EDUCATIC
/
digitaldemocratic
mirror of https://gitlab.com/digitaldemocratic/digitaldemocratic
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge branch 'feature/internal-admin-api' into 'develop' 

Added filter for roles and groups

See merge request isard/isard-sso!42
Josep Maria Viñolas Auquer 2021-08-24 10:02:55 +00:00
parent 31d994d917 5048236e4e
commit d984ace2da
4 changed files with 48 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
admin/src/admin/lib/admin.py
View File

@ -93,13 +93,17 @@ class Admin():
### User admin in group admin ### User admin in group admin
try: try:
log.warning('KEYCLOAK: Adding group admin and user admin to this group') log.warning('KEYCLOAK: Adding group admin and user admin to this group')
self.keycloak.add_group('admin') admin_guid=self.keycloak.add_group('admin')
## Add default admin user to group admin (for nextcloud, just in case we go there) except:
admin_uid=self.keycloak_admin.get_user_id('admin') pass
self.keycloak_admin.group_user_add(admin_uid,gid) admin_guid=self.keycloak.get_group_by_path(path='/admin')['id']
try:
## Add default admin user to group admin
admin_uid=self.keycloak.get_user_id('admin')
self.keycloak.group_user_add(admin_uid,admin_guid)
log.warning('KEYCLOAK: OK') log.warning('KEYCLOAK: OK')
except: except:
# print(traceback.format_exc()) print(traceback.format_exc())
log.warning('KEYCLOAK: Seems to be there already') log.warning('KEYCLOAK: Seems to be there already')
#### Add default groups #### Add default groups

5
admin/src/admin/lib/nextcloud.py
View File

@ -29,7 +29,10 @@ class Nextcloud():
def _request(self,method,url,data={},headers={'OCS-APIRequest':'true'},auth=False): def _request(self,method,url,data={},headers={'OCS-APIRequest':'true'},auth=False):
if auth == False: auth=self.auth if auth == False: auth=self.auth
try: try:
return requests.request(method, url, data=data, auth=auth, verify=self.verify_cert, headers=headers).text response = requests.request(method, url, data=data, auth=auth, verify=self.verify_cert, headers=headers)
if 'meta' in response.text:
if '<statuscode>997</statuscode>' in response.text: raise ProviderUnauthorized
return response.text
## At least the ProviderSslError is not being catched or not raised correctly ## At least the ProviderSslError is not being catched or not raised correctly
except requests.exceptions.HTTPError as errh: except requests.exceptions.HTTPError as errh:

3
admin/src/admin/lib/nextcloud_exc.py
View File

@ -1,5 +1,8 @@
#!/usr/bin/env python #!/usr/bin/env python
# coding=utf-8 # coding=utf-8
class ProviderUnauthorized(Exception):
pass
class ProviderConnError(Exception): class ProviderConnError(Exception):
pass pass

38
admin/src/admin/views/InternalViews.py
View File

@ -28,11 +28,7 @@ def internal_users_search():
if request.method == 'POST': if request.method == 'POST':
data=request.get_json(force=True) data=request.get_json(force=True)
users = app.admin.get_mix_users() users = app.admin.get_mix_users()
result = [user_parser(user) for user in users result = [user_parser(user) for user in filter_users(users, data['text'])]
if data['text'] in user['username'] or
data['text'] in user['first'] or
data['text'] in user['last'] or
data['text'] in user['email']]
sorted_result = sorted(result, key=lambda k: k['id']) sorted_result = sorted(result, key=lambda k: k['id'])
return json.dumps(sorted_result), 200, {'Content-Type': 'application/json'} return json.dumps(sorted_result), 200, {'Content-Type': 'application/json'}
@ -59,8 +55,12 @@ def internal_group_users():
users=[] users=[]
for user in sorted_users: for user in sorted_users:
if data['path'] not in user['keycloak_groups'] or not user['enabled']: continue if data['path'] not in user['keycloak_groups'] or not user['enabled']: continue
users.append(user_parser(user)) users.append(user)
return json.dumps(users), 200, {'Content-Type': 'application/json'} if data.get('text',False) and data['text'] != '':
result = [user_parser(user) for user in filter_users(users, data['text'])]
else:
result = [user_parser(user) for user in users]
return json.dumps(result), 200, {'Content-Type': 'application/json'}
@app.route('/api/internal/roles', methods=['GET']) @app.route('/api/internal/roles', methods=['GET'])
@is_internal @is_internal
@ -74,6 +74,23 @@ def internal_roles():
'description':role.get('description','')}) 'description':role.get('description','')})
return json.dumps(roles), 200, {'Content-Type': 'application/json'} return json.dumps(roles), 200, {'Content-Type': 'application/json'}
@app.route('/api/internal/role/users', methods=['POST'])
@is_internal
def internal_role_users():
if request.method == 'POST':
data=request.get_json(force=True)
sorted_users = sorted(app.admin.get_mix_users(), key=lambda k: k['username'])
# group_users = [user for user in sorted_users if data['path'] in user['keycloak_groups']]
users=[]
for user in sorted_users:
if data['role'] not in user['roles'] or not user['enabled']: continue
users.append(user)
if data.get('text',False) and data['text'] != '':
result = [user_parser(user) for user in filter_users(users, data['text'])]
else:
result = [user_parser(user) for user in users]
return json.dumps(result), 200, {'Content-Type': 'application/json'}
def user_parser(user): def user_parser(user):
return {'id':user['username'], return {'id':user['username'],
'first':user['first'], 'first':user['first'],
@ -81,3 +98,10 @@ def user_parser(user):
'role':user['roles'][0] if len(user['roles']) else None, 'role':user['roles'][0] if len(user['roles']) else None,
'email':user['email'], 'email':user['email'],
'groups':user['keycloak_groups']} 'groups':user['keycloak_groups']}
def filter_users(users, text):
return [user for user in users
if text in user['username'] or
text in user['first'] or
text in user['last'] or
text in user['email']]