# HG changeset patch # User Mads Kiilerich # Date 1438350247 -7200 # Node ID 39bac9410169073232e1452e2655ae84b64716b2 # Parent 40cfdd004bf60a0b8d7e8396e6ed54ce57de43e3 auth: make the auth module decide which fields are editable by admin and user diff -r 40cfdd004bf6 -r 39bac9410169 kallithea/controllers/admin/my_account.py --- a/kallithea/controllers/admin/my_account.py Fri Jul 31 15:44:07 2015 +0200 +++ b/kallithea/controllers/admin/my_account.py Fri Jul 31 15:44:07 2015 +0200 @@ -37,6 +37,7 @@ from kallithea import EXTERN_TYPE_INTERNAL from kallithea.lib import helpers as h +from kallithea.lib import auth_modules from kallithea.lib.auth import LoginRequired, NotAnonymous, AuthUser from kallithea.lib.base import BaseController, render from kallithea.lib.utils2 import generate_api_key, safe_int @@ -100,6 +101,8 @@ self.__load_data() c.perm_user = AuthUser(user_id=self.authuser.user_id) c.ip_addr = self.ip_addr + managed_fields = auth_modules.get_managed_fields(c.user) + c.readonly = lambda n: 'readonly' if n in managed_fields else None defaults = c.user.get_dict() update = False @@ -115,12 +118,8 @@ form_result = _form.to_python(post_data) # skip updating those attrs for my account skip_attrs = ['admin', 'active', 'extern_type', 'extern_name', - 'new_password', 'password_confirmation'] - #TODO: plugin should define if username can be updated - if c.user.extern_type != EXTERN_TYPE_INTERNAL: - # forbid updating username for external accounts - # TODO: also skip username (and email etc) if self registration not enabled - skip_attrs.append('username') + 'new_password', 'password_confirmation', + ] + managed_fields UserModel().update(self.authuser.user_id, form_result, skip_attrs=skip_attrs) diff -r 40cfdd004bf6 -r 39bac9410169 kallithea/controllers/admin/users.py --- a/kallithea/controllers/admin/users.py Fri Jul 31 15:44:07 2015 +0200 +++ b/kallithea/controllers/admin/users.py Fri Jul 31 15:44:07 2015 +0200 @@ -42,7 +42,6 @@ from kallithea.lib import helpers as h from kallithea.lib.auth import LoginRequired, HasPermissionAllDecorator, \ AuthUser -import kallithea.lib.auth_modules.auth_internal from kallithea.lib import auth_modules from kallithea.lib.base import BaseController, render from kallithea.model.api_key import ApiKeyModel @@ -175,11 +174,8 @@ form_result = {} try: form_result = _form.to_python(dict(request.POST)) - skip_attrs = ['extern_type', 'extern_name'] - #TODO: plugin should define if username can be updated - if c.user.extern_type != kallithea.EXTERN_TYPE_INTERNAL: - # forbid updating username for external accounts - skip_attrs.append('username') + skip_attrs = ['extern_type', 'extern_name', + ] + auth_modules.get_managed_fields(c.user) user_model.update(id, form_result, skip_attrs=skip_attrs) usr = form_result['username'] @@ -249,6 +245,8 @@ c.active = 'profile' c.perm_user = AuthUser(user_id=id) c.ip_addr = self.ip_addr + managed_fields = auth_modules.get_managed_fields(c.user) + c.readonly = lambda n: 'readonly' if n in managed_fields else None defaults = c.user.get_dict() return htmlfill.render( diff -r 40cfdd004bf6 -r 39bac9410169 kallithea/lib/auth_modules/__init__.py --- a/kallithea/lib/auth_modules/__init__.py Fri Jul 31 15:44:07 2015 +0200 +++ b/kallithea/lib/auth_modules/__init__.py Fri Jul 31 15:44:07 2015 +0200 @@ -416,3 +416,16 @@ log.warning("User `%s` failed to authenticate against %s" % (username, plugin.__module__)) return None + +def get_managed_fields(user): + """return list of fields that are managed by the user's auth source, usually some of + 'username', 'firstname', 'lastname', 'email', 'active', 'password' + """ + auth_plugins = Setting.get_auth_plugins() + for module in auth_plugins: + log.debug('testing %s (%s) with auth plugin %s', user, user.extern_type, module) + plugin = loadplugin(module) + if plugin.name == user.extern_type: + return plugin.get_managed_fields() + log.error('no auth plugin %s found for %s', user.extern_type, user) + return [] # TODO: Fail badly instead of allowing everything to be edited? diff -r 40cfdd004bf6 -r 39bac9410169 kallithea/lib/auth_modules/auth_container.py --- a/kallithea/lib/auth_modules/auth_container.py Fri Jul 31 15:44:07 2015 +0200 +++ b/kallithea/lib/auth_modules/auth_container.py Fri Jul 31 15:44:07 2015 +0200 @@ -190,3 +190,6 @@ log.info('user `%s` authenticated correctly' % user_data['username']) return user_data + + def get_managed_fields(self): + return ['username', 'password'] diff -r 40cfdd004bf6 -r 39bac9410169 kallithea/lib/auth_modules/auth_crowd.py --- a/kallithea/lib/auth_modules/auth_crowd.py Fri Jul 31 15:44:07 2015 +0200 +++ b/kallithea/lib/auth_modules/auth_crowd.py Fri Jul 31 15:44:07 2015 +0200 @@ -229,7 +229,7 @@ 'email': crowd_user["email"] or email, 'admin': admin, 'active': active, - 'active_from_extern': crowd_user.get('active'), + 'active_from_extern': crowd_user.get('active'), # ??? 