CPI
/
elab-users
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Browse Source

completly untested rework

pull/1/head
Holger Frey 3 years ago
parent
6021ceec0e
commit
a582372622
5 changed files with 224 additions and 147 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 205
      elab_users/__init__.py
  2. 15
      elab_users/authz.py
  3. 8
      elab_users/constants.py
  4. 140
      manage_scrap.py
  5. 3
      pyproject.toml

205
elab_users/__init__.py
Unescape View File

@ -4,3 +4,208 @@ Manage elab (svn) users
""" """
__version__ = "0.0.1" __version__ = "0.0.1"
import os
import sys
import argparse
import subprocess # noqa: S404
from pathlib import Path
from .authz import AuthzConfigParser
from .constants import (
USERS,
ADMINS,
ALUMNI,
READ_ACL,
WRITE_ACL,
RESTRICTED,
SVN_SUFFIX,
AUTHZ_FILE_NAME,
HTPWD_FILE_NAME,
)
SVN_REPOS_PATH = Path(os.getenv("SVN_REPOS_PATH", default="."))
COMMANDS = ["user", "groups", "add", "restricted", "retire", "password"]
def get_config(svn_dir=SVN_REPOS_PATH, authz=AUTHZ_FILE_NAME):
authz_path = Path(svn_dir) / authz
if not authz_path.is_file():
sys.exit(f"Could not find authz file at {authz_path}")
return AuthzConfigParser.from_file(authz_path)
def list_users(username, svn_dir=SVN_REPOS_PATH, authz=AUTHZ_FILE_NAME):
"""list all users"""
config = get_config(svn_dir, authz)
groups = config.group_users()
for name, usernames in groups.items():
print(f"Users in group '{name}':")
for name in sorted(usernames):
print(f" {name}")
def show_group_info(groupname, svn_dir=SVN_REPOS_PATH, authz=AUTHZ_FILE_NAME):
"""show group information"""
config = get_config(svn_dir, authz)
groups = config.group_users()
if groupname not in groups:
sys.exit(f"Group '{groupname}' not found in authz file")
print("Users in group '{groupname}':")
for name in sorted(groups[groupname]):
print(f" {name}")
def add_new_user(
username,
group,
svn_dir=SVN_REPOS_PATH,
authz=AUTHZ_FILE_NAME,
htpwd=HTPWD_FILE_NAME,
handler=subprocess,
):
"""add a user, restricted or regular"""
config = get_config(svn_dir, authz)
if username in config.elab_users:
sys.exit(f"Username '{username}' already in use")
if username.lower() in {i.lower() for i in svn_dir.iterdir()}:
sys.exit(f"Username '{username}' not allowed")
user = config.add_journal_acl_for(username, group)
user.create_new_repository(svn_dir, handler)
password = user.set_new_password(svn_dir / htpwd, handler=handler)
print("New password for :")
print(f"username: {username}")
print(f"password: {password}")
print(f"url: https://svn.cpi.imtek.uni-freiburg.de/{username}")
config.write_to_file()
def retire_user(
username,
svn_dir=SVN_REPOS_PATH,
authz=AUTHZ_FILE_NAME,
htpwd=HTPWD_FILE_NAME,
handler=subprocess,
):
config = get_config(svn_dir, authz)
if username not in config.elab_users:
sys.exit("User {username} not found.")
user = config.elab_users[username]
if user.group == ALUMNI:
sys.exit(f"User '{username}' is already in group '{ALUMNI}'")
if user.group == ADMINS:
sys.exit(
(
f"User '{username}' is in group '{ADMINS}', "
f"will not moved to '{ALUMNI}'"
)
)
config.move_user_to_alumni(username)
config.write_to_file()
user.delete_password(svn_dir / htpwd, handler=handler)
def change_password(
username,
svn_dir=SVN_REPOS_PATH,
authz=AUTHZ_FILE_NAME,
htpwd=HTPWD_FILE_NAME,
handler=subprocess,
):
config = get_config(svn_dir, authz)
if username not in config.elab_users:
sys.exit("User {username} not found.")
user = config.elab_users[username]
password = user.set_new_password(svn_dir / htpwd, handler=handler)
print("New password for :")
print(f"username: {username}")
print(f"password: {password}")
def show_user_info(username, svn_dir=SVN_REPOS_PATH, authz=AUTHZ_FILE_NAME):
config = get_config(svn_dir, authz)
if username not in config.elab_users:
sys.exit("User {username} not found.")
user = config.elab_users[username]
print("User {user.name} is in group '{user.group}':")
# print the write acls for a user
if user.group == ADMINS:
print(" Write access is granted to all journals.")
elif user.write_acl:
write_acl = [item + SVN_SUFFIX for item in user.write_acl]
print(" Write access is granted to:", ", ".join(write_acl))
else:
print(" Write access is NOT granted to any journals")
# print the read acls for a user
if user.group == ADMINS:
print(" Read access is granted to all journals.")
elif user.group == USERS:
print(" Read access is granted to (nearly) all journals.")
elif user.read_acl:
read_acl = [item + SVN_SUFFIX for item in user.read_acl]
print(" Read access is granted to:", ", ".join(read_acl))
else:
print(" Read access is NOT granted to any journals")
journal = config.get_journal_info(username)
print(f"Labjournal {username}{SVN_SUFFIX}")
# print the write acls for a journal
if journal[WRITE_ACL]:
print(" Write access granted to:", ", ".join(journal[WRITE_ACL]))
else:
print(" No write access granted to anybody")
# print the read acls for a journal
if journal[READ_ACL]:
print(" Read access granted to:", ", ".join(journal[READ_ACL]))
else:
print(" No read access granted to anybody")
def main(
svn_dir=SVN_REPOS_PATH,
authz=AUTHZ_FILE_NAME,
htpwd=HTPWD_FILE_NAME,
handler=subprocess,
):
parser = argparse.ArgumentParser(prog="elab-users")
parser.add_argument(
"command",
nargs="?",
help="one of the commands: [" + ", ".join(COMMANDS) + "]",
)
parser.add_argument(
"name", nargs="?", help="user or group to perform the command on"
)
args = parser.parse_args()
print(args.command)
print(args.username)
if not args.command:
list_users(svn_dir, authz)
if args.command.lower() not in COMMANDS:
show_user_info(args.command, svn_dir, authz)
if args.command.lower() == "user":
show_user_info(args.name, svn_dir, authz)
if args.command.lower() == "groups":
show_group_info(args.name, svn_dir, authz)
if args.command.lower() == "add":
add_new_user(args.name, USERS, svn_dir, authz, htpwd, handler)
if args.command.lower() == "restricted":
add_new_user(args.name, RESTRICTED, svn_dir, authz, htpwd, handler)
if args.command.lower() == "retire":
retire_user(args.name, svn_dir, authz, htpwd, handler)
if args.command.lower() == "password":
change_password(args.name, svn_dir, authz, htpwd, handler)

