You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
124 lines
5.0 KiB
124 lines
5.0 KiB
# -*- coding: utf-8 -*-
|
|
##############################################################################
|
|
#
|
|
# OpenERP, Open Source Management Solution
|
|
# This module copyright (C) 2012 Therp BV (<http://therp.nl>).
|
|
#
|
|
# This program is free software: you can redistribute it and/or modify
|
|
# it under the terms of the GNU Affero General Public License as
|
|
# published by the Free Software Foundation, either version 3 of the
|
|
# License, or (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU Affero General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU Affero General Public License
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
#
|
|
##############################################################################
|
|
|
|
import logging
|
|
import inspect
|
|
|
|
from openerp.osv import fields, orm
|
|
|
|
from . import users_ldap_groups_operators
|
|
|
|
|
|
class CompanyLDAPGroupMapping(orm.Model):
|
|
_name = 'res.company.ldap.group_mapping'
|
|
_rec_name = 'ldap_attribute'
|
|
_order = 'ldap_attribute'
|
|
|
|
def _get_operators(self, cr, uid, context=None):
|
|
operators = []
|
|
members = inspect.getmembers(
|
|
users_ldap_groups_operators,
|
|
lambda cls: inspect.isclass(cls)
|
|
and cls != users_ldap_groups_operators.LDAPOperator)
|
|
for name, operator in members:
|
|
operators.append((name, name))
|
|
return tuple(operators)
|
|
|
|
_columns = {
|
|
'ldap_id': fields.many2one('res.company.ldap', 'LDAP server',
|
|
required=True),
|
|
'ldap_attribute': fields.char(
|
|
'LDAP attribute', size=64,
|
|
help='The LDAP attribute to check.\n'
|
|
'For active directory, use memberOf.'),
|
|
'operator': fields.selection(
|
|
_get_operators, 'Operator',
|
|
help='The operator to check the attribute against the value\n'
|
|
'For active directory, use \'contains\'', required=True),
|
|
'value': fields.char(
|
|
'Value', size=1024,
|
|
help='The value to check the attribute against.\n'
|
|
'For active directory, use the dn of the desired group',
|
|
required=True),
|
|
'group': fields.many2one(
|
|
'res.groups', 'OpenERP group',
|
|
help='The OpenERP group to assign', required=True),
|
|
}
|
|
|
|
|
|
class CompanyLDAP(orm.Model):
|
|
_inherit = 'res.company.ldap'
|
|
|
|
_columns = {
|
|
'group_mappings': fields.one2many(
|
|
'res.company.ldap.group_mapping',
|
|
'ldap_id', 'Group mappings',
|
|
help='Define how OpenERP groups are assigned to ldap users'),
|
|
'only_ldap_groups': fields.boolean(
|
|
'Only ldap groups',
|
|
help='If this is checked, manual changes to group membership are '
|
|
'undone on every login (so OpenERP groups are always '
|
|
'synchronous with LDAP groups). If not, manually added '
|
|
'groups are preserved.')
|
|
}
|
|
|
|
_default = {
|
|
'only_ldap_groups': False,
|
|
}
|
|
|
|
def get_or_create_user(self, cr, uid,
|
|
conf,
|
|
login,
|
|
ldap_entry,
|
|
context=None):
|
|
_super = super(CompanyLDAP, self)
|
|
user_id = _super.get_or_create_user(cr, uid, conf, login,
|
|
ldap_entry, context)
|
|
if not user_id:
|
|
return user_id
|
|
logger = logging.getLogger('users_ldap_groups')
|
|
mappingobj = self.pool.get('res.company.ldap.group_mapping')
|
|
userobj = self.pool.get('res.users')
|
|
conf_all = self.read(cr, uid, conf['id'], ['only_ldap_groups'])
|
|
if(conf_all['only_ldap_groups']):
|
|
logger.debug('deleting all groups from user %d', user_id)
|
|
userobj.write(cr, uid,
|
|
[user_id],
|
|
{'groups_id': [(5, )]},
|
|
context=context)
|
|
mapping_ids = mappingobj.search(cr, uid,
|
|
[('ldap_id', '=', conf['id'])])
|
|
for mapping in mappingobj.read(cr, uid, mapping_ids, []):
|
|
operator = getattr(users_ldap_groups_operators,
|
|
mapping['operator'])()
|
|
logger.debug('checking mapping %s', mapping)
|
|
if operator.check_value(ldap_entry,
|
|
mapping['ldap_attribute'],
|
|
mapping['value'],
|
|
conf,
|
|
self,
|
|
logger):
|
|
logger.debug('adding user %d to group %s',
|
|
(user_id, mapping['group'][1]))
|
|
userobj.write(cr, uid, [user_id],
|
|
{'groups_id': [(4, mapping['group'][0])]},
|
|
context=context)
|
|
return user_id
|