Merge branch 'feature/internal-admin-api' into 'develop'

Added filter for roles and groups See merge request isard/isard-sso!42
2021-08-24 10:02:55 +00:00 · 2021-08-24 10:02:55 +00:00 · d984ace2da
parent 31d994d917 5048236e4e
commit d984ace2da
4 changed files with 48 additions and 14 deletions
--- a/admin/src/admin/lib/admin.py
+++ b/admin/src/admin/lib/admin.py
@ -93,13 +93,17 @@ class Admin():
        ### User admin in group admin
        try:
            log.warning('KEYCLOAK: Adding group admin and user admin to this group')
-            self.keycloak.add_group('admin')
-            ## Add default admin user to group admin (for nextcloud, just in case we go there)
-            admin_uid=self.keycloak_admin.get_user_id('admin')
-            self.keycloak_admin.group_user_add(admin_uid,gid)
+            admin_guid=self.keycloak.add_group('admin')
+        except:
+            pass
+        admin_guid=self.keycloak.get_group_by_path(path='/admin')['id']
+        try:
+            ## Add default admin user to group admin 
+            admin_uid=self.keycloak.get_user_id('admin')
+            self.keycloak.group_user_add(admin_uid,admin_guid)
            log.warning('KEYCLOAK: OK')
        except:
-            # print(traceback.format_exc())
+            print(traceback.format_exc())
            log.warning('KEYCLOAK: Seems to be there already')

        #### Add default groups
@ -812,4 +816,4 @@ class Admin():
        return True

    def get_user(self,userid):
-        return [u for u in self.internal['users'] if u['id']==userid][0]
+        return [u for u in self.internal['users'] if u['id']==userid][0]
--- a/admin/src/admin/lib/nextcloud.py
+++ b/admin/src/admin/lib/nextcloud.py
@ -29,7 +29,10 @@ class Nextcloud():
    def _request(self,method,url,data={},headers={'OCS-APIRequest':'true'},auth=False):
        if auth == False: auth=self.auth
        try:
-            return requests.request(method, url, data=data, auth=auth, verify=self.verify_cert, headers=headers).text
+            response = requests.request(method, url, data=data, auth=auth, verify=self.verify_cert, headers=headers)
+            if 'meta' in response.text:
+                if '<statuscode>997</statuscode>' in response.text: raise ProviderUnauthorized
+            return response.text

        ## At least the ProviderSslError is not being catched or not raised correctly
        except requests.exceptions.HTTPError as errh:
--- a/admin/src/admin/lib/nextcloud_exc.py
+++ b/admin/src/admin/lib/nextcloud_exc.py
@ -1,5 +1,8 @@
 #!/usr/bin/env python
 # coding=utf-8
+class ProviderUnauthorized(Exception):
+    pass
+
 class ProviderConnError(Exception):
    pass

--- a/admin/src/admin/views/InternalViews.py
+++ b/admin/src/admin/views/InternalViews.py
@ -28,11 +28,7 @@ def internal_users_search():
    if request.method == 'POST':
        data=request.get_json(force=True)
        users = app.admin.get_mix_users()
-        result = [user_parser(user) for user in users 
-                    if data['text'] in user['username'] or
-                    data['text'] in user['first'] or
-                    data['text'] in user['last'] or
-                    data['text'] in user['email']]
+        result = [user_parser(user) for user in filter_users(users, data['text'])]
        sorted_result = sorted(result, key=lambda k: k['id'])
        return json.dumps(sorted_result), 200, {'Content-Type': 'application/json'}

@ -59,8 +55,12 @@ def internal_group_users():
        users=[]
        for user in sorted_users:
            if data['path'] not in user['keycloak_groups'] or not user['enabled']: continue
-            users.append(user_parser(user))
-        return json.dumps(users), 200, {'Content-Type': 'application/json'}
+            users.append(user)
+        if data.get('text',False) and data['text'] != '':
+            result = [user_parser(user) for user in filter_users(users, data['text'])]
+        else:
+            result = [user_parser(user) for user in users]
+        return json.dumps(result), 200, {'Content-Type': 'application/json'}

@app.route('/api/internal/roles', methods=['GET'])
@is_internal
@ -74,6 +74,23 @@ def internal_roles():
                            'description':role.get('description','')})
        return json.dumps(roles), 200, {'Content-Type': 'application/json'}

+@app.route('/api/internal/role/users', methods=['POST'])
+@is_internal
+def internal_role_users():
+    if request.method == 'POST':
+        data=request.get_json(force=True)
+        sorted_users = sorted(app.admin.get_mix_users(), key=lambda k: k['username'])
+        # group_users = [user for user in sorted_users if data['path'] in user['keycloak_groups']]
+        users=[]
+        for user in sorted_users:
+            if data['role'] not in user['roles'] or not user['enabled']: continue
+            users.append(user)
+        if data.get('text',False) and data['text'] != '':
+            result = [user_parser(user) for user in filter_users(users, data['text'])]
+        else:
+            result = [user_parser(user) for user in users]
+        return json.dumps(result), 200, {'Content-Type': 'application/json'}
+
 def user_parser(user):
    return {'id':user['username'],
                    'first':user['first'],
@ -81,3 +98,10 @@ def user_parser(user):
                    'role':user['roles'][0] if len(user['roles']) else None,
                    'email':user['email'],
                    'groups':user['keycloak_groups']}
+
+def filter_users(users, text):
+    return [user for user in users 
+                if text in user['username'] or
+                text in user['first'] or
+                text in user['last'] or
+                text in user['email']]