diff --git a/fas/client/fasClient b/fas/client/fasClient index 3e3097c..defa10b 100755 --- a/fas/client/fasClient +++ b/fas/client/fasClient @@ -436,7 +436,7 @@ class MakeShellAccounts(BaseClient): def create_ssh_keys(self): ''' Create ssh keys ''' - home_base = config.get('users', 'home').strip('"') + home_base = prefix + config.get('users', 'home').strip('"') for person in self.people: username = person['username'] if self.valid_user(username): diff --git a/fas/fas2.sql b/fas/fas2.sql index 5b2aa56..55ed3d5 100644 --- a/fas/fas2.sql +++ b/fas/fas2.sql @@ -231,244 +231,244 @@ create table visit_identity ( -- -- When a person's fedorabugs role is updated, add them to bugzilla queue. -- -create or replace function bugzilla_sync() returns trigger as $bz_sync$ - # Decide which row we are operating on and the action to take - if TD['event'] == 'DELETE': - # 'r' for removing an entry from bugzilla - newaction = 'r' - row = TD['old'] - else: - # insert or update - row = TD['new'] - if row['role_status'] == 'approved': - # approved so add an entry to bugzilla - newaction = 'a' - else: - # no longer approved so remove the entry from bugzilla - newaction = 'r' - - # Get the group id for fedorabugs - result = plpy.execute("select id from groups where name = 'fedorabugs'", 1) - if not result: - # Danger Will Robinson! A basic FAS group does not exist! - plpy.error('Basic FAS group fedorabugs does not exist') - # If this is not a fedorabugs role, no change needed - if row['group_id'] != result[0]['id']: - return None - - # Retrieve the bugzilla email address - plan = plpy.prepare("select email, purpose from person_emails as pem," - " email_purposes as epu" - " where pem.id = epu.email_id and pem.person_id = $1" - " and epu.purpose in ('bugzilla', 'primary')", - ('int4',)) - result = plpy.execute(plan, (row['person_id'],)) - email = None - for record in result: - email = record['email'] - if record['purpose'] == 'bugzilla': - break - if not email: - raise plpy.error('Cannot approve fedorabugs for person_id(%s) because they have no email address to use with bugzilla' % row['person_id']) - - # If there is already a row in bugzilla_queue update, otherwise insert - plan = plpy.prepare("select email from bugzilla_queue where email = $1", - ('text',)) - result = plpy.execute(plan, (email,), 1) - if result: - plan = plpy.prepare("update bugzilla_queue set action = $1" - " where email = $2", ('char', 'text')) - plpy.execute(plan, (newaction, email)) - else: - plan = plpy.prepare("insert into bugzilla_queue (email, group_id" - ", person_id, action) values ($1, $2, $3, $4)", - ('text', 'int4', 'int4', 'char')) - plpy.execute(plan, (email, row['group_id'], row['person_id'], newaction)) - return None -$bz_sync$ language plpythonu; - -create trigger role_bugzilla_sync before update or insert or delete - on person_roles - for each row execute procedure bugzilla_sync(); +-- create or replace function bugzilla_sync() returns trigger as $bz_sync$ +-- # Decide which row we are operating on and the action to take +-- if TD['event'] == 'DELETE': +-- # 'r' for removing an entry from bugzilla +-- newaction = 'r' +-- row = TD['old'] +-- else: +-- # insert or update +-- row = TD['new'] +-- if row['role_status'] == 'approved': +-- # approved so add an entry to bugzilla +-- newaction = 'a' +-- else: +-- # no longer approved so remove the entry from bugzilla +-- newaction = 'r' +-- +-- # Get the group id for fedorabugs +-- result = plpy.execute("select id from groups where name = 'fedorabugs'", 1) +-- if not result: +-- # Danger Will Robinson! A basic FAS group does not exist! +-- plpy.error('Basic FAS group fedorabugs does not exist') +-- # If this is not a fedorabugs role, no change needed +-- if row['group_id'] != result[0]['id']: +-- return None +-- +-- # Retrieve the bugzilla email address +-- plan = plpy.prepare("select email, purpose from person_emails as pem," +-- " email_purposes as epu" +-- " where pem.id = epu.email_id and pem.person_id = $1" +-- " and epu.purpose in ('bugzilla', 'primary')", +-- ('int4',)) +-- result = plpy.execute(plan, (row['person_id'],)) +-- email = None +-- for record in result: +-- email = record['email'] +-- if record['purpose'] == 'bugzilla': +-- break +-- if not email: +-- raise plpy.error('Cannot approve fedorabugs for person_id(%s) because they have