15
elab_users/authz.py
Unescape View File

@ -31,6 +31,7 @@ class AuthzConfigParser(configparser.ConfigParser):
def __init__(self): def __init__(self):
"""initialization of the class""" """initialization of the class"""
self.elab_users = {} self.elab_users = {}
self.original_path = None
super().__init__() super().__init__()
def optionxform(self, value): def optionxform(self, value):
@ -40,9 +41,19 @@ class AuthzConfigParser(configparser.ConfigParser):
def read(self, path): def read(self, path):
"""set up the acl defaults after reading the file""" """set up the acl defaults after reading the file"""
super().read(path) super().read(path)
self.original_path = path
self._extract_user_info_from_config() self._extract_user_info_from_config()
def write_to_file(self, path): @classmethod
def from_file(cls, path):
instance = cls()
instance.read(path)
return instance
def write_to_file(self, path=None):
path = path or self.original_path
if not path:
raise IOError("No path specified")
with open(path, "w") as filehandle: with open(path, "w") as filehandle:
self.write(filehandle) self.write(filehandle)
@ -141,6 +152,7 @@ class AuthzConfigParser(configparser.ConfigParser):
for group, acl in GROUP_DEFAULTS.items(): for group, acl in GROUP_DEFAULTS.items():
self.set(journal_path, "@" + group, acl) self.set(journal_path, "@" + group, acl)
self._update_user_group_config() self._update_user_group_config()
return self.elab_users[username]
def move_user_to_alumni(self, name): def move_user_to_alumni(self, name):
"""moves a user to the alumni group and removes the acl privileges""" """moves a user to the alumni group and removes the acl privileges"""
@ -151,6 +163,7 @@ class AuthzConfigParser(configparser.ConfigParser):
for access_to in user.read_acl: for access_to in user.read_acl:
self.remove_option(access_to + SVN_SUFFIX, user.name) self.remove_option(access_to + SVN_SUFFIX, user.name)
self._update_user_group_config() self._update_user_group_config()
return user
def _update_user_group_config(self): def _update_user_group_config(self):
"""updates the config settings of the groups section""" """updates the config settings of the groups section"""

8
elab_users/constants.py
Unescape View File

@ -1,9 +1,5 @@
from pathlib import Path AUTHZ_FILE_NAME = "authz"
HTPWD_FILE_NAME = ".htpasswd"
MOUNT_PATH = Path("/mnt") / "nfs-data-store-1" / "drive"
REPO_PATH = MOUNT_PATH / "svn-repository"
AUTHZ_PATH = REPO_PATH / "authz"
HTPWD_PATH = REPO_PATH / ".htpasswd"
ADMINS = "administrators" ADMINS = "administrators"
USERS = "users" USERS = "users"

