed",
|
||||
"permission_created": "Permission '{permission}' created",
|
||||
"permission_creation_failed": "Failed to create permission '{permission}'",
|
||||
"permission_creation_failed": "Failed to create permission '{permission}': {error}",
|
||||
"permission_deleted": "Permission '{permission}' deleted",
|
||||
"permission_deletion_failed": "Failed to delete permission '{permission}'",
|
||||
"permission_deletion_failed": "Failed to delete permission '{permission}': {error}",
|
||||
"permission_not_found": "Permission '{permission}' does not seem to exist ?",
|
||||
"permission_update_failed": "Failed to update permission '{permission}'",
|
||||
"permission_update_failed": "Failed to update permission '{permission}' : {error}",
|
||||
"permission_updated": "Permission '{permission}' updated",
|
||||
"permission_update_nothing_to_do": "No permissions to update",
|
||||
"port_already_closed": "Port {port:d} is already closed for {ip_version:s} connections",
|
||||
|
|
@ -556,13 +556,13 @@
|
|||
"upnp_enabled": "UPnP has been enabled",
|
||||
"upnp_port_open_failed": "Unable to open UPnP ports",
|
||||
"user_created": "The user has been created",
|
||||
"user_creation_failed": "Unable to create user",
|
||||
"user_creation_failed": "Unable to create user {user}: {error}",
|
||||
"user_deleted": "The user has been deleted",
|
||||
"user_deletion_failed": "Unable to delete user",
|
||||
"user_deletion_failed": "Unable to delete user {user}: {error}",
|
||||
"user_home_creation_failed": "Unable to create user home folder",
|
||||
"user_info_failed": "Unable to retrieve user information",
|
||||
"user_unknown": "Unknown user: {user:s}",
|
||||
"user_update_failed": "Unable to update user",
|
||||
"user_update_failed": "Unable to update user {user}: {error}",
|
||||
"user_updated": "The user has been updated",
|
||||
"users_available": "Available users:",
|
||||
"yunohost_already_installed": "YunoHost is already installed",
|
||||
|
|
|
|||
|
|
@ -112,8 +112,10 @@ def domain_add(operation_logger, domain, dyndns=False):
|
|||
'virtualdomain': domain,
|
||||
}
|
||||
|
||||
if not ldap.add('virtualdomain=%s,ou=domains' % domain, attr_dict):
|
||||
raise YunohostError('domain_creation_failed')
|
||||
try:
|
||||
ldap.add('virtualdomain=%s,ou=domains' % domain, attr_dict)
|
||||
except Exception as e:
|
||||
raise YunohostError('domain_creation_failed', domain=domain, error=e)
|
||||
|
||||
# Don't regen these conf if we're still in postinstall
|
||||
if os.path.exists('/etc/yunohost/installed'):
|
||||
|
|
@ -167,10 +169,12 @@ def domain_remove(operation_logger, domain, force=False):
|
|||
|
||||
operation_logger.start()
|
||||
ldap = _get_ldap_interface()
|
||||
if ldap.remove('virtualdomain=' + domain + ',ou=domains') or force:
|
||||
os.system('rm -rf /etc/yunohost/certs/%s' % domain)
|
||||
else:
|
||||
raise YunohostError('domain_deletion_failed')
|
||||
try:
|
||||
ldap.remove('virtualdomain=' + domain + ',ou=domains')
|
||||
except Exception as e:
|
||||
raise YunohostError('domain_deletion_failed', domain=domain, error=e)
|
||||
|
||||
os.system('rm -rf /etc/yunohost/certs/%s' % domain)
|
||||
|
||||
regen_conf(names=['nginx', 'metronome', 'dnsmasq', 'postfix'])
|
||||
app_ssowatconf()
|
||||
|
|
|
|||
|
|
@ -153,36 +153,37 @@ def user_permission_update(operation_logger, permission, add=None, remove=None,
|
|||
|
||||
operation_logger.start()
|
||||
|
||||
if ldap.update('cn=%s,ou=permission' % permission,
|
||||
{'groupPermission': ['cn=' + g + ',ou=groups,dc=yunohost,dc=org' for g in new_allowed_groups]}):
