Browse Source

porting to v8

pull/207/head
Giacomo Spettoli 10 years ago
parent
commit
c0b2e6454f
  1. 2
      users_ldap_groups/__init__.py
  2. 10
      users_ldap_groups/__openerp__.py
  3. 80
      users_ldap_groups/users_ldap_groups.py
  4. 18
      users_ldap_groups/users_ldap_groups_operators.py

2
users_ldap_groups/__init__.py

@ -19,4 +19,4 @@
#
##############################################################################
import users_ldap_groups
import users_ldap_groups # noqa

10
users_ldap_groups/__openerp__.py

@ -30,13 +30,13 @@ Adds user accounts to groups based on rules defined by the administrator.
Usage:
Define mappings in Settings->Companies->[your company]->tab configuration->[your
ldap server].
Define mappings in Settings->Companies->[your company]->tab configuration->[
your ldap server].
Decide whether you want only groups mapped from ldap (Only ldap groups=y) or a
mix of manually set groups and ldap groups (Only ldap groups=n). Setting this to
'no' will result in users never losing privileges when you remove them from a
ldap group, so that's a potential security issue. It is still the default to
mix of manually set groups and ldap groups (Only ldap groups=n). Setting this
to 'no' will result in users never losing privileges when you remove them from
a ldap group, so that's a potential security issue. It is still the default to
prevent losing group information by accident.
For active directory, use LDAP attribute 'memberOf' and operator 'contains'.

80
users_ldap_groups/users_ldap_groups.py

@ -19,18 +19,20 @@
#
##############################################################################
from openerp.osv import fields, orm
from openerp import models
from openerp import fields
from openerp import api
import logging
import users_ldap_groups_operators
import inspect
class CompanyLDAPGroupMapping(orm.Model):
class CompanyLDAPGroupMapping(models.Model):
_name = 'res.company.ldap.group_mapping'
_rec_name = 'ldap_attribute'
_order = 'ldap_attribute'
def _get_operators(self, cr, uid, context=None):
def _get_operators(self):
operators = []
members = inspect.getmembers(
users_ldap_groups_operators,
@ -41,49 +43,47 @@ class CompanyLDAPGroupMapping(orm.Model):
operators.append((name, name))
return tuple(operators)
_columns = {
'ldap_id': fields.many2one('res.company.ldap', 'LDAP server', required=True),
'ldap_attribute': fields.char(
'LDAP attribute', size=64,
help='The LDAP attribute to check.\n'
'For active directory, use memberOf.'),
'operator': fields.selection(
_get_operators, 'Operator',
help='The operator to check the attribute against the value\n'
'For active directory, use \'contains\'', required=True),
'value': fields.char(
'Value', size=1024,
help='The value to check the attribute against.\n'
'For active directory, use the dn of the desired group',
required=True),
'group': fields.many2one(
'res.groups', 'OpenERP group',
help='The OpenERP group to assign', required=True),
}
ldap_id = fields.Many2one('res.company.ldap', 'LDAP server', required=True)
ldap_attribute = fields.Char(
'LDAP attribute', size=64,
help='The LDAP attribute to check.\n'
'For active directory, use memberOf.')
operator = fields.Selection(
_get_operators, 'Operator',
help='The operator to check the attribute against the value\n'
'For active directory, use \'contains\'', required=True)
value = fields.Char(
'Value', size=1024,
help='The value to check the attribute against.\n'
'For active directory, use the dn of the desired group',
required=True)
group = fields.Many2one(
'res.groups', 'OpenERP group',
help='The OpenERP group to assign', required=True)
class CompanyLDAP(orm.Model):
class CompanyLDAP(models.Model):
_inherit = 'res.company.ldap'
_columns = {
'group_mappings': fields.one2many(
'res.company.ldap.group_mapping',
'ldap_id', 'Group mappings',
help='Define how OpenERP groups are assigned to ldap users'),
'only_ldap_groups': fields.boolean(
'Only ldap groups',
help='If this is checked, manual changes to group membership are '
'undone on every login (so OpenERP groups are always synchronous '
'with LDAP groups). If not, manually added groups are preserved.')
}
group_mappings = fields.One2many(
'res.company.ldap.group_mapping',
'ldap_id', 'Group mappings',
help='Define how OpenERP groups are assigned to ldap users')
only_ldap_groups = fields.Boolean(
'Only ldap groups',
help='If this is checked, manual changes to group membership are '
'undone on every login (so OpenERP groups are always synchronous '
'with LDAP groups). If not, manually added groups are preserved.')
_default = {
'only_ldap_groups': False,
}
def get_or_create_user(self, cr, uid, conf, login, ldap_entry, context=None):
user_id = super(CompanyLDAP, self).get_or_create_user(cr, uid, conf, login,
ldap_entry, context)
@api.multi
def get_or_create_user(self, cr, uid, conf, login, ldap_entry,
context=None):
user_id = super(CompanyLDAP, self).get_or_create_user(
cr, uid, conf, login, ldap_entry, context)
if not user_id:
return user_id
logger = logging.getLogger('users_ldap_groups')
@ -92,11 +92,13 @@ class CompanyLDAP(orm.Model):
conf_all = self.read(cr, uid, conf['id'], ['only_ldap_groups'])
if(conf_all['only_ldap_groups']):
logger.debug('deleting all groups from user %d' % user_id)
userobj.write(cr, uid, [user_id], {'groups_id': [(5, )]}, context=context)
userobj.write(
cr, uid, [user_id], {'groups_id': [(5, )]}, context=context)
for mapping in mappingobj.read(cr, uid, mappingobj.search(
cr, uid, [('ldap_id', '=', conf['id'])]), []):
operator = getattr(users_ldap_groups_operators, mapping['operator'])()
operator = getattr(users_ldap_groups_operators,
mapping['operator'])()
logger.debug('checking mapping %s' % mapping)
if operator.check_value(ldap_entry, mapping['ldap_attribute'],
mapping['value'], conf, self, logger):

18
users_ldap_groups/users_ldap_groups_operators.py

@ -26,22 +26,28 @@ class LDAPOperator:
class contains(LDAPOperator):
def check_value(self, ldap_entry, attribute, value, ldap_config, company, logger):
return (attribute in ldap_entry[1]) and (value in ldap_entry[1][attribute])
def check_value(self, ldap_entry, attribute, value, ldap_config, company,
logger):
return (attribute in ldap_entry[1]) and \
(value in ldap_entry[1][attribute])
class equals(LDAPOperator):
def check_value(self, ldap_entry, attribute, value, ldap_config, company, logger):
return attribute in ldap_entry[1] and unicode(value) == unicode(ldap_entry[1][attribute])
def check_value(self, ldap_entry, attribute, value, ldap_config, company,
logger):
return attribute in ldap_entry[1] and \
unicode(value) == unicode(ldap_entry[1][attribute])
class query(LDAPOperator):
def check_value(self, ldap_entry, attribute, value, ldap_config, company, logger):
def check_value(self, ldap_entry, attribute, value, ldap_config, company,
logger):
query_string = Template(value).safe_substitute(dict(
[(attr, ldap_entry[1][attribute][0]) for attr in ldap_entry[1]]
)
)
logger.debug('evaluating query group mapping, filter: %s' % query_string)
logger.debug('evaluating query group mapping, filter: %s' %
query_string)
results = company.query(ldap_config, query_string)
logger.debug(results)
return bool(results)
Loading…
Cancel
Save