'extern_name': crowd_user["name"], } @@ -240,3 +240,6 @@ log.debug("Final crowd user object: \n%s" % (formatted_json(user_data))) log.info('user %s authenticated correctly' % user_data['username']) return user_data + + def get_managed_fields(self): + return ['username', 'firstname', 'lastname', 'email', 'password'] diff -r 40cfdd004bf6 -r 39bac9410169 kallithea/lib/auth_modules/auth_internal.py --- a/kallithea/lib/auth_modules/auth_internal.py Fri Jul 31 15:44:07 2015 +0200 +++ b/kallithea/lib/auth_modules/auth_internal.py Fri Jul 31 15:44:07 2015 +0200 @@ -97,3 +97,7 @@ else: log.warning('user %s tried auth but is disabled' % username) return None + + def get_managed_fields(self): + # Note: 'username' should only be editable (at least for user) if self registration is enabled + return [] diff -r 40cfdd004bf6 -r 39bac9410169 kallithea/lib/auth_modules/auth_ldap.py --- a/kallithea/lib/auth_modules/auth_ldap.py Fri Jul 31 15:44:07 2015 +0200 +++ b/kallithea/lib/auth_modules/auth_ldap.py Fri Jul 31 15:44:07 2015 +0200 @@ -359,3 +359,6 @@ except (Exception,): log.error(traceback.format_exc()) return None + + def get_managed_fields(self): + return ['username', 'firstname', 'lastname', 'email', 'password'] diff -r 40cfdd004bf6 -r 39bac9410169 kallithea/lib/auth_modules/auth_pam.py --- a/kallithea/lib/auth_modules/auth_pam.py Fri Jul 31 15:44:07 2015 +0200 +++ b/kallithea/lib/auth_modules/auth_pam.py Fri Jul 31 15:44:07 2015 +0200 @@ -136,3 +136,6 @@ log.debug("pamuser: \n%s" % formatted_json(user_data)) log.info('user %s authenticated correctly' % user_data['username']) return user_data + + def get_managed_fields(self): + return ['username', 'password'] diff -r 40cfdd004bf6 -r 39bac9410169 kallithea/templates/admin/my_account/my_account_profile.html --- a/kallithea/templates/admin/my_account/my_account_profile.html Fri Jul 31 15:44:07 2015 +0200 +++ b/kallithea/templates/admin/my_account/my_account_profile.html Fri Jul 31 15:44:07 2015 +0200 @@ -19,10 +19,8 @@ - <% readonly = None %>
%if c.user.extern_type != c.EXTERN_TYPE_INTERNAL: - <% readonly = "readonly" %> ${_('Your user is in an external Source of Record; some details cannot be managed here')}. %endif
@@ -30,7 +28,7 @@
- ${h.text('username',class_='medium', readonly=readonly)} + ${h.text('username',class_='medium', readonly=c.readonly('username'))}
@@ -39,7 +37,7 @@
- ${h.text('firstname',class_="medium")} + ${h.text('firstname',class_="medium", readonly=c.readonly('firstname'))}
@@ -48,7 +46,7 @@
- ${h.text('lastname',class_="medium")} + ${h.text('lastname',class_="medium", readonly=c.readonly('lastname'))}
@@ -57,8 +55,7 @@
- ## we should be able to edit email ! - ${h.text('email',class_="medium")} + ${h.text('email',class_="medium", readonly=c.readonly('email'))}
diff -r 40cfdd004bf6 -r 39bac9410169 kallithea/templates/admin/users/user_edit_profile.html --- a/kallithea/templates/admin/users/user_edit_profile.html Fri Jul 31 15:44:07 2015 +0200 +++ b/kallithea/templates/admin/users/user_edit_profile.html Fri Jul 31 15:44:07 2015 +0200 @@ -17,11 +17,9 @@ %endif - <% readonly = None %>
%if c.user.extern_type != c.EXTERN_TYPE_INTERNAL:
- <% readonly = "readonly" %> ${_('This user is in an external Source of Record (%s); some details cannot be managed here.' % c.user.extern_type)}.
%endif @@ -31,7 +29,7 @@
- ${h.text('username',class_='medium', readonly=readonly)} + ${h.text('username',class_='medium', readonly=c.readonly('username'))}
@@ -40,7 +38,7 @@
- ${h.text('email',class_='medium')} + ${h.text('email',class_='medium', readonly=c.readonly('email'))}
@@ -67,7 +65,7 @@
- ${h.password('new_password',class_='medium',readonly=readonly)} + ${h.password('new_password',class_='medium',readonly=c.readonly('password'))}
@@ -76,7 +74,7 @@
- ${h.password('password_confirmation',class_="medium",readonly=readonly)} + ${h.password('password_confirmation',class_="medium",readonly=c.readonly('password'))}
@@ -85,7 +83,7 @@
- ${h.text('firstname',class_='medium')} + ${h.text('firstname',class_='medium', readonly=c.readonly('firstname'))}
@@ -94,7 +92,7 @@
- ${h.text('lastname',class_='medium')} + ${h.text('lastname',class_='medium', readonly=c.readonly('lastname'))}
@@ -103,7 +101,7 @@
- ${h.checkbox('active',value=True)} + ${h.checkbox('active',value=True, readonly=c.readonly('active'))}
@@ -112,7 +110,7 @@
- ${h.checkbox('admin',value=True)} + ${h.checkbox('admin',value=True, readonly=c.readonly('admin'))}