|
||||
logger.debug(m18n.n('permission_updated', permission=permission))
|
||||
try:
|
||||
ldap.update('cn=%s,ou=permission' % permission,
|
||||
{'groupPermission': ['cn=' + g + ',ou=groups,dc=yunohost,dc=org' for g in new_allowed_groups]})
|
||||
except Exception as e:
|
||||
raise YunohostError('permission_update_failed', permission=permission, error=e)
|
||||
|
||||
# Trigger permission sync if asked
|
||||
logger.debug(m18n.n('permission_updated', permission=permission))
|
||||
|
||||
if sync_perm:
|
||||
permission_sync_to_user()
|
||||
# Trigger permission sync if asked
|
||||
|
||||
new_permission = user_permission_list(full=True)["permissions"][permission]
|
||||
if sync_perm:
|
||||
permission_sync_to_user()
|
||||
|
||||
# Trigger app callbacks
|
||||
new_permission = user_permission_list(full=True)["permissions"][permission]
|
||||
|
||||
app = permission.split(".")[0]
|
||||
# Trigger app callbacks
|
||||
|
||||
old_allowed_users = set(existing_permission["corresponding_users"])
|
||||
new_allowed_users = set(new_permission["corresponding_users"])
|
||||
app = permission.split(".")[0]
|
||||
|
||||
effectively_added_users = new_allowed_users - old_allowed_users
|
||||
effectively_removed_users = old_allowed_users - new_allowed_users
|
||||
old_allowed_users = set(existing_permission["corresponding_users"])
|
||||
new_allowed_users = set(new_permission["corresponding_users"])
|
||||
|
||||
if effectively_added_users:
|
||||
hook_callback('post_app_addaccess', args=[app, ','.join(effectively_added_users)])
|
||||
if effectively_removed_users:
|
||||
hook_callback('post_app_removeaccess', args=[app, ','.join(effectively_removed_users)])
|
||||
effectively_added_users = new_allowed_users - old_allowed_users
|
||||
effectively_removed_users = old_allowed_users - new_allowed_users
|
||||
|
||||
return new_permission
|
||||
if effectively_added_users:
|
||||
hook_callback('post_app_addaccess', args=[app, ','.join(effectively_added_users)])
|
||||
if effectively_removed_users:
|
||||
hook_callback('post_app_removeaccess', args=[app, ','.join(effectively_removed_users)])
|
||||
|
||||
else:
|
||||
raise YunohostError('permission_update_failed', permission=permission)
|
||||
return new_permission
|
||||
|
||||
|
||||
@is_unit_operation()
|
||||
|
|
@ -209,10 +210,12 @@ def user_permission_reset(operation_logger, permission, sync_perm=True):
|
|||
operation_logger.start()
|
||||
|
||||
default_permission = {'groupPermission': ['cn=all_users,ou=groups,dc=yunohost,dc=org']}
|
||||
if ldap.update('cn=%s,ou=permission' % permission, default_permission):
|
||||
logger.debug(m18n.n('permission_updated', permission=permission))
|
||||
else:
|
||||
raise YunohostError('permission_update_failed', permission=permission)
|
||||
try:
|
||||
ldap.update('cn=%s,ou=permission' % permission, default_permission)
|
||||
except Exception as e:
|
||||
raise YunohostError('permission_update_failed', permission=permission, error=e)
|
||||
|
||||
logger.debug(m18n.n('permission_updated', permission=permission))
|
||||
|
||||
if sync_perm:
|
||||
permission_sync_to_user()
|
||||
|
|
@ -286,13 +289,17 @@ def permission_create(operation_logger, permission, urls=None, sync_perm=True):
|
|||
|
||||
operation_logger.related_to.append(('app', permission.split(".")[0]))
|
||||
operation_logger.start()
|
||||
if ldap.add('cn=%s,ou=permission' % permission, attr_dict):
|
||||
if sync_perm:
|
||||
permission_sync_to_user()
|
||||
logger.debug(m18n.n('permission_created', permission=permission))