140
manage_scrap.py
Unescape View File

@ -1,140 +0,0 @@
#!/usr/bin/python
# imports of modules
import optparse
import subprocess
import sys
if __name__ == "__main__":
# create configparser instance
config = AuthzConfigParser()
# read config file
config.read(AUTHZ_PATH)
# command line interface:
# no option: display info
# -g display users in a group
# -a add regular user
# -r add restricted user
# -m move to alumni
# -p reset user password
parser = optparse.OptionParser(
usage="usage: %prog [option] name",
description="shows and manipulates svn access rights",
epilog="to grant a restricted user access to another folder, you have to carefully edit the authz file")
parser.add_option("-g", "--groupinfo", action="store_const", dest="what",
const="g", help="display users in a group")
parser.add_option("-a", "--add", action="store_const", dest="what",
const="a", help="add a regular user")
parser.add_option("-r", "--restricted", action="store_const", dest="what",
const="r", help="add a restricted user")
parser.add_option("-m", "--move", action="store_const", dest="what",
const="m", help="move a user to alumni")
parser.add_option("-p", "--password", action="store_const", dest="what",
const="p", help="reset a user password")
options, args = parser.parse_args()
if len(args)==0:
# no arguments? then display all the users!
groups = config.group_users()
for name, usernames in groups.items():
print "Users in group '%s':" % name
for name in sorted(usernames):
print " " + name
sys.exit()
if len(args)>1:
# more than one usename? not here, john boy
sys.exit("please provide only one name")
name = args[0]
if options.what == "g":
# show group information
groups = config.group_users()
if name not in groups:
sys.exit("Group not found")
print "Users in group '%s':" % name
for usernamename in sorted(groups[name]):
print " " + usernamename
sys.exit()
if options.what in ("a", "r"):
# add a user, restricted or regular
if name in config.elab_users:
sys.exit("Username '%s' already in use" % name)
group = RESTRICTED if options.what == "r" else USERS
config.add_journal_acl_for(name, group)
create_new_repository(name)
#subprocess.check_call(SVN_DIR_CREATOR + " " + name, shell=True)
password = set_new_password(name)
print "New password for :"
print "username: " + name
print "password: " + password
print "url: https://svn.cpi.imtek.uni-freiburg.de/" + name
config.write_to_file()
sys.exit()
# from here downwards we need already existent usernames
if name not in config.elab_users:
sys.exit("User '%s' not found, use this without a name to get a list of users." % name)
if options.what == "m":
# move user to alumni
user = config.elab_users[name]
if user.group == ALUMNI:
sys.exit("User '%s' is already in group '%s'" % (name, ALUMNI))
if user.group == ADMINS:
sys.exit("User '%s' is in group '%s', will not moved to '%s'" % (name, ADMINS, ALUMNI))
config.move_user_to_alumni(name)
config.write_to_file()
delete_password(name)
sys.exit()
if options.what == "p":
# reset a password
password = set_new_password(name)
print "New password for :"
print "username: " + name
print "password: " + password
sys.exit()
# no option, just a name:
user = config.elab_users[name]
print "User %s is in group '%s':" % (name, user.group)
# print the write acls for a user
if user.group == ADMINS:
print " Write access is granted to all journals."
elif user.write_acl:
write_acl = [ username + SVN_SUFFIX for username in user.write_acl ]
print " Write access is granted to '%s'. " % "', '".join(write_acl)
else:
print " Write access is NOT granted to any journals"
# print the read acls for a user
if user.group == ADMINS:
print " Read access is granted to all journals."
elif user.group == USERS:
print " Read access is granted to (nearly) all journals."
elif user.read_acl:
read_acl = [ username + SVN_SUFFIX for username in user.read_acl ]
print " Read access is granted to '%s'. " % "', '".join(read_acl)
else:
print " Read access is NOT granted to any journals"
info = config.get_journal_info(name)
# print the write acls for a journal
print "Labjournal %s%s" % (name, SVN_SUFFIX)
if info[WRITE_ACL]:
print " Write access granted to: " + ", ".join(info[WRITE_ACL])
else:
print " No write access granted to anybody"
# print the read acls for a journal
if info[READ_ACL]:
print " Read access granted to: " + ", ".join(info[READ_ACL])
else:
print " No read access granted to anybody"

3
pyproject.toml
Unescape View File

@ -46,6 +46,9 @@ dev = [
"pre-commit", "pre-commit",
] ]
[tool.flit.scripts]
elab-users = "elab_users:main"
[tool.black] [tool.black]
line-length = 79 line-length = 79
py37 = true py37 = true

Write Preview
Loading…
Cancel
Save