Infrastructure/fedora-infrastructure
1
0
Fork 0
Code Issues 70 Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'master' of ssh://git.fedorahosted.org/git/fedora-infrastructure

Browse source
This commit is contained in:
Ricky Zhou (周家杰) 2008-02-27 18:50:28 -05:00
commit 771427373c
5 changed files with 153 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

78
fas/client/fasClient.py Normal file
View file

@ -0,0 +1,78 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Copyright © 2007-2008 Red Hat, Inc. All rights reserved.
#
# This copyrighted material is made available to anyone wishing to use, modify,
# copy, or redistribute it subject to the terms and conditions of the GNU
# General Public License v.2. This program is distributed in the hope that it
# will be useful, but WITHOUT ANY WARRANTY expressed or implied, including the
# implied warranties of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
# See the GNU General Public License for more details. You should have
# received a copy of the GNU General Public License along with this program;
# if not, write to the Free Software Foundation, Inc., 51 Franklin Street,
# Fifth Floor, Boston, MA 02110-1301, USA. Any Red Hat trademarks that are
# incorporated in the source code or documentation are not subject to the GNU
# General Public License and may only be used or replicated with the express
# permission of Red Hat, Inc.
#
# Red Hat Author(s): Mike McGrath <mmcgrath@redhat.com>
#
from fedora.tg.client import BaseClient, AuthError, ServerError
import sys
import os
import logging
FAS_URL = 'http://localhost:8080/fas/json/'
class MakeShellAccounts(BaseClient):
def group_list(self, search='*'):
params = {'search' : search}
data = self.send_request('group_list', auth=False, input=params)
return data['group_list']
def groups_text(self, groups=None, people=None):
i = 0
file = open('/tmp/group.txt', 'w')
if not groups:
groups = self.group_list()
if not people:
people = self.people_list()
''' First create all of our users/groups combo '''
for person in people:
uid = people[person]['id']
username = people[person]['username']
file.write("=%i %s:x:%i:\n" % (uid, username, uid))
file.write( "0%i %s:x:%i:\n" % (i, username, uid))
file.write( ".%s %s:x:%i:\n" % (username, username, uid))
i = i + 1
for group in groups:
gid = groups[group]['id']
name = groups[group]['name']
file.write( "=%i %s:x:%i:\n" % (gid, name, gid))
file.write("0%i %s:x:%i:\n" % (i, name, gid))
file.write(".%s %s:x:%i:\n" % (name, name, gid))
i = i + 1
file.close()
def people_list(self, search='*'):
params = {'search' : search}
data = self.send_request('people_list', auth=False, input=params)
return data['people_list']
def make_group_db(self):
self.groups_text()
os.system('makedb -o /tmp/group.db /tmp/group.txt')
if __name__ == '__main__':
fas = MakeShellAccounts(FAS_URL, None, None, None)
fas.make_group_db()

2
fas/fas/controllers.py
View file

@ -15,6 +15,7 @@ from operator import itemgetter
from fas.user import User
from fas.group import Group
from fas.cla import CLA
from fas.json_request import JsonRequest
#from fas.openid_fas import OpenID
from fas.auth import isAdmin, canAdminGroup, canSponsorGroup, canEditUser
@ -41,6 +42,7 @@ class Root(controllers.RootController):
user = User()
group = Group()
cla = CLA()
json = JsonRequest()
# openid = OpenID()
os.environ['GNUPGHOME'] = config.get('gpghome')

8
fas/fas/json.py
View file

@ -77,10 +77,10 @@ class SABase(object):
# pylint: enable-msg=E1101
# Load all the columns from the table
for key in self.mapper.props.keys(): # pylint: disable-msg=E1101
if isinstance(self.mapper.props[key], # pylint: disable-msg=E1101
sqlalchemy.orm.properties.ColumnProperty):
props[key] = getattr(self, key)
for column in sqlalchemy.orm.object_mapper(self).iterate_properties:
if isinstance(column, sqlalchemy.orm.properties.ColumnProperty):
props[column.key] = getattr(self, column.key)
# Load things that are explicitly listed
for field in propList:
props[field] = getattr(self, field)