|
||||
return user_permission_list(full=True)["permissions"][permission]
|
||||
else:
|
||||
raise YunohostError('permission_creation_failed')
|
||||
|
||||
try:
|
||||
ldap.add('cn=%s,ou=permission' % permission, attr_dict)
|
||||
except Exception as e:
|
||||
raise YunohostError('permission_creation_failed', permission=permission, error=e)
|
||||
|
||||
if sync_perm:
|
||||
permission_sync_to_user()
|
||||
|
||||
logger.debug(m18n.n('permission_created', permission=permission))
|
||||
return user_permission_list(full=True)["permissions"][permission]
|
||||
|
||||
|
||||
@is_unit_operation()
|
||||
|
|
@ -336,13 +343,17 @@ def permission_urls(operation_logger, permission, add=None, remove=None, sync_pe
|
|||
|
||||
operation_logger.related_to.append(('app', permission.split(".")[0]))
|
||||
operation_logger.start()
|
||||
if ldap.update('cn=%s,ou=permission' % permission, {'URL': new_urls}):
|
||||
if sync_perm:
|
||||
permission_sync_to_user()
|
||||
logger.debug(m18n.n('permission_updated', permission=permission))
|
||||
return user_permission_list(full=True)["permissions"][permission]
|
||||
else:
|
||||
raise YunohostError('permission_update_failed', permission=permission)
|
||||
|
||||
try:
|
||||
ldap.update('cn=%s,ou=permission' % permission, {'URL': new_urls})
|
||||
except Exception as e:
|
||||
raise YunohostError('permission_update_failed', permission=permission, error=e)
|
||||
|
||||
if sync_perm:
|
||||
permission_sync_to_user()
|
||||
|
||||
logger.debug(m18n.n('permission_updated', permission=permission))
|
||||
return user_permission_list(full=True)["permissions"][permission]
|
||||
|
||||
|
||||
@is_unit_operation()
|
||||
|
|
@ -370,12 +381,15 @@ def permission_delete(operation_logger, permission, force=False, sync_perm=True)
|
|||
|
||||
operation_logger.related_to.append(('app', permission.split(".")[0]))
|
||||
operation_logger.start()
|
||||
if ldap.remove('cn=%s,ou=permission' % permission):
|
||||
if sync_perm:
|
||||
permission_sync_to_user()
|
||||
logger.debug(m18n.n('permission_deleted', permission=permission))
|
||||
else:
|
||||
raise YunohostError('permission_deletion_failed', permission=permission)
|
||||
|
||||
try:
|
||||
ldap.remove('cn=%s,ou=permission' % permission)
|
||||
except Exception as e:
|
||||
raise YunohostError('permission_deletion_failed', permission=permission, error=e)
|
||||
|
||||
if sync_perm:
|
||||
permission_sync_to_user()
|
||||
logger.debug(m18n.n('permission_deleted', permission=permission))
|
||||
|
||||
|
||||
def permission_sync_to_user():
|
||||
|
|
@ -410,8 +424,10 @@ def permission_sync_to_user():
|
|||
'memberUid': should_be_allowed_users}
|
||||
|
||||
# Commit the change with the new inherited stuff
|
||||
if not ldap.update('cn=%s,ou=permission' % permission_name, new_inherited_perms):
|
||||
raise YunohostError('permission_update_failed', permission=permission_name)
|
||||
try:
|
||||
ldap.update('cn=%s,ou=permission' % permission_name, new_inherited_perms)
|
||||
except Exception as e:
|
||||
raise YunohostError('permission_update_failed', permission=permission_name, error=e)
|
||||
|
||||
logger.debug("The permission database has been resynchronized")
|
||||
|
||||
|
|
@ -421,6 +437,7 @@ def permission_sync_to_user():
|
|||
os.system('nscd --invalidate=passwd')
|
||||
os.system('nscd --invalidate=group')
|
||||
|
||||
|
||||
def _normalize_url(url):
|
||||
from yunohost.domain import _normalize_domain_path
|
||||
domain = url[:url.index('/')]
|
||||
|
|
|
|||
|
|
