Browse Source

porting to v8

pull/207/head^2
Giacomo Spettoli 10 years ago
parent
commit
b1b6d965a2
  1. 2
      users_ldap_groups/__init__.py
  2. 10
      users_ldap_groups/__openerp__.py
  3. 80
      users_ldap_groups/users_ldap_groups.py
  4. 18
      users_ldap_groups/users_ldap_groups_operators.py

2
users_ldap_groups/__init__.py

@ -19,4 +19,4 @@
# #
############################################################################## ##############################################################################
import users_ldap_groups
import users_ldap_groups # noqa

10
users_ldap_groups/__openerp__.py

@ -30,13 +30,13 @@ Adds user accounts to groups based on rules defined by the administrator.
Usage: Usage:
Define mappings in Settings->Companies->[your company]->tab configuration->[your
ldap server].
Define mappings in Settings->Companies->[your company]->tab configuration->[
your ldap server].
Decide whether you want only groups mapped from ldap (Only ldap groups=y) or a Decide whether you want only groups mapped from ldap (Only ldap groups=y) or a
mix of manually set groups and ldap groups (Only ldap groups=n). Setting this to
'no' will result in users never losing privileges when you remove them from a
ldap group, so that's a potential security issue. It is still the default to
mix of manually set groups and ldap groups (Only ldap groups=n). Setting this
to 'no' will result in users never losing privileges when you remove them from
a ldap group, so that's a potential security issue. It is still the default to
prevent losing group information by accident. prevent losing group information by accident.
For active directory, use LDAP attribute 'memberOf' and operator 'contains'. For active directory, use LDAP attribute 'memberOf' and operator 'contains'.

80
users_ldap_groups/users_ldap_groups.py

@ -19,18 +19,20 @@
# #
############################################################################## ##############################################################################
from openerp.osv import fields, orm
from openerp import models
from openerp import fields
from openerp import api
import logging import logging
import users_ldap_groups_operators import users_ldap_groups_operators
import inspect import inspect
class CompanyLDAPGroupMapping(orm.Model):
class CompanyLDAPGroupMapping(models.Model):
_name = 'res.company.ldap.group_mapping' _name = 'res.company.ldap.group_mapping'
_rec_name = 'ldap_attribute' _rec_name = 'ldap_attribute'
_order = 'ldap_attribute' _order = 'ldap_attribute'
def _get_operators(self, cr, uid, context=None):
def _get_operators(self):
operators = [] operators = []
members = inspect.getmembers( members = inspect.getmembers(
users_ldap_groups_operators, users_ldap_groups_operators,
@ -41,49 +43,47 @@ class CompanyLDAPGroupMapping(orm.Model):
operators.append((name, name)) operators.append((name, name))
return tuple(operators) return tuple(operators)
_columns = {
'ldap_id': fields.many2one('res.company.ldap', 'LDAP server', required=True),
'ldap_attribute': fields.char(
'LDAP attribute', size=64,
help='The LDAP attribute to check.\n'
'For active directory, use memberOf.'),
'operator': fields.selection(
_get_operators, 'Operator',
help='The operator to check the attribute against the value\n'
'For active directory, use \'contains\'', required=True),
'value': fields.char(
'Value', size=1024,
help='The value to check the attribute against.\n'
'For active directory, use the dn of the desired group',
required=True),
'group': fields.many2one(
'res.groups', 'OpenERP group',
help='The OpenERP group to assign', required=True),
}
ldap_id = fields.Many2one('res.company.ldap', 'LDAP server', required=True)
ldap_attribute = fields.Char(
'LDAP attribute', size=64,
help='The LDAP attribute to check.\n'
'For active directory, use memberOf.')
operator = fields.Selection(
_get_operators, 'Operator',
help='The operator to check the attribute against the value\n'
'For active directory, use \'contains\'', required=True)
value = fields.Char(
'Value', size=1024,
help='The value to check the attribute against.\n'
'For active directory, use the dn of the desired group',
required=True)
group = fields.Many2one(
'res.groups', 'OpenERP group',
help='The OpenERP group to assign', required=True)
class CompanyLDAP(orm.Model):
class CompanyLDAP(models.Model):
_inherit = 'res.company.ldap' _inherit = 'res.company.ldap'
_columns = {
'group_mappings': fields.one2many(
'res.company.ldap.group_mapping',
'ldap_id', 'Group mappings',
help='Define how OpenERP groups are assigned to ldap users'),
'only_ldap_groups': fields.boolean(
'Only ldap groups',
help='If this is checked, manual changes to group membership are '
'undone on every login (so OpenERP groups are always synchronous '
'with LDAP groups). If not, manually added groups are preserved.')
}
group_mappings = fields.One2many(
'res.company.ldap.group_mapping',
'ldap_id', 'Group mappings',
help='Define how OpenERP groups are assigned to ldap users')
only_ldap_groups = fields.Boolean(
'Only ldap groups',
help='If this is checked, manual changes to group membership are '
'undone on every login (so OpenERP groups are always synchronous '
'with LDAP groups). If not, manually added groups are preserved.')
_default = { _default = {
'only_ldap_groups': False, 'only_ldap_groups': False,
} }
def get_or_create_user(self, cr, uid, conf, login, ldap_entry, context=None):
user_id = super(CompanyLDAP, self).get_or_create_user(cr, uid, conf, login,
ldap_entry, context)
@api.multi
def get_or_create_user(self, cr, uid, conf, login, ldap_entry,
context=None):
user_id = super(CompanyLDAP, self).get_or_create_user(
cr, uid, conf, login, ldap_entry, context)
if not user_id: if not user_id:
return user_id return user_id
logger = logging.getLogger('users_ldap_groups') logger = logging.getLogger('users_ldap_groups')
@ -92,11 +92,13 @@ class CompanyLDAP(orm.Model):
conf_all = self.read(cr, uid, conf['id'], ['only_ldap_groups']) conf_all = self.read(cr, uid, conf['id'], ['only_ldap_groups'])
if(conf_all['only_ldap_groups']): if(conf_all['only_ldap_groups']):
logger.debug('deleting all groups from user %d' % user_id) logger.debug('deleting all groups from user %d' % user_id)
userobj.write(cr, uid, [user_id], {'groups_id': [(5, )]}, context=context)
userobj.write(
cr, uid, [user_id], {'groups_id': [(5, )]}, context=context)
for mapping in mappingobj.read(cr, uid, mappingobj.search( for mapping in mappingobj.read(cr, uid, mappingobj.search(
cr, uid, [('ldap_id', '=', conf['id'])]), []): cr, uid, [('ldap_id', '=', conf['id'])]), []):
operator = getattr(users_ldap_groups_operators, mapping['operator'])()
operator = getattr(users_ldap_groups_operators,
mapping['operator'])()
logger.debug('checking mapping %s' % mapping) logger.debug('checking mapping %s' % mapping)
if operator.check_value(ldap_entry, mapping['ldap_attribute'], if operator.check_value(ldap_entry, mapping['ldap_attribute'],
mapping['value'], conf, self, logger): mapping['value'], conf, self, logger):

