You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

124 lines
5.0 KiB

10 years ago
  1. # -*- coding: utf-8 -*-
  2. ##############################################################################
  3. #
  4. # OpenERP, Open Source Management Solution
  5. # This module copyright (C) 2012 Therp BV (<http://therp.nl>).
  6. #
  7. # This program is free software: you can redistribute it and/or modify
  8. # it under the terms of the GNU Affero General Public License as
  9. # published by the Free Software Foundation, either version 3 of the
  10. # License, or (at your option) any later version.
  11. #
  12. # This program is distributed in the hope that it will be useful,
  13. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15. # GNU Affero General Public License for more details.
  16. #
  17. # You should have received a copy of the GNU Affero General Public License
  18. # along with this program. If not, see <http://www.gnu.org/licenses/>.
  19. #
  20. ##############################################################################
  21. import logging
  22. import inspect
  23. from openerp.osv import fields, orm
  24. from . import users_ldap_groups_operators
  25. class CompanyLDAPGroupMapping(orm.Model):
  26. _name = 'res.company.ldap.group_mapping'
  27. _rec_name = 'ldap_attribute'
  28. _order = 'ldap_attribute'
  29. def _get_operators(self, cr, uid, context=None):
  30. operators = []
  31. members = inspect.getmembers(
  32. users_ldap_groups_operators,
  33. lambda cls: (inspect.isclass(cls) and
  34. cls != users_ldap_groups_operators.LDAPOperator))
  35. for name, operator in members:
  36. operators.append((name, name))
  37. return tuple(operators)
  38. _columns = {
  39. 'ldap_id': fields.many2one('res.company.ldap', 'LDAP server',
  40. required=True),
  41. 'ldap_attribute': fields.char(
  42. 'LDAP attribute', size=64,
  43. help='The LDAP attribute to check.\n'
  44. 'For active directory, use memberOf.'),
  45. 'operator': fields.selection(
  46. _get_operators, 'Operator',
  47. help='The operator to check the attribute against the value\n'
  48. 'For active directory, use \'contains\'', required=True),
  49. 'value': fields.char(
  50. 'Value', size=1024,
  51. help='The value to check the attribute against.\n'
  52. 'For active directory, use the dn of the desired group',
  53. required=True),
  54. 'group': fields.many2one(
  55. 'res.groups', 'OpenERP group',
  56. help='The OpenERP group to assign', required=True),
  57. }
  58. class CompanyLDAP(orm.Model):
  59. _inherit = 'res.company.ldap'
  60. _columns = {
  61. 'group_mappings': fields.one2many(
  62. 'res.company.ldap.group_mapping',
  63. 'ldap_id', 'Group mappings',
  64. help='Define how OpenERP groups are assigned to ldap users'),
  65. 'only_ldap_groups': fields.boolean(
  66. 'Only ldap groups',
  67. help='If this is checked, manual changes to group membership are '
  68. 'undone on every login (so OpenERP groups are always '
  69. 'synchronous with LDAP groups). If not, manually added '
  70. 'groups are preserved.')
  71. }
  72. _defaults = {
  73. 'only_ldap_groups': False,
  74. }
  75. def get_or_create_user(self, cr, uid,
  76. conf,
  77. login,
  78. ldap_entry,
  79. context=None):
  80. _super = super(CompanyLDAP, self)
  81. user_id = _super.get_or_create_user(cr, uid, conf, login,
  82. ldap_entry, context)
  83. if not user_id:
  84. return user_id
  85. logger = logging.getLogger('users_ldap_groups')
  86. mappingobj = self.pool.get('res.company.ldap.group_mapping')
  87. userobj = self.pool.get('res.users')
  88. conf_all = self.read(cr, uid, conf['id'], ['only_ldap_groups'])
  89. if(conf_all['only_ldap_groups']):
  90. logger.debug('deleting all groups from user %d', user_id)
  91. userobj.write(cr, uid,
  92. [user_id],
  93. {'groups_id': [(5, )]},
  94. context=context)
  95. mapping_ids = mappingobj.search(cr, uid,
  96. [('ldap_id', '=', conf['id'])])
  97. for mapping in mappingobj.read(cr, uid, mapping_ids, []):
  98. operator = getattr(users_ldap_groups_operators,
  99. mapping['operator'])()
  100. logger.debug('checking mapping %s', mapping)
  101. if operator.check_value(ldap_entry,
  102. mapping['ldap_attribute'],
  103. mapping['value'],
  104. conf,
  105. self,
  106. logger):
  107. logger.debug('adding user %d to group %s',
  108. (user_id, mapping['group'][1]))
  109. userobj.write(cr, uid, [user_id],
  110. {'groups_id': [(4, mapping['group'][0])]},
  111. context=context)
  112. return user_id