|
|
|
""" Elab Users
|
|
|
|
|
|
|
|
Manage elab (svn) users
|
|
|
|
"""
|
|
|
|
|
|
|
|
__version__ = "0.0.1"
|
|
|
|
|
|
|
|
import os
|
|
|
|
import sys
|
|
|
|
import argparse
|
|
|
|
import subprocess # noqa: S404
|
|
|
|
from pathlib import Path
|
|
|
|
|
|
|
|
from .authz import AuthzConfigParser
|
|
|
|
from .constants import (
|
|
|
|
USERS,
|
|
|
|
ADMINS,
|
|
|
|
ALUMNI,
|
|
|
|
READ_ACL,
|
|
|
|
WRITE_ACL,
|
|
|
|
RESTRICTED,
|
|
|
|
SVN_SUFFIX,
|
|
|
|
AUTHZ_FILE_NAME,
|
|
|
|
HTPWD_FILE_NAME,
|
|
|
|
)
|
|
|
|
|
|
|
|
SVN_REPOS_PATH = Path(os.getenv("SVN_REPOS_PATH", default=".")).resolve()
|
|
|
|
|
|
|
|
COMMANDS = ["user", "group", "add", "restricted", "retire", "password"]
|
|
|
|
|
|
|
|
|
|
|
|
def get_config(svn_dir=SVN_REPOS_PATH, authz=AUTHZ_FILE_NAME):
|
|
|
|
authz_path = Path(svn_dir) / authz
|
|
|
|
if not authz_path.is_file():
|
|
|
|
sys.exit(f"Could not find authz file at {authz_path}")
|
|
|
|
return AuthzConfigParser.from_file(authz_path)
|
|
|
|
|
|
|
|
|
|
|
|
def list_users(svn_dir=SVN_REPOS_PATH, authz=AUTHZ_FILE_NAME):
|
|
|
|
"""list all users"""
|
|
|
|
config = get_config(svn_dir, authz)
|
|
|
|
groups = config.group_users()
|
|
|
|
for name, usernames in groups.items():
|
|
|
|
print(f"Users in group '{name}':")
|
|
|
|
for name in sorted(usernames):
|
|
|
|
print(f" {name}")
|
|
|
|
|
|
|
|
|
|
|
|
def show_group_info(groupname, svn_dir=SVN_REPOS_PATH, authz=AUTHZ_FILE_NAME):
|
|
|
|
"""show group information"""
|
|
|
|
config = get_config(svn_dir, authz)
|
|
|
|
groups = config.group_users()
|
|
|
|
if groupname not in groups:
|
|
|
|
sys.exit(f"Group '{groupname}' not found in authz file")
|
|
|
|
print(f"Users in group '{groupname}':")
|
|
|
|
for name in sorted(groups[groupname]):
|
|
|
|
print(f" {name}")
|
|
|
|
|
|
|
|
|
|
|
|
def add_new_user(
|
|
|
|
username,
|
|
|
|
group,
|
|
|
|
svn_dir=SVN_REPOS_PATH,
|
|
|
|
authz=AUTHZ_FILE_NAME,
|
|
|
|
htpwd=HTPWD_FILE_NAME,
|
|
|
|
handler=subprocess,
|
|
|
|
):
|
|
|
|
"""add a user, restricted or regular"""
|
|
|
|
config = get_config(svn_dir, authz)
|
|
|
|
if username in config.elab_users:
|
|
|
|
sys.exit(f"Username '{username}' already in use")
|
|
|
|
if username.lower() in {i.name.lower() for i in svn_dir.iterdir()}:
|
|
|
|
sys.exit(f"Username '{username}' not allowed")
|
|
|
|
user = config.add_journal_acl_for(username, group)
|
|
|
|
user.create_new_repository(svn_dir, handler)
|
|
|
|
password = user.set_new_password(svn_dir / htpwd, handler=handler)
|
|
|
|
print("New password for :")
|
|
|
|
print(f"username: {username}")
|
|
|
|
print(f"password: {password}")
|
|
|
|
print(f"url: https://svn.cpi.imtek.uni-freiburg.de/{username}")
|
|
|
|
config.write_to_file()
|
|
|
|
|
|
|
|
|
|
|
|
def retire_user(
|
|
|
|
username,
|
|
|
|
svn_dir=SVN_REPOS_PATH,
|
|
|
|
authz=AUTHZ_FILE_NAME,
|
|
|
|
htpwd=HTPWD_FILE_NAME,
|
|
|
|
handler=subprocess,
|
|
|
|
):
|
|
|
|
config = get_config(svn_dir, authz)
|
|
|
|
if username not in config.elab_users:
|
|
|
|
sys.exit(f"User {username} not found.")