no email address to use with bugzilla' % row['person_id']) +-- +-- # If there is already a row in bugzilla_queue update, otherwise insert +-- plan = plpy.prepare("select email from bugzilla_queue where email = $1", +-- ('text',)) +-- result = plpy.execute(plan, (email,), 1) +-- if result: +-- plan = plpy.prepare("update bugzilla_queue set action = $1" +-- " where email = $2", ('char', 'text')) +-- plpy.execute(plan, (newaction, email)) +-- else: +-- plan = plpy.prepare("insert into bugzilla_queue (email, group_id" +-- ", person_id, action) values ($1, $2, $3, $4)", +-- ('text', 'int4', 'int4', 'char')) +-- plpy.execute(plan, (email, row['group_id'], row['person_id'], newaction)) +-- return None +-- $bz_sync$ language plpythonu; +-- +-- create trigger role_bugzilla_sync before update or insert or delete +-- on person_roles +-- for each row execute procedure bugzilla_sync(); -- -- When an email address changes, check whether it needs to be changed in -- bugzilla as well. -- -create or replace function bugzilla_sync_email() returns trigger AS $bz_sync_e$ - def is_member(group_id, person_id): - '''Return true if the given id is a member of fedorabugs.''' - plan = plpy.prepare("select * from people as p, person_roles as r" - " where p.id = r.person_id and r.group_id = $1" - " and r.role_status = 'approved' and p.id = $2", - ('int4', 'int4',)) - result = plpy.execute(plan, (group_id, person_id), 1) - if result: - return True - else: - return False - - def affects_bz(email_id, person_id, verified): - '''Check whether the given email address can affect bugzilla.''' - if not verified: - return False - emailAffectsBz = False - possible = False - plan = plpy.prepare("select purpose from email_purposes where" - " email_id = $1", ('int4',)) - result = plpy.execute(plan, (email_id,)) - for record in result: - if record['purpose'] == 'bugzilla': - emailAffectsBz = True - break - if record['purpose'] == 'primary': - possible = True - - if not emailAffectsBz and possible: - # If it's primary, we have to check that the user doesn't have a - # different email setup for bugzilla - plan = plpy.prepare("select purpose from email_purposes where" - " person_id = $1 and purpose = 'bugzilla'", ('int4',)) - result = plpy.execute(plan, (person_id,), 1) - if not result: - # A separate bugzilla email address does not exist - emailAffectsBz = True - return emailAffectsBz - - def previous_emails(person_id): - '''Find the previous email used for bugzilla.''' - plan = plpy.prepare("select email, purpose from person_emails as pem," - " email_purposes as epu" - " where pem.id = epu.email_id and pem.person_id = $1" - " and epu.purpose in ('bugzilla', 'primary')", ('int4',)) - result = plpy.execute(plan, (TD['new']['person_id'],)) - email = None - return result - - # - # Main body of function starts here - # - - # Store the changes we need to make in this list - changes = {} - - # Get the group id for fedorabugs - result = plpy.execute("select id from groups where name = 'fedorabugs'", 1) - if not result: - # Danger Will Robinson! A basic FAS group does not exist! - plpy.error('Basic FAS group fedorabugs does not exist') - fedorabugsId = result[0]['id'] - - # Check whether the new person belongs to fedorabugs - newHasBugs = is_member(fedorabugsId, TD['new']['person_id']) - oldHasBugs = is_member(fedorabugsId, TD['old']['person_id']) - - newAffectsBz = affects_bz(TD['new']['id'], TD['new']['person_id'], - TD['new']['verified']) - oldAffectsBz = affects_bz(TD['old']['id'], TD['old']['person_id'], - TD['old']['verified']) - - # Note: When setting the changes that we're going to make in - # bugzilla_queue here are the rules we follow: - # For each email address: - # If we have multiple adds, condense to one. - # If we have multiple deletes, condense to one. - # If we have an add and a delete, the delete wins. - - if TD['new']['email'] != TD['old']['email']: - # The email address has changed. Add the new one and remove the old - # if they affect bugzilla - if newHasBugs and newAffectsBz: - # Add the new email - if not TD['new']['email'] in changes: - changes[TD['new']['email']] = (TD['new']['email'], fedorabugsId, TD['new']['person_id'], 'a') - if oldHasBugs and oldAffectsBz: - # Remove the old email - changes[TD['old']['email']] = (TD['old']['email'], fedorabugsId, TD['old']['person_id'], 