@ -205,32 +205,34 @@ def user_create(operation_logger, username, firstname, lastname, mail, password,
|
|||
except IOError as e:
|
||||
raise YunohostError('ssowat_persistent_conf_write_error', error=e.strerror)
|
||||
|
||||
if ldap.add('uid=%s,ou=users' % username, attr_dict):
|
||||
# Invalidate passwd to take user creation into account
|
||||
subprocess.call(['nscd', '-i', 'passwd'])
|
||||
try:
|
||||
ldap.add('uid=%s,ou=users' % username, attr_dict)
|
||||
except Exception as e:
|
||||
raise YunohostError('user_creation_failed', user=username, error=e)
|
||||
|
||||
try:
|
||||
# Attempt to create user home folder
|
||||
subprocess.check_call(
|
||||
['su', '-', username, '-c', "''"])
|
||||
except subprocess.CalledProcessError:
|
||||
if not os.path.isdir('/home/{0}'.format(username)):
|
||||
logger.warning(m18n.n('user_home_creation_failed'),
|
||||
exc_info=1)
|
||||
# Invalidate passwd to take user creation into account
|
||||
subprocess.call(['nscd', '-i', 'passwd'])
|
||||
|
||||
# Create group for user and add to group 'all_users'
|
||||
user_group_create(groupname=username, gid=uid, primary_group=True, sync_perm=False)
|
||||
user_group_update(groupname='all_users', add=username, force=True, sync_perm=True)
|
||||
try:
|
||||
# Attempt to create user home folder
|
||||
subprocess.check_call(
|
||||
['su', '-', username, '-c', "''"])
|
||||
except subprocess.CalledProcessError:
|
||||
if not os.path.isdir('/home/{0}'.format(username)):
|
||||
logger.warning(m18n.n('user_home_creation_failed'),
|
||||
exc_info=1)
|
||||
|
||||
# TODO: Send a welcome mail to user
|
||||
logger.success(m18n.n('user_created'))
|
||||
# Create group for user and add to group 'all_users'
|
||||
user_group_create(groupname=username, gid=uid, primary_group=True, sync_perm=False)
|
||||
user_group_update(groupname='all_users', add=username, force=True, sync_perm=True)
|
||||
|
||||
hook_callback('post_user_create',
|
||||
args=[username, mail, password, firstname, lastname])
|
||||
# TODO: Send a welcome mail to user
|
||||
logger.success(m18n.n('user_created'))
|
||||
|
||||
return {'fullname': fullname, 'username': username, 'mail': mail}
|
||||
hook_callback('post_user_create',
|
||||
args=[username, mail, password, firstname, lastname])
|
||||
|
||||
raise YunohostError('user_creation_failed')
|
||||
return {'fullname': fullname, 'username': username, 'mail': mail}
|
||||
|
||||
|
||||
@is_unit_operation([('username', 'user')])
|
||||
|
|
@ -258,15 +260,17 @@ def user_delete(operation_logger, username, purge=False):
|
|||
user_group_delete(username, force=True, sync_perm=True)
|
||||
|
||||
ldap = _get_ldap_interface()
|
||||
if ldap.remove('uid=%s,ou=users' % username):
|
||||
# Invalidate passwd to take user deletion into account
|
||||
subprocess.call(['nscd', '-i', 'passwd'])
|
||||
try:
|
||||
ldap.remove('uid=%s,ou=users' % username)
|
||||
except Exception as e:
|
||||
raise YunohostError('user_deletion_failed', user=username, error=e)
|
||||
|
||||
if purge:
|
||||
subprocess.call(['rm', '-rf', '/home/{0}'.format(username)])
|
||||
subprocess.call(['rm', '-rf', '/var/mail/{0}'.format(username)])
|
||||
else:
|
||||
raise YunohostError('user_deletion_failed')
|
||||
# Invalidate passwd to take user deletion into account
|
||||
subprocess.call(['nscd', '-i', 'passwd'])
|
||||
|
||||
if purge:
|
||||
subprocess.call(['rm', '-rf', '/home/{0}'.format(username)])
|
||||
subprocess.call(['rm', '-rf', '/var/mail/{0}'.format(username)])
|
||||
|
||||
hook_callback('post_user_delete', args=[username, purge])
|
||||
|
||||
