Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
U
uffd
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Wiki
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Package registry
Container Registry
Model registry
Operate
Environments
Terraform modules
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Terms and privacy
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
rixx
uffd
Commits
4a4a3c7c
Commit
4a4a3c7c
authored
4 years ago
by
Julian
Committed by
nd
4 years ago
Browse files
Options
Downloads
Patches
Plain Diff
Added cli command "roles-update-all"
parent
f193197e
No related branches found
Branches containing commit
No related tags found
No related merge requests found
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
uffd/role/models.py
+11
-2
11 additions, 2 deletions
uffd/role/models.py
uffd/role/views.py
+28
-1
28 additions, 1 deletion
uffd/role/views.py
with
39 additions
and
3 deletions
uffd/role/models.py
+
11
−
2
View file @
4a4a3c7c
...
...
@@ -24,9 +24,18 @@ class RoleUser(LdapMapping, db.Model):
__tablename__
=
'
role-user
'
def
update_user_groups
(
user
):
user
.
groups
.
clear
()
current_groups
=
set
(
user
.
groups
)
groups
=
set
()
for
role
in
user
.
roles
:
user
.
groups
.
update
(
role
.
groups
)
groups
.
update
(
role
.
groups
)
if
groups
==
current_groups
:
return
set
(),
set
()
groups_added
=
groups
-
current_groups
groups_removed
=
current_groups
-
groups
for
group
in
groups_removed
:
user
.
groups
.
discard
(
group
)
user
.
groups
.
update
(
groups_added
)
return
groups_added
,
groups_removed
User
.
update_groups
=
update_user_groups
...
...
This diff is collapsed.
Click to expand it.
uffd/role/views.py
+
28
−
1
View file @
4a4a3c7c
import
sys
from
flask
import
Blueprint
,
render_template
,
request
,
url_for
,
redirect
,
flash
,
current_app
import
click
from
uffd.navbar
import
register_navbar
from
uffd.csrf
import
csrf_protect
from
uffd.role.models
import
Role
from
uffd.user.models
import
Group
from
uffd.user.models
import
User
,
Group
from
uffd.session
import
get_current_user
,
login_required
,
is_valid_session
from
uffd.database
import
db
from
uffd.ldap
import
ldap
bp
=
Blueprint
(
"
role
"
,
__name__
,
template_folder
=
'
templates
'
,
url_prefix
=
'
/role/
'
)
@bp.record
def
add_cli_commands
(
state
):
@state.app.cli.command
(
'
roles-update-all
'
,
help
=
'
Update group memberships for all users based on their roles
'
)
@click.option
(
'
--check-only
'
,
is_flag
=
True
)
def
roles_update_all
(
check_only
):
#pylint: disable=unused-variable
consistent
=
True
with
current_app
.
test_request_context
():
for
user
in
User
.
query
.
all
():
groups_added
,
groups_removed
=
user
.
update_groups
()
if
groups_added
:
consistent
=
False
print
(
'
Adding groups [%s] to user %s
'
%
(
'
,
'
.
join
([
group
.
name
for
group
in
groups_added
]),
user
.
dn
))
if
groups_removed
:
consistent
=
False
print
(
'
Removing groups [%s] from user %s
'
%
(
'
,
'
.
join
([
group
.
name
for
group
in
groups_removed
]),
user
.
dn
))
if
not
check_only
:
ldap
.
session
.
commit
()
if
check_only
and
not
consistent
:
print
(
'
No changes were made because --check-only is set
'
)
print
()
print
(
'
Error: LDAP groups are not consistent with roles in database
'
)
sys
.
exit
(
1
)
@bp.before_request
@login_required
()
def
role_acl
():
#pylint: disable=inconsistent-return-statements
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