67
fas/fas/model.py
View file

@ -185,6 +185,73 @@ class People(SABase):
def __repr__(cls):
return "User(%s,%s)" % (cls.username, cls.human_name)
def __json__(self):
'''We want to make sure we keep a tight reign on sensistive information.
Thus we strip out certain information unless a user is an admin or the
current user.
Current access restrictions
===========================
Anonymous users can see:
:id: The id in the account system and on the shell servers
:username: Username in FAS
:human_name: Human name of the person
:comments: Comments that the user leaves about themselves
:creation: Date this account was created
:ircnick: User's nickname on IRC
:last_seen: timestamp the user last logged into anything tied to
the account system
:status: Whether the user is active, inactive, on vacation, etc
:status_change: timestamp that the status was last updated
:locale: User's default locale for Fedora Services
:timezone: User's timezone
:latitude: Used for constructing maps of contributors
:longitude: Used for contructing maps of contributors
Authenticated Users add:
:ssh_key: Public key for connecting to over ssh
:gpg_keyid: gpg key of the user
:affiliation: company or group the user wishes to identify with
:certificate_serial: serial number of the user's Fedora SSL
Certificate
User Themselves add:
:password: hashed password to identify the user
:passwordtoken: used when the user needs to reset a password
:postal_address: user's postal address
:telephone: user's telephone number
:facsimile: user's FAX number
Admins gets access to this final field as well:
:internal_comments: Comments an admin wants to write about a user
Note: There are a few other resources that are not located directly in
the People structure that you are likely to want to pass to consuming
code like email address and groups. Please see the documentation on
SABase.__json__() to find out how to set jsonProps to handle those.
'''
props = super(People, self).__json__()
if not identity.in_group('admin'):
# Only admins can see internal_comments
del props['internal_comments']
if not identity.current.user.user_name == self.username:
# Only an admin or the user themselves can see these fields
del props['password']
del props['passwordtoken']
del props['postal_address']
del props['telephone']
del props['facsimile']
if identity.current.anonymous:
# Only an authenticated user can see these fields
del props['ssh_key']
del props['gpg_keyid']
del props['affiliation']
del props['certificate_serial']
return props
memberships = association_proxy('roles', 'group')
approved_memberships = association_proxy('approved_roles', 'group')
unapproved_memberships = association_proxy('unapproved_roles', 'group')

8
fas/fas2.sql
View file

@ -28,10 +28,6 @@ CREATE SEQUENCE person_seq;
-- TODO: Set this to start where our last person_id is
SELECT setval('person_seq', 1111);
CREATE SEQUENCE group_seq;
-- TODO: Set this to start where our last group_id is
SELECT setval('group_seq', 1222);
CREATE TABLE people (
-- tg_user::user_id
id INTEGER PRIMARY KEY NOT NULL DEFAULT nextval('person_seq'),
@ -115,7 +111,7 @@ cluster configs_person_id_idx on configs;
CREATE TABLE groups (
-- tg_group::group_id
id INTEGER PRIMARY KEY NOT NULL DEFAULT nextval('group_seq'),
id INTEGER PRIMARY KEY NOT NULL DEFAULT nextval('person_seq'),
-- tg_group::group_name
name VARCHAR(32) UNIQUE NOT NULL,
-- tg_group::display_name
@ -428,7 +424,7 @@ create trigger email_bugzilla_sync before update or insert or delete
for each row execute procedure bugzilla_sync_email();
-- For Fas to connect to the database
GRANT ALL ON TABLE people, groups, person_roles, person_emails, group_roles, group_emails, bugzilla_queue, configs, person_seq, group_seq, visit, visit_identity TO GROUP fedora;
GRANT ALL ON TABLE people, groups, person_roles, person_emails, group_roles, group_emails, bugzilla_queue, configs, person_seq, visit, visit_identity TO GROUP fedora;
-- For other services to connect to the necessary session tables
GRANT ALL ON TABLE visit, visit_identity TO GROUP apache;