Attachment 10555 Details for Bug 52361 – WIP patch

[patch] WIP patch

0050fc80d49ae43d1e82b38a24ecc22010e7a4ee.patch (text/plain), 3.55 KB, created by Florian Best on 2020-11-13 12:42:43 CET

(hide)

Description:

Filename:

MIME Type:

Creator: Florian Best

Created: 2020-11-13 12:42:43 CET

Size: 3.55 KB

patch

obsolete

>From 0050fc80d49ae43d1e82b38a24ecc22010e7a4ee Mon Sep 17 00:00:00 2001
>From: Florian Best <best@univention.de>
>Date: Mon, 13 Jul 2020 19:34:05 +0200
>Subject: [PATCH] WIP:acl-reload
>
>---
> .../src/univention/management/console/acl.py  | 14 +++++++----
> .../management/console/protocol/session.py    | 23 ++++++++-----------
> 2 files changed, 19 insertions(+), 18 deletions(-)
>
>diff --git a/management/univention-management-console/src/univention/management/console/acl.py b/management/univention-management-console/src/univention/management/console/acl.py
>index 0fe9efc0c7..e90eeca9a9 100644
>--- a/management/univention-management-console/src/univention/management/console/acl.py
>+++ b/management/univention-management-console/src/univention/management/console/acl.py
>@@ -138,12 +138,13 @@ class ACLs(object):
> 
> 	def __init__(self, ldap_base=None, acls=None):
> 		self.__ldap_base = ldap_base
>-		# the main acl dict
>-		if acls is None:
>-			self.acls = []
>-		else:
>+		self.reload()
>+		if acls:
> 			self.acls = [Rule(x) for x in acls]
> 
>+	def reload(self):
>+		self.acls = []
>+
> 	def _expand_hostlist(self, hostlist):
> 		hosts = []
> 		if self.__ldap_base is None:
>@@ -359,9 +360,12 @@ class LDAP_ACLs(ACLs):
> 	FROM_GROUP = False
> 
> 	def __init__(self, lo, username, ldap_base):
>-		ACLs.__init__(self, ldap_base)
> 		self.lo = lo
> 		self.username = username
>+		ACLs.__init__(self, ldap_base)
>+
>+	def reload(self):
>+		super(LDAP_ACLs, self).reload()
> 
> 		if self.lo:
> 			self._read_from_ldap()
>diff --git a/management/univention-management-console/src/univention/management/console/protocol/session.py b/management/univention-management-console/src/univention/management/console/protocol/session.py
>index 0a88365883..62c37f26eb 100644
>--- a/management/univention-management-console/src/univention/management/console/protocol/session.py
>+++ b/management/univention-management-console/src/univention/management/console/protocol/session.py
>@@ -173,20 +173,19 @@ class ProcessorBase(Base):
> 		self._password = password
> 		self.auth_type = auth_type
> 		self._search_user_dn()
>-		self._reload_acls_and_permitted_commands()
>+		try:
>+			if self.acls is None:
>+				self.acls = LDAP_ACLs(self.lo, self._username, ucr['ldap/base'])
>+			self._reload_acls_and_permitted_commands()
>+		except (ldap.LDAPError, udm_errors.ldapError):
>+			reset_ldap_connection_cache(self.lo)
>+			raise
> 		self.update_module_passwords()
> 
> 	def _reload_acls_and_permitted_commands(self):
>-		self._reload_acls()
>+		self.acls.reload()
> 		self.__command_list = moduleManager.permitted_commands(ucr['hostname'], self.acls)
> 
>-	def _reload_acls(self):
>-		try:
>-			self.acls = LDAP_ACLs(self.lo, self._username, ucr['ldap/base'])
>-		except (ldap.LDAPError, udm_errors.ldapError):
>-			reset_ldap_connection_cache()
>-			raise
>-
> 	def _reload_i18n(self):
> 		self.i18n.set_locale(str(self.i18n.locale))
> 
>@@ -931,16 +930,14 @@ class SessionHandler(ProcessorBase):
> 		self.authenticated = False
> 		self.__credentials = None
> 		self.__locale = None
>+		# All unauthenticated requests are passed here. We need to set empty ACL's
>+		self.acls = ACLs()
> 		self._reload_acls_and_permitted_commands()
> 
> 	def has_active_module_processes(self):
> 		if self.processor:
> 			return self.processor._ProcessorBase__processes
> 
>-	def _reload_acls(self):
>-		"""All unauthenticated requests are passed here. We need to set empty ACL's"""
>-		self.acls = ACLs()
>-
> 	def error_handling(self, etype, exc, etraceback):
> 		super(SessionHandler, self).error_handling(etype, exc, etraceback)
> 		# make sure that the UMC login dialog is shown if e.g. restarting the UMC-Server during active sessions
>-- 
>GitLab
>

Actions: View | Diff

Attachments on bug 52361: 10555