'r') - - if TD['new']['person_id'] != TD['old']['person_id']: - # Email changed owners. If one owner has fedorabugs and the other - # does not we have to adjust. - if newHasBugs and newAffectsBz and not oldHasBugs: - # Add the email address - if not TD['new']['email'] in changes: - changes[TD['new']['email']] = (TD['new']['email'], fedorabugsId, TD['new']['person_id'], 'a') - if oldHasBugs and oldAffectsBz and not newHasBugs: - # Remove the email address - changes[TD['old']['email']] = (TD['old']['email'], fedorabugsId, TD['old']['person_id'], 'r') - - # If both have fedorabugs, we need to decide which of the addresses to - # use with bugzilla. - if oldHasBugs and newHasBugs and newAffectsBz: - # Retrieve the bugzilla email address - previous = previous_emails(TD['new']['person_id']) - - # Note: we depend on the unique constraint having already run and - # stopped us from getting to this point with two email addresses - # for the same purpose. - # Since only one can be the bzEmail address and only one the - # primary, we can do what we need only knowing the purpose for one - # of the email addresses. - if previous: - - for email in previous: - if email['purpose'] == 'bugzilla': - # Remove the new email address as the old one is the bz email - changes[TD['new']['email']] = (TD['new']['email'], fedorabugsId, TD['new']['person_id'], 'r') - else: - # Remove the current email address - changes[email] = (email, fedorabugsId, TD['new']['person_id'], 'r') - - if TD['new']['verified'] != TD['old']['verified']: - plpy.execute("insert into debug values ('In verified')") - if TD['new']['verified'] and newHasBugs and newAffectsBz: - # Add the email address - plpy.execute("insert into debug values('Add email address')") - if not TD['new']['email'] in changes: - plpy.execute("insert into debug values ('addind address for real')") - changes[TD['new']['email']] = (TD['new']['email'], fedorabugsId, TD['new']['person_id'], 'a') - # Check whether there's a previous email address this - # obsoletes - previous = previous_email(TD['new']['person_id']) - plan = plpy.prepare("insert into debug values ($1)", ('text',)) - plpy.execute(plan, (str(previous),)) - if previous and previous[0] == 'primary': - changes[previous[1]] = (previous[1], fedorabugsId, TD['new']['person_id'], 'r') - elif not TD['new']['verified'] and oldHasBugs and oldAffectsBz: - # Remove the email address - changes[TD['old']['email']] = (TD['old']['email'], fedorabugsId, TD['old']['person_id'], 'r') - # Check if there's another email address that should take it's - # place - previous = previous_email(TD['new']['person_id']) - if previous and not pervious[1] in changes: - changes[previous[1]] = (previous[1], fedorabugsId, TD['new']['person_id'], 'a') - - # Now actually add the changes to the queue. - plan = plpy.prepare("insert into debug values ($1)", ('text',)) - plpy.execute(plan, (str(changes),)) - for email in changes: - plan = plpy.prepare("select email from bugzilla_queue where email = $1", ('text',)) - result = plpy.execute(plan, (email,), 1) - if result: - # Update another record with the new information - plan = plpy.prepare("update bugzilla_queue set email = $1," - " group_id = $2, person_id = $3, action = $4" - " where email = $5", ('text', 'int4', 'int4', 'char', 'text')) - params = list(changes[email]) - params.append(email) - plpy.execute(plan, params) - else: - # Add a brand new record - plan = plpy.prepare("insert into bugzilla_queue" - " (email, group_id, person_id, action) values" - " ($1, $2, $3, $4)", ('text', 'int4', 'int4', 'char')) - plpy.execute(plan, changes[email]) - return None -$bz_sync_e$ language plpythonu; - -create trigger email_bugzilla_sync before update - on person_emails - for each row execute procedure bugzilla_sync_email(); +-- create or replace function bugzilla_sync_email() returns trigger AS $bz_sync_e$ +-- def is_member(group_id, person_id): +-- '''Return true if the given id is a member of fedorabugs.''' +-- plan = plpy.prepare("select * from people as p, person_roles as r" +-- " where p.id = r.person_id and r.group_id = $1" +-- " and r.role_status = 'approved' and p.id = $2", +-- ('int4', 'int4',)) +-- result = plpy.execute(plan, (group_id, person_id), 1) +-- if result: +-- return True +-- else: +-- return False +-- +-- def affects_bz(email_id, person_id, verified): +-- '''Check