|
|
|
|
user = config.elab_users[username]
|
|
|
|
if user.group == ALUMNI:
|
|
|
|
sys.exit(f"User '{username}' is already in group '{ALUMNI}'")
|
|
|
|
if user.group == ADMINS:
|
|
|
|
sys.exit(
|
|
|
|
(
|
|
|
|
f"User '{username}' is in group '{ADMINS}', "
|
|
|
|
f"will not moved to '{ALUMNI}'"
|
|
|
|
)
|
|
|
|
)
|
|
|
|
config.move_user_to_alumni(username)
|
|
|
|
config.write_to_file()
|
|
|
|
user.delete_password(svn_dir / htpwd, handler=handler)
|
|
|
|
print(f"Moved user {username} to alumni")
|
|
|
|
|
|
|
|
|
|
|
|
def change_password(
|
|
|
|
username,
|
|
|
|
svn_dir=SVN_REPOS_PATH,
|
|
|
|
authz=AUTHZ_FILE_NAME,
|
|
|
|
htpwd=HTPWD_FILE_NAME,
|
|
|
|
handler=subprocess,
|
|
|
|
):
|
|
|
|
config = get_config(svn_dir, authz)
|
|
|
|
if username not in config.elab_users:
|
|
|
|
sys.exit(f"User {username} not found.")
|
|
|
|
user = config.elab_users[username]
|
|
|
|
password = user.set_new_password(svn_dir / htpwd, handler=handler)
|
|
|
|
print("New password for :")
|
|
|
|
print(f"username: {username}")
|
|
|
|
print(f"password: {password}")
|
|
|
|
|
|
|
|
|
|
|
|
def show_user_info(username, svn_dir=SVN_REPOS_PATH, authz=AUTHZ_FILE_NAME):
|
|
|
|
config = get_config(svn_dir, authz)
|
|
|
|
if username not in config.elab_users:
|
|
|
|
sys.exit(f"User {username} not found.")
|
|
|
|
|
|
|
|
user = config.elab_users[username]
|
|
|
|
print(f"User {user.name} is in group '{user.group}':")
|
|
|
|
|
|
|
|
# print the write acls for a user
|
|
|
|
if user.group == ADMINS:
|
|
|
|
print(" Write access is granted to all journals.")
|
|
|
|
elif user.write_acl:
|
|
|
|
write_acl = [item + SVN_SUFFIX for item in user.write_acl]
|
|
|
|
print(" Write access is granted to:", ", ".join(write_acl))
|
|
|
|
else:
|
|
|
|
print(" Write access is NOT granted to any journals")
|
|
|
|
|
|
|
|
# print the read acls for a user
|
|
|
|
if user.group == ADMINS:
|
|
|
|
print(" Read access is granted to all journals.")
|
|
|
|
elif user.group == USERS:
|
|
|
|
print(" Read access is granted to (nearly) all journals.")
|
|
|
|
elif user.read_acl:
|
|
|
|
read_acl = [item + SVN_SUFFIX for item in user.read_acl]
|
|
|
|
print(" Read access is granted to:", ", ".join(read_acl))
|
|
|
|
else:
|
|
|
|
print(" Read access is NOT granted to any journals")
|
|
|
|
|
|
|
|
journal = config.get_journal_info(username)
|
|
|
|
print(f"Labjournal {username}{SVN_SUFFIX}")
|
|
|
|
|
|
|
|
# print the write acls for a journal
|
|
|
|
if journal[WRITE_ACL]:
|
|
|
|
print(" Write access granted to:", ", ".join(journal[WRITE_ACL]))
|
|
|
|
else:
|
|
|
|
print(" No write access granted to anybody")
|
|
|
|
|
|
|
|
# print the read acls for a journal
|
|
|
|
if journal[READ_ACL]:
|
|
|
|
print(" Read access granted to:", ", ".join(journal[READ_ACL]))
|
|
|
|
else:
|
|
|
|
print(" No read access granted to anybody")
|
|
|
|
|
|
|
|
|
|
|
|
def main(
|
|
|
|
svn_dir=SVN_REPOS_PATH,
|
|
|
|
authz=AUTHZ_FILE_NAME,
|
|
|
|
htpwd=HTPWD_FILE_NAME,
|
|
|
|
handler=subprocess,
|
|
|
|
cli_args=None,
|
|
|
|
):
|
|
|
|
parser = argparse.ArgumentParser(prog="elab-users")
|
|
|
|
parser.add_argument(
|
|
|
|
"command",
|
|
|
|
nargs="?",
|
|
|
|
help="one of the commands: [" + ", ".join(COMMANDS) + "]",
|
|
|
|
)
|
|
|
|
parser.add_argument(
|
|
|
|
"name", nargs="?", help="user or group to perform the command on"
|
|
|
|
)
|
|
|
|
args = parser.parse_args(cli_args)
|
|
|
|
|
|
|
|
if not args.command:
|
|
|
|
list_users(svn_dir, authz)
|
|
|
|
elif args.command.lower() not in COMMANDS:
|
|
|
|
show_user_info(args.command, svn_dir, authz)
|
|
|
|
elif args.command.lower() == "user":
|
|
|
|
show_user_info(args.name, svn_dir, authz)
|
|
|
|
elif args.command.lower() == "group":
|
|
|
|
show_group_info(args.name, svn_dir, authz)
|
|
|
|
elif args.command.lower() == "add":
|
|
|
|
add_new_user(args.name, USERS, svn_dir, authz, htpwd, handler)
|
|
|
|
elif args.command.lower() == "restricted":
|
|
|
|
add_new_user(args.name, RESTRICTED, svn_dir, authz, htpwd, handler)
|
|
|
|
elif args.command.lower() == "retire":
|
|
|
|
retire_user(args.name, svn_dir, authz, htpwd, handler)
|
|
|
|
elif args.command.lower() == "password":
|
|
|
|
change_password(args.name, svn_dir, authz, htpwd, handler)
|