|
|
@ -387,12 +391,14 @@ def user_update(operation_logger, username, firstname=None, lastname=None, mail=
|
|||
|
||||
operation_logger.start()
|
||||
|
||||
if ldap.update('uid=%s,ou=users' % username, new_attr_dict):
|
||||
logger.success(m18n.n('user_updated'))
|
||||
app_ssowatconf()
|
||||
return user_info(username)
|
||||
else:
|
||||
raise YunohostError('user_update_failed')
|
||||
try:
|
||||
ldap.update('uid=%s,ou=users' % username, new_attr_dict)
|
||||
except Exception as e:
|
||||
raise YunohostError('user_update_failed', user=username, error=e)
|
||||
|
||||
logger.success(m18n.n('user_updated'))
|
||||
app_ssowatconf()
|
||||
return user_info(username)
|
||||
|
||||
|
||||
def user_info(username):
|
||||
|
|
@ -476,10 +482,7 @@ def user_info(username):
|
|||
'use': storage_use
|
||||
}
|
||||
|
||||
if result:
|
||||
return result_dict
|
||||
else:
|
||||
raise YunohostError('user_info_failed')
|
||||
return result_dict
|
||||
|
||||
|
||||
#
|
||||
|
|
@ -569,13 +572,16 @@ def user_group_create(operation_logger, groupname, gid=None, primary_group=False
|
|||
attr_dict["member"] = ["uid=" + groupname + ",ou=users,dc=yunohost,dc=org"]
|
||||
|
||||
operation_logger.start()
|
||||
if ldap.add('cn=%s,ou=groups' % groupname, attr_dict):
|
||||
logger.success(m18n.n('group_created', group=groupname))
|
||||
if sync_perm:
|
||||
permission_sync_to_user()
|
||||
return {'name': groupname}
|
||||
try:
|
||||
ldap.add('cn=%s,ou=groups' % groupname, attr_dict)
|
||||
except Exception as e:
|
||||
raise YunohostError('group_creation_failed', group=groupname, error=e)
|
||||
|
||||
raise YunohostError('group_creation_failed', group=groupname)
|
||||
if sync_perm:
|
||||
permission_sync_to_user()
|
||||
|
||||
logger.success(m18n.n('group_created', group=groupname))
|
||||
return {'name': groupname}
|
||||
|
||||
|
||||
@is_unit_operation([('groupname', 'group')])
|
||||
|
|
@ -601,13 +607,16 @@ def user_group_delete(operation_logger, groupname, force=False, sync_perm=True):
|
|||
|
||||
operation_logger.start()
|
||||
ldap = _get_ldap_interface()
|
||||
if not ldap.remove('cn=%s,ou=groups' % groupname):
|
||||
raise YunohostError('group_deletion_failed', group=groupname)
|
||||
try:
|
||||
ldap.remove('cn=%s,ou=groups' % groupname)
|
||||
except Exception as e:
|
||||
raise YunohostError('group_deletion_failed', group=groupname, error=e)
|
||||
|
||||
logger.success(m18n.n('group_deleted', group=groupname))
|
||||
if sync_perm:
|
||||
permission_sync_to_user()
|
||||
|
||||
logger.success(m18n.n('group_deleted', group=groupname))
|
||||
|
||||
|
||||
@is_unit_operation([('groupname', 'group')])
|
||||
def user_group_update(operation_logger, groupname, add=None, remove=None, force=False, sync_perm=True):
|
||||
|
|
@ -668,8 +677,10 @@ def user_group_update(operation_logger, groupname, add=None, remove=None, force=
|
|||
if set(new_group) != set(current_group):
|
||||
operation_logger.start()
|
||||
ldap = _get_ldap_interface()
|
||||
if not ldap.update('cn=%s,ou=groups' % groupname, {"member": set(new_group_dns), "memberUid": set(new_group)}):
|
||||
raise YunohostError('group_update_failed', group=groupname)
|
||||
try:
|
||||
ldap.update('cn=%s,ou=groups' % groupname, {"member": set(new_group_dns), "memberUid": set(new_group)})
|
||||
except Exception as e:
|
||||
raise YunohostError('group_update_failed', group=groupname, error=e)
|
||||
|
||||
logger.success(m18n.n('group_updated', group=groupname))
|
||||
if sync_perm:
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue