OCA
/
server-tools
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Browse Source

porting to v8

pull/207/head
Giacomo Spettoli 9 years ago
parent
9a7cb96127
commit
c0b2e6454f
4 changed files with 59 additions and 51 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      users_ldap_groups/__init__.py
  2. 10
      users_ldap_groups/__openerp__.py
  3. 80
      users_ldap_groups/users_ldap_groups.py
  4. 18
      users_ldap_groups/users_ldap_groups_operators.py

2
users_ldap_groups/__init__.py
View File

@ -19,4 +19,4 @@
# #
############################################################################## ##############################################################################
import users_ldap_groups
import users_ldap_groups # noqa

10
users_ldap_groups/__openerp__.py
View File

@ -30,13 +30,13 @@ Adds user accounts to groups based on rules defined by the administrator.
Usage: Usage:
Define mappings in Settings->Companies->[your company]->tab configuration->[your
ldap server].
Define mappings in Settings->Companies->[your company]->tab configuration->[
your ldap server].
Decide whether you want only groups mapped from ldap (Only ldap groups=y) or a Decide whether you want only groups mapped from ldap (Only ldap groups=y) or a
mix of manually set groups and ldap groups (Only ldap groups=n). Setting this to
'no' will result in users never losing privileges when you remove them from a
ldap group, so that's a potential security issue. It is still the default to
mix of manually set groups and ldap groups (Only ldap groups=n). Setting this
to 'no' will result in users never losing privileges when you remove them from
a ldap group, so that's a potential security issue. It is still the default to
prevent losing group information by accident. prevent losing group information by accident.
For active directory, use LDAP attribute 'memberOf' and operator 'contains'. For active directory, use LDAP attribute 'memberOf' and operator 'contains'.

80
users_ldap_groups/users_ldap_groups.py
View File

@ -19,18 +19,20 @@
# #
############################################################################## ##############################################################################
from openerp.osv import fields, orm
from openerp import models
from openerp import fields
from openerp import api
import logging import logging
import users_ldap_groups_operators import users_ldap_groups_operators
import inspect import inspect
class CompanyLDAPGroupMapping(orm.Model):
class CompanyLDAPGroupMapping(models.Model):
_name = 'res.company.ldap.group_mapping' _name = 'res.company.ldap.group_mapping'
_rec_name = 'ldap_attribute' _rec_name = 'ldap_attribute'
_order = 'ldap_attribute' _order = 'ldap_attribute'
def _get_operators(self, cr, uid, context=None):
def _get_operators(self):
operators = [] operators = []
members = inspect.getmembers( members = inspect.getmembers(
users_ldap_groups_operators, users_ldap_groups_operators,
@ -41,49 +43,47 @@ class CompanyLDAPGroupMapping(orm.Model):
operators.append((name, name)) operators.append((name, name))
return tuple(operators) return tuple(operators)
_columns = {
'ldap_id': fields.many2one('res.company.ldap', 'LDAP server', required=True),
'ldap_attribute': fields.char(
'LDAP attribute', size=64,
help='The LDAP attribute to check.\n'
'For active directory, use memberOf.'),
'operator': fields.selection(
_get_operators, 'Operator',
help='The operator to check the attribute against the value\n'
'For active directory, use \'contains\'', required=True),
'value': fields.char(
'Value', size=1024,
help='The value to check the attribute against.\n'
'For active directory, use the dn of the desired group',
required=True),
'group': fields.many2one(
'res.groups', 'OpenERP group',
help='The OpenERP group to assign', required=True),
}
ldap_id = fields.Many2one('res.company.ldap', 'LDAP server', required=True)
ldap_attribute = fields.Char(
'LDAP attribute', size=64,
help='The LDAP attribute to check.\n'
'For active directory, use memberOf.')
operator = fields.Selection(
_get_operators, 'Operator',
help='The operator to check the attribute against the value\n'
'For active directory, use \'contains\'', required=True)
value = fields.Char(
'Value', size=1024,
help='The value to check the attribute against.\n'
'For active directory, use the dn of the desired group',
required=True)
group = fields.Many2one(
'res.groups', 'OpenERP group',
help='The OpenERP group to assign', required=True)
class CompanyLDAP(orm.Model):
class CompanyLDAP(models.Model):
_inherit = 'res.company.ldap' _inherit = 'res.company.ldap'
_columns = {
'group_mappings': fields.one2many(
'res.company.ldap.group_mapping',
'ldap_id', 'Group mappings',
help='Define how OpenERP groups are assigned to ldap users'),
'only_ldap_groups': fields.boolean(
'Only ldap groups',
help='If this is checked, manual changes to group membership are '
'undone on every login (so OpenERP groups are always synchronous '
'with LDAP groups). If not, manually added groups are preserved.')
}
group_mappings = fields.One2many(
'res.company.ldap.group_mapping',
'ldap_id', 'Group mappings',
help='Define how OpenERP groups are assigned to ldap users')
only_ldap_groups = fields.Boolean(
'Only ldap groups',
help='If this is checked, manual changes to group membership are '
'undone on every login (so OpenERP groups are always synchronous '
'with LDAP groups). If not, manually added groups are preserved.')
_default = { _default = {
'only_ldap_groups': False, 'only_ldap_groups': False,
} }
def get_or_create_user(self, cr, uid, conf, login, ldap_entry, context=None):
user_id = super(CompanyLDAP, self).get_or_create_user(cr, uid, conf, login,
ldap_entry, context)
@api.multi
def get_or_create_user(self, cr, uid, conf, login, ldap_entry,
context=None):
user_id = super(CompanyLDAP, self).get_or_create_user(
cr, uid, conf, login, ldap_entry, context)
if not user_id: if not user_id:
return user_id return user_id
logger = logging.getLogger('users_ldap_groups') logger = logging.getLogger('users_ldap_groups')
@ -92,11 +92,13 @@ class CompanyLDAP(orm.Model):
conf_all = self.read(cr, uid, conf['id'], ['only_ldap_groups']) conf_all = self.read(cr, uid, conf['id'], ['only_ldap_groups'])
if(conf_all['only_ldap_groups']): if(conf_all['only_ldap_groups']):
logger.debug('deleting all groups from user %d' % user_id) logger.debug('deleting all groups from user %d' % user_id)
userobj.write(cr, uid, [user_id], {'groups_id': [(5, )]}, context=context)
userobj.write(
cr, uid, [user_id], {'groups_id': [(5, )]}, context=context)
for mapping in mappingobj.read(cr, uid, mappingobj.search( for mapping in mappingobj.read(cr, uid, mappingobj.search(
cr, uid, [('ldap_id', '=', conf['id'])]), []): cr, uid, [('ldap_id', '=', conf['id'])]), []):
operator = getattr(users_ldap_groups_operators, mapping['operator'])()
operator = getattr(users_ldap_groups_operators,
mapping['operator'])()
logger.debug('checking mapping %s' % mapping) logger.debug('checking mapping %s' % mapping)
if operator.check_value(ldap_entry, mapping['ldap_attribute'], if operator.check_value(ldap_entry, mapping['ldap_attribute'],
mapping['value'], conf, self, logger): mapping['value'], conf, self, logger):

18
users_ldap_groups/users_ldap_groups_operators.py
View File

@ -26,22 +26,28 @@ class LDAPOperator:
class contains(LDAPOperator): class contains(LDAPOperator):
def check_value(self, ldap_entry, attribute, value, ldap_config, company, logger):
return (attribute in ldap_entry[1]) and (value in ldap_entry[1][attribute])
def check_value(self, ldap_entry, attribute, value, ldap_config, company,
logger):
return (attribute in ldap_entry[1]) and \
(value in ldap_entry[1][attribute])
class equals(LDAPOperator): class equals(LDAPOperator):
def check_value(self, ldap_entry, attribute, value, ldap_config, company, logger):
return attribute in ldap_entry[1] and unicode(value) == unicode(ldap_entry[1][attribute])
def check_value(self, ldap_entry, attribute, value, ldap_config, company,
logger):
return attribute in ldap_entry[1] and \
unicode(value) == unicode(ldap_entry[1][attribute])
class query(LDAPOperator): class query(LDAPOperator):
def check_value(self, ldap_entry, attribute, value, ldap_config, company, logger):
def check_value(self, ldap_entry, attribute, value, ldap_config, company,
logger):
query_string = Template(value).safe_substitute(dict( query_string = Template(value).safe_substitute(dict(
[(attr, ldap_entry[1][attribute][0]) for attr in ldap_entry[1]] [(attr, ldap_entry[1][attribute][0]) for attr in ldap_entry[1]]
) )
) )
logger.debug('evaluating query group mapping, filter: %s' % query_string)
logger.debug('evaluating query group mapping, filter: %s' %
query_string)
results = company.query(ldap_config, query_string) results = company.query(ldap_config, query_string)
logger.debug(results) logger.debug(results)
return bool(results) return bool(results)
Write Preview
Loading…
Cancel
Save