Command line script to manage the cpi lab journal users.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 

204 lines
6.3 KiB

""" Elab Users
Manage elab (svn) users
"""
__version__ = "0.0.1"
import os
import sys
import argparse
import subprocess # noqa: S404
from pathlib import Path
from .authz import AuthzConfigParser
from .constants import (
USERS,
ADMINS,
ALUMNI,
READ_ACL,
WRITE_ACL,
RESTRICTED,
SVN_SUFFIX,
AUTHZ_FILE_NAME,
HTPWD_FILE_NAME,
)
SVN_REPOS_PATH = Path(os.getenv("SVN_REPOS_PATH", default=".")).resolve()
COMMANDS = ["user", "group", "add", "restricted", "retire", "password"]
def get_config(svn_dir=SVN_REPOS_PATH, authz=AUTHZ_FILE_NAME):
authz_path = Path(svn_dir) / authz
if not authz_path.is_file():
sys.exit(f"Could not find authz file at {authz_path}")
return AuthzConfigParser.from_file(authz_path)
def list_users(svn_dir=SVN_REPOS_PATH, authz=AUTHZ_FILE_NAME):
"""list all users"""
config = get_config(svn_dir, authz)
groups = config.group_users()
for name, usernames in groups.items():
print(f"Users in group '{name}':")
for name in sorted(usernames):
print(f" {name}")
def show_group_info(groupname, svn_dir=SVN_REPOS_PATH, authz=AUTHZ_FILE_NAME):
"""show group information"""
config = get_config(svn_dir, authz)
groups = config.group_users()
if groupname not in groups:
sys.exit(f"Group '{groupname}' not found in authz file")
print(f"Users in group '{groupname}':")
for name in sorted(groups[groupname]):
print(f" {name}")
def add_new_user(
username,
group,
svn_dir=SVN_REPOS_PATH,
authz=AUTHZ_FILE_NAME,
htpwd=HTPWD_FILE_NAME,
handler=subprocess,
):
"""add a user, restricted or regular"""
config = get_config(svn_dir, authz)
if username in config.elab_users:
sys.exit(f"Username '{username}' already in use")
if username.lower() in {i.name.lower() for i in svn_dir.iterdir()}:
sys.exit(f"Username '{username}' not allowed")
user = config.add_journal_acl_for(username, group)
user.create_new_repository(svn_dir, handler)
password = user.set_new_password(svn_dir / htpwd, handler=handler)
print("New password for :")
print(f"username: {username}")
print(f"password: {password}")
print(f"url: https://svn.cpi.imtek.uni-freiburg.de/{username}")
config.write_to_file()
def retire_user(
username,
svn_dir=SVN_REPOS_PATH,
authz=AUTHZ_FILE_NAME,
htpwd=HTPWD_FILE_NAME,
handler=subprocess,
):
config = get_config(svn_dir, authz)
if username not in config.elab_users:
sys.exit(f"User {username} not found.")
user = config.elab_users[username]
if user.group == ALUMNI:
sys.exit(f"User '{username}' is already in group '{ALUMNI}'")
if user.group == ADMINS:
sys.exit(
(
f"User '{username}' is in group '{ADMINS}', "
f"will not moved to '{ALUMNI}'"
)
)
config.move_user_to_alumni(username)
config.write_to_file()
user.delete_password(svn_dir / htpwd, handler=handler)
print(f"Moved user {username} to alumni")
def change_password(
username,
svn_dir=SVN_REPOS_PATH,
authz=AUTHZ_FILE_NAME,
htpwd=HTPWD_FILE_NAME,
handler=subprocess,
):
config = get_config(svn_dir, authz)
if username not in config.elab_users:
sys.exit(f"User {username} not found.")
user = config.elab_users[username]
password = user.set_new_password(svn_dir / htpwd, handler=handler)
print("New password for :")
print(f"username: {username}")
print(f"password: {password}")
def show_user_info(username, svn_dir=SVN_REPOS_PATH, authz=AUTHZ_FILE_NAME):
config = get_config(svn_dir, authz)
if username not in config.elab_users:
sys.exit(f"User {username} not found.")
user = config.elab_users[username]
print(f"User {user.name} is in group '{user.group}':")
# print the write acls for a user
if user.group == ADMINS:
print(" Write access is granted to all journals.")
elif user.write_acl:
write_acl = [item + SVN_SUFFIX for item in user.write_acl]
print(" Write access is granted to:", ", ".join(write_acl))
else:
print(" Write access is NOT granted to any journals")
# print the read acls for a user
if user.group == ADMINS:
print(" Read access is granted to all journals.")
elif user.group == USERS:
print(" Read access is granted to (nearly) all journals.")
elif user.read_acl:
read_acl = [item + SVN_SUFFIX for item in user.read_acl]
print(" Read access is granted to:", ", ".join(read_acl))
else:
print(" Read access is NOT granted to any journals")
journal = config.get_journal_info(username)
print(f"Labjournal {username}{SVN_SUFFIX}")
# print the write acls for a journal
if journal[WRITE_ACL]:
print(" Write access granted to:", ", ".join(journal[WRITE_ACL]))
else:
print(" No write access granted to anybody")
# print the read acls for a journal
if journal[READ_ACL]:
print(" Read access granted to:", ", ".join(journal[READ_ACL]))
else:
print(" No read access granted to anybody")
def main(
svn_dir=SVN_REPOS_PATH,
authz=AUTHZ_FILE_NAME,
htpwd=HTPWD_FILE_NAME,
handler=subprocess,
cli_args=None,
):
parser = argparse.ArgumentParser(prog="elab-users")
parser.add_argument(
"command",
nargs="?",
help="one of the commands: [" + ", ".join(COMMANDS) + "]",
)
parser.add_argument(
"name", nargs="?", help="user or group to perform the command on"
)
args = parser.parse_args(cli_args)
if not args.command:
list_users(svn_dir, authz)
elif args.command.lower() not in COMMANDS:
show_user_info(args.command, svn_dir, authz)
elif args.command.lower() == "user":
show_user_info(args.name, svn_dir, authz)
elif args.command.lower() == "group":
show_group_info(args.name, svn_dir, authz)
elif args.command.lower() == "add":
add_new_user(args.name, USERS, svn_dir, authz, htpwd, handler)
elif args.command.lower() == "restricted":
add_new_user(args.name, RESTRICTED, svn_dir, authz, htpwd, handler)
elif args.command.lower() == "retire":
retire_user(args.name, svn_dir, authz, htpwd, handler)
elif args.command.lower() == "password":
change_password(args.name, svn_dir, authz, htpwd, handler)