18
users_ldap_groups/users_ldap_groups_operators.py

@ -26,22 +26,28 @@ class LDAPOperator:
class contains(LDAPOperator): class contains(LDAPOperator):
def check_value(self, ldap_entry, attribute, value, ldap_config, company, logger):
return (attribute in ldap_entry[1]) and (value in ldap_entry[1][attribute])
def check_value(self, ldap_entry, attribute, value, ldap_config, company,
logger):
return (attribute in ldap_entry[1]) and \
(value in ldap_entry[1][attribute])
class equals(LDAPOperator): class equals(LDAPOperator):
def check_value(self, ldap_entry, attribute, value, ldap_config, company, logger):
return attribute in ldap_entry[1] and unicode(value) == unicode(ldap_entry[1][attribute])
def check_value(self, ldap_entry, attribute, value, ldap_config, company,
logger):
return attribute in ldap_entry[1] and \
unicode(value) == unicode(ldap_entry[1][attribute])
class query(LDAPOperator): class query(LDAPOperator):
def check_value(self, ldap_entry, attribute, value, ldap_config, company, logger):
def check_value(self, ldap_entry, attribute, value, ldap_config, company,
logger):
query_string = Template(value).safe_substitute(dict( query_string = Template(value).safe_substitute(dict(
[(attr, ldap_entry[1][attribute][0]) for attr in ldap_entry[1]] [(attr, ldap_entry[1][attribute][0]) for attr in ldap_entry[1]]
) )
) )
logger.debug('evaluating query group mapping, filter: %s' % query_string)
logger.debug('evaluating query group mapping, filter: %s' %
query_string)
results = company.query(ldap_config, query_string) results = company.query(ldap_config, query_string)
logger.debug(results) logger.debug(results)
return bool(results) return bool(results)
Loading…
Cancel
Save