Use authentication when grabbing password data

2008-02-28 11:48:10 -06:00 · 2008-02-28 11:48:10 -06:00 · f0dacb5893
commit f0dacb5893
parent e89c3f53df
3 changed files with 12 additions and 3 deletions
--- a/fas/client/fasClient.py
+++ b/fas/client/fasClient.py
@ -66,6 +66,7 @@ class MakeShellAccounts(BaseClient):
        file = open('/tmp/shadow.txt', 'w')
        if not people:
            people = self.people_list()
+        print people
        for person in people:
            uid = person['id']
            username = person['username']
@ -170,7 +171,11 @@ class MakeShellAccounts(BaseClient):
        

 if __name__ == '__main__':
-    fas = MakeShellAccounts(FAS_URL, 'admin', None, None)
+    try:
+        fas = MakeShellAccounts(FAS_URL, 'admin', 'admin', 1)
+    except AuthError, e:
+        print e
+        sys.exit(1)
    fas.make_group_db()
    fas.make_passwd_db()
    fas.make_shadow_db()
--- a/fas/fas/json_request.py
+++ b/fas/fas/json_request.py
@ -21,6 +21,7 @@ class JsonRequest(controllers.Controller):
        '''Perhaps show a nice explanatory message about groups here?'''
        return dict(help='This is a json interface')
    
+    @identity.require(turbogears.identity.not_anonymous())
    @expose("json", allow_json=True)
    def group_list(self, search='*'):
        re_search = re.sub(r'\*', r'%', search).lower()
@ -29,7 +30,8 @@ class JsonRequest(controllers.Controller):
        for group in groups:
            memberships[group.id] = group.approved_roles
        return dict(groups=groups, memberships=memberships)
-        
+    
+    @identity.require(turbogears.identity.not_anonymous())
    @expose("json", allow_json=True)
    def people_list(self, search='*'):
        re_search = re.sub(r'\*', r'%', search).lower()
--- a/fas/fas/model.py
+++ b/fas/fas/model.py
@ -42,6 +42,7 @@ from turbogears.database import session
 from turbogears import identity

 from fas.json import SABase
+
 # Soon we'll use this instead:
 #from fedora.tg.json import SABase

@ -244,7 +245,8 @@ class People(SABase):
                del props['postal_address']
                del props['telephone']
                del props['facsimile']
-            elif not identity.current.user.username == self.username:
+                # Below should check for group accounts instead of a specific username
+            elif not identity.current.user.username == self.username and not identity.current.user.username == 'admin':
                # Only an admin or the user themselves can see these fields
                del props['password']
                del props['passwordtoken']