whether the given email address can affect bugzilla.''' +-- if not verified: +-- return False +-- emailAffectsBz = False +-- possible = False +-- plan = plpy.prepare("select purpose from email_purposes where" +-- " email_id = $1", ('int4',)) +-- result = plpy.execute(plan, (email_id,)) +-- for record in result: +-- if record['purpose'] == 'bugzilla': +-- emailAffectsBz = True +-- break +-- if record['purpose'] == 'primary': +-- possible = True +-- +-- if not emailAffectsBz and possible: +-- # If it's primary, we have to check that the user doesn't have a +-- # different email setup for bugzilla +-- plan = plpy.prepare("select purpose from email_purposes where" +-- " person_id = $1 and purpose = 'bugzilla'", ('int4',)) +-- result = plpy.execute(plan, (person_id,), 1) +-- if not result: +-- # A separate bugzilla email address does not exist +-- emailAffectsBz = True +-- return emailAffectsBz +-- +-- def previous_emails(person_id): +-- '''Find the previous email used for bugzilla.''' +-- plan = plpy.prepare("select email, purpose from person_emails as pem," +-- " email_purposes as epu" +-- " where pem.id = epu.email_id and pem.person_id = $1" +-- " and epu.purpose in ('bugzilla', 'primary')", ('int4',)) +-- result = plpy.execute(plan, (TD['new']['person_id'],)) +-- email = None +-- return result +-- +-- # +-- # Main body of function starts here +-- # +-- +-- # Store the changes we need to make in this list +-- changes = {} +-- +-- # Get the group id for fedorabugs +-- result = plpy.execute("select id from groups where name = 'fedorabugs'", 1) +-- if not result: +-- # Danger Will Robinson! A basic FAS group does not exist! +-- plpy.error('Basic FAS group fedorabugs does not exist') +-- fedorabugsId = result[0]['id'] +-- +-- # Check whether the new person belongs to fedorabugs +-- newHasBugs = is_member(fedorabugsId, TD['new']['person_id']) +-- oldHasBugs = is_member(fedorabugsId, TD['old']['person_id']) +-- +-- newAffectsBz = affects_bz(TD['new']['id'], TD['new']['person_id'], +-- TD['new']['verified']) +-- oldAffectsBz = affects_bz(TD['old']['id'], TD['old']['person_id'], +-- TD['old']['verified']) +-- +-- # Note: When setting the changes that we're going to make in +-- # bugzilla_queue here are the rules we follow: +-- # For each email address: +-- # If we have multiple adds, condense to one. +-- # If we have multiple deletes, condense to one. +-- # If we have an add and a delete, the delete wins. +-- +-- if TD['new']['email'] != TD['old']['email']: +-- # The email address has changed. Add the new one and remove the old +-- # if they affect bugzilla +-- if newHasBugs and newAffectsBz: +-- # Add the new email +-- if not TD['new']['email'] in changes: +-- changes[TD['new']['email']] = (TD['new']['email'], fedorabugsId, TD['new']['person_id'], 'a') +-- if oldHasBugs and oldAffectsBz: +-- # Remove the old email +-- changes[TD['old']['email']] = (TD['old']['email'], fedorabugsId, TD['old']['person_id'], 'r') +-- +-- if TD['new']['person_id'] != TD['old']['person_id']: +-- # Email changed owners. If one owner has fedorabugs and the other +-- # does not we have to adjust. +-- if newHasBugs and newAffectsBz and not oldHasBugs: +-- # Add the email address +-- if not TD['new']['email'] in changes: +-- changes[TD['new']['email']] = (TD['new']['email'], fedorabugsId, TD['new']['person_id'], 'a') +-- if oldHasBugs and oldAffectsBz and not newHasBugs: +-- # Remove the email address +-- changes[TD['old']['email']] = (TD['old']['email'], fedorabugsId, TD['old']['person_id'], 'r') +-- +-- # If both have fedorabugs, we need to decide which of the addresses to +-- # use with bugzilla. +-- if oldHasBugs and newHasBugs and newAffectsBz: +-- # Retrieve the bugzilla email address +-- previous = previous_emails(TD['new']['person_id']) +-- +-- # Note: we depend on the unique constraint having already run and +-- # stopped us from getting to this point with two email addresses +-- # for the same purpose. +-- # Since only one can be the bzEmail address and only one the +-- # primary, we can do what we need only knowing the purpose for one +-- # of the email addresses. +-- if previous: +-- +-- for email in previous: +-- if email['purpose'] == 'bugzilla': +-- # Remove the new email address as the old one is the bz email +-- changes[TD['new']['email']] = (TD['new']['email'], fedorabugsId, TD['new']['person_id'], 'r') +-- else: +-- # Remove the current email address +-- changes[email] = (email, fedorabugsId, TD['new']['person_id'], 'r') +-- +-- if TD['new']['verified'] != TD['old']['verified']: +-- plpy.execute("insert into debug values ('In verified')") +-- if TD['new']['verified'] and newHasBugs and newAffectsBz: +-- # Add the email address +-- plpy.execute("insert into debug values('Add email address')") +-- if not TD['new']['email'] in changes: +-- plpy.execute("insert into debug values ('addind address for real')") +-- changes[TD['new']['email']] = (TD['new']['email'], fedorabugsId, TD['new']['person_id'], 'a') +-- # Check whether there's a previous email address this +-- # obsoletes +-- previous = previous_email(TD['new']['person_id']) +-- plan = plpy.prepare("insert into debug values ($1)", ('text',)) +-- plpy.execute(plan, (str(previous),)) +-- if previous and previous[0] == 'primary': +-- changes[previous[1]] = (previous[1], fedorabugsId, TD['new']['person_id'], 'r') +-- elif not TD['new']['verified'] and oldHasBugs and oldAffectsBz: +-- # Remove the email address +-- changes[TD['old']['email']] = (TD['old']['email'], fedorabugsId, TD['old']['person_id'], 'r') +-- # Check if there's another email address that should take it's +-- # place +-- previous = previous_email(TD['new']['person_id']) +-- if previous and not pervious[1] in changes: +-- changes[previous[1]] = (previous[1], fedorabugsId, TD['new']['person_id'], 'a') +-- +-- # Now actually add the changes to the queue. +-- plan = plpy.prepare("insert into debug values ($1)", ('text',)) +-- plpy.execute(plan, (str(changes),)) +-- for email in changes: +-- plan = plpy.prepare("select email from bugzilla_queue where email = $1", ('text',)) +-- result = plpy.execute(plan, (email,), 1) +-- if result: +-- # Update another record with the new information +-- plan = plpy.prepare("update bugzilla_queue set email = $1," +-- " group_id = $2, person_id = $3, action = $4" +-- " where email = $5", ('text', 'int4', 'int4', 'char', 'text')) +-- params = list(changes[email]) +-- params.append(email) +-- plpy.execute(plan, params) +-- else: +-- # Add a brand new record +-- plan = plpy.prepare("insert into bugzilla_queue" +-- " (email, group_id, person_id, action) values" +-- " ($1, $2, $3, $4)", ('text', 'int4', 'int4', 'char')) +-- plpy.execute(plan, changes[email]) +-- return None +-- $bz_sync_e$ language plpythonu; +-- +-- create trigger email_bugzilla_sync before update +-- on person_emails +-- for each row execute procedure bugzilla_sync_email(); -- We have to fix this. Luckily, the purpose is usually primary. -- create or replace function bugzilla_sync_purpose() returns trigger AS @@ -581,10 +581,8 @@ create trigger email_bugzilla_sync before update -- For Fas to connect to the database GRANT ALL ON TABLE people, groups, person_roles, group_roles, bugzilla_queue, configs, person_seq, visit, visit_identity, log, log_id_seq, TO GROUP fedora; - - -- Create default admin user - Default Password "admin" -INSERT INTO people (id, username, human_name, password) VALUES (100001, 'admin', 'Admin User', '$1$djFfnacd$b6NFqFlac743Lb4sKWXj4/'); +INSERT INTO people (id, username, human_name, password, email) VALUES (100001, 'admin', 'Admin User', '$1$djFfnacd$b6NFqFlac743Lb4sKWXj4/', 'root@localhost'); -- Create default groups and populate INSERT INTO groups (id, name, display_name, owner_id, group_type) VALUES (100002, 'cla_sign', 'Signed CLA Group', (SELECT id from people where username='admin'), 'tracking'); @@ -595,7 +593,3 @@ INSERT INTO groups (name, display_name, owner_id, group_type) VALUES ('fas-syste INSERT INTO person_roles (person_id, group_id, role_type, role_status, internal_comments, sponsor_id) VALUES ((SELECT id from people where username='admin'), (select id from groups where name='accounts'), 'administrator', 'approved', 'created at install time', (SELECT id from people where username='admin')); - --- Give admin user his email address -INSERT INTO person_emails (email, person_id, verified) VALUES ('root@localhost', (SELECT id from people where username='admin'), true); -INSERT INTO email_purposes (email_id, person_id, purpose) VALUES ((SELECT id from person_emails where email='root@localhost'), (SELECT id from people where username='admin'), 'primary');