From 5048236e4ec6a7f45e55f5243534d7a491282511 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 24 Aug 2021 12:01:42 +0200 Subject: [PATCH] Added filter for roles and groups --- admin/src/admin/lib/admin.py | 16 +++++++---- admin/src/admin/lib/nextcloud.py | 5 +++- admin/src/admin/lib/nextcloud_exc.py | 3 ++ admin/src/admin/views/InternalViews.py | 38 +++++++++++++++++++++----- 4 files changed, 48 insertions(+), 14 deletions(-) diff --git a/admin/src/admin/lib/admin.py b/admin/src/admin/lib/admin.py index d98114e..41fa9c7 100644 --- a/admin/src/admin/lib/admin.py +++ b/admin/src/admin/lib/admin.py @@ -93,13 +93,17 @@ class Admin(): ### User admin in group admin try: log.warning('KEYCLOAK: Adding group admin and user admin to this group') - self.keycloak.add_group('admin') - ## Add default admin user to group admin (for nextcloud, just in case we go there) - admin_uid=self.keycloak_admin.get_user_id('admin') - self.keycloak_admin.group_user_add(admin_uid,gid) + admin_guid=self.keycloak.add_group('admin') + except: + pass + admin_guid=self.keycloak.get_group_by_path(path='/admin')['id'] + try: + ## Add default admin user to group admin + admin_uid=self.keycloak.get_user_id('admin') + self.keycloak.group_user_add(admin_uid,admin_guid) log.warning('KEYCLOAK: OK') except: - # print(traceback.format_exc()) + print(traceback.format_exc()) log.warning('KEYCLOAK: Seems to be there already') #### Add default groups @@ -812,4 +816,4 @@ class Admin(): return True def get_user(self,userid): - return [u for u in self.internal['users'] if u['id']==userid][0] \ No newline at end of file + return [u for u in self.internal['users'] if u['id']==userid][0] diff --git a/admin/src/admin/lib/nextcloud.py b/admin/src/admin/lib/nextcloud.py index c3bab4d..65677d7 100644 --- a/admin/src/admin/lib/nextcloud.py +++ b/admin/src/admin/lib/nextcloud.py @@ -29,7 +29,10 @@ class Nextcloud(): def _request(self,method,url,data={},headers={'OCS-APIRequest':'true'},auth=False): if auth == False: auth=self.auth try: - return requests.request(method, url, data=data, auth=auth, verify=self.verify_cert, headers=headers).text + response = requests.request(method, url, data=data, auth=auth, verify=self.verify_cert, headers=headers) + if 'meta' in response.text: + if '997' in response.text: raise ProviderUnauthorized + return response.text ## At least the ProviderSslError is not being catched or not raised correctly except requests.exceptions.HTTPError as errh: diff --git a/admin/src/admin/lib/nextcloud_exc.py b/admin/src/admin/lib/nextcloud_exc.py index 32baf33..827e93f 100644 --- a/admin/src/admin/lib/nextcloud_exc.py +++ b/admin/src/admin/lib/nextcloud_exc.py @@ -1,5 +1,8 @@ #!/usr/bin/env python # coding=utf-8 +class ProviderUnauthorized(Exception): + pass + class ProviderConnError(Exception): pass diff --git a/admin/src/admin/views/InternalViews.py b/admin/src/admin/views/InternalViews.py index f33fd63..c9916d9 100644 --- a/admin/src/admin/views/InternalViews.py +++ b/admin/src/admin/views/InternalViews.py @@ -28,11 +28,7 @@ def internal_users_search(): if request.method == 'POST': data=request.get_json(force=True) users = app.admin.get_mix_users() - result = [user_parser(user) for user in users - if data['text'] in user['username'] or - data['text'] in user['first'] or - data['text'] in user['last'] or - data['text'] in user['email']] + result = [user_parser(user) for user in filter_users(users, data['text'])] sorted_result = sorted(result, key=lambda k: k['id']) return json.dumps(sorted_result), 200, {'Content-Type': 'application/json'} @@ -59,8 +55,12 @@ def internal_group_users(): users=[] for user in sorted_users: if data['path'] not in user['keycloak_groups'] or not user['enabled']: continue - users.append(user_parser(user)) - return json.dumps(users), 200, {'Content-Type': 'application/json'} + users.append(user) + if data.get('text',False) and data['text'] != '': + result = [user_parser(user) for user in filter_users(users, data['text'])] + else: + result = [user_parser(user) for user in users] + return json.dumps(result), 200, {'Content-Type': 'application/json'} @app.route('/api/internal/roles', methods=['GET']) @is_internal @@ -74,6 +74,23 @@ def internal_roles(): 'description':role.get('description','')}) return json.dumps(roles), 200, {'Content-Type': 'application/json'} +@app.route('/api/internal/role/users', methods=['POST']) +@is_internal +def internal_role_users(): + if request.method == 'POST': + data=request.get_json(force=True) + sorted_users = sorted(app.admin.get_mix_users(), key=lambda k: k['username']) + # group_users = [user for user in sorted_users if data['path'] in user['keycloak_groups']] + users=[] + for user in sorted_users: + if data['role'] not in user['roles'] or not user['enabled']: continue + users.append(user) + if data.get('text',False) and data['text'] != '': + result = [user_parser(user) for user in filter_users(users, data['text'])] + else: + result = [user_parser(user) for user in users] + return json.dumps(result), 200, {'Content-Type': 'application/json'} + def user_parser(user): return {'id':user['username'], 'first':user['first'], @@ -81,3 +98,10 @@ def user_parser(user): 'role':user['roles'][0] if len(user['roles']) else None, 'email':user['email'], 'groups':user['keycloak_groups']} + +def filter_users(users, text): + return [user for user in users + if text in user['username'] or + text in user['first'] or + text in user['last'] or + text in user['email']] \ No newline at end of file