Attachment 8867 Details for Bug 44350 – squashed patch

[patch] squashed patch

44351.patch (text/plain), 6.91 KB, created by Florian Best on 2017-05-22 15:38:07 CEST

(hide)

Description:

Filename:

MIME Type:

Creator: Florian Best

Created: 2017-05-22 15:38:07 CEST

Size: 6.91 KB

patch

obsolete

>diff --git a/ucs-school-umc-groups/umc/python/schoolgroups/__init__.py b/ucs-school-umc-groups/umc/python/schoolgroups/__init__.py
>index 00fb153..32b7c05 100644
>--- a/ucs-school-umc-groups/umc/python/schoolgroups/__init__.py
>+++ b/ucs-school-umc-groups/umc/python/schoolgroups/__init__.py
>@@ -4,7 +4,7 @@
> # Univention Management Console module:
> #   Administration of groups
> #
>-# Copyright 2012-2016 Univention GmbH
>+# Copyright 2012-2017 Univention GmbH
> #
> # http://www.univention.de/
> #
>@@ -119,15 +119,20 @@ def get(self, request, ldap_user_read=None, ldap_position=None):
> 			result['classes'] = [{'id': class_.dn, 'label': class_.get_relative_name()} for class_ in classes]
> 			self.finished(request.id, [result])
> 			return
>+		result['members'] = self._filter_members(request, group, result.pop('users', []), ldap_user_read)
> 
>+		self.finished(request.id, [result, ])
>+
>+	@staticmethod
>+	def _filter_members(request, group, users, ldap_user_read=None):
> 		members = []
>-		for member_dn in result.pop('users', []):
>+		for member_dn in users:
> 			try:
> 				user = User.from_dn(member_dn, None, ldap_user_read)
> 			except udm_exceptions.noObject:
> 				MODULE.process('Could not open (foreign) user %r: no permissions/does not exists/not a user' % (member_dn,))
> 				continue
>-			if not user.schools or not set(user.schools) & set([group.school]):
>+			if not user.schools or not set(user.schools) & {group.school}:
> 				continue
> 			if request.flavor == 'class' and not user.is_teacher(ldap_user_read):
> 				continue  # only display teachers
>@@ -136,9 +141,7 @@ def get(self, request, ldap_user_read=None, ldap_position=None):
> 			elif request.flavor == 'workgroup-admin' and not user.is_student(ldap_user_read) and not user.is_administrator(ldap_user_read) and not user.is_staff(ldap_user_read) and not user.is_teacher(ldap_user_read):
> 				continue  # only display school users
> 			members.append({'id': user.dn, 'label': Display.user(user.get_udm_object(ldap_user_read))})
>-		result['members'] = members
>-
>-		self.finished(request.id, [result, ])
>+		return members
> 
> 	@sanitize(DictSanitizer(dict(object=DictSanitizer({}, required=True))))
> 	@LDAP_Connection(USER_READ, MACHINE_WRITE)
>@@ -155,23 +158,27 @@ def put(self, request, ldap_machine_write=None, ldap_user_read=None, ldap_positi
> 			return self.add_teacher_to_classes(request)
> 
> 		klass = get_group_class(request)
>-		for group in request.options:
>-			group = group['object']
>-			group_dn = group['$dn$']
>+		for group_from_umc in request.options:
>+			group_from_umc = group_from_umc['object']
>+			group_from_umc_dn = group_from_umc['$dn$']
> 			break
> 
> 		try:
>-			grp = klass.from_dn(group_dn, None, ldap_machine_write)
>+			group_from_ldap = klass.from_dn(group_from_umc_dn, None, ldap_machine_write)
> 		except udm_exceptions.noObject:
> 			raise UMC_Error('unknown group object')
> 
>-		MODULE.info('Modifying group "%s" with members: %s' % (grp.dn, grp.users))
>-		MODULE.info('New members: %s' % group['members'])
>+		old_members = self._filter_members(request, group_from_ldap, group_from_ldap.users, ldap_user_read)
>+		removed_members = set(o['id'] for o in old_members) - set(group_from_umc['members'])
>+
>+		MODULE.info('Modifying group "%s" with members: %s' % (group_from_ldap.dn, group_from_ldap.users))
>+		MODULE.info('New members: %s' % group_from_umc['members'])
>+		MODULE.info('Removed members: %s' % (removed_members,))
> 
> 		if request.flavor == 'workgroup-admin':
> 			# do not allow groups to be renamed in order to avoid conflicts with shares
> 			# grp.name = '%(school)s-%(name)s' % group
>-			grp.description = group['description']
>+			group_from_ldap.description = group_from_umc['description']
> 
> 		# Workgroup admin view â update teachers, admins, students, (staff)
> 		# Class view â update only the group's teachers (keep all non teachers)
>@@ -179,41 +186,41 @@ def put(self, request, ldap_machine_write=None, ldap_user_read=None, ldap_positi
> 
> 		users = []
> 		# keep specific users from the group
>-		for userdn in grp.users:
>+		for userdn in group_from_ldap.users:
> 			try:
> 				user = User.from_dn(userdn, None, ldap_machine_write)
> 			except udm_exceptions.noObject:  # no permissions/is not a user/does not exists â keep the old value
> 				users.append(userdn)
> 				continue
>-			if not user.schools or not set(user.schools) & set([grp.school]):
>+			if not user.schools or not set(user.schools) & set([group_from_ldap.school]):
> 				users.append(userdn)
> 				continue
> 			if (request.flavor == 'class' and not user.is_teacher(ldap_machine_write)) or (request.flavor == 'workgroup' and not user.is_student(ldap_machine_write)) or request.flavor == 'workgroup-admin':
> 				users.append(userdn)
> 
> 		# add only certain users to the group
>-		for userdn in group['members']:
>+		for userdn in group_from_umc['members']:
> 			try:
> 				user = User.from_dn(userdn, None, ldap_machine_write)
> 			except udm_exceptions.noObject as exc:
> 				MODULE.error('Not adding not existing user %r to group: %r.' % (userdn, exc))
> 				continue
>-			if not user.schools or not set(user.schools) & set([grp.school]):
>-				raise UMC_Error(_('User %s does not belong to school %r.') % (Display.user(user.get_udm_object(ldap_machine_write)), grp.school))
>+			if not user.schools or not set(user.schools) & set([group_from_ldap.school]):
>+				raise UMC_Error(_('User %s does not belong to school %r.') % (Display.user(user.get_udm_object(ldap_machine_write)), group_from_ldap.school))
> 			if request.flavor == 'workgroup-admin' and not user.is_student(ldap_machine_write) and not user.is_administrator(ldap_machine_write) and not user.is_staff(ldap_machine_write) and not user.is_teacher(ldap_machine_write):
>-				raise UMC_Error(_('User %s does not belong to school %r.') % (Display.user(user.get_udm_object(ldap_machine_write)), grp.school))
>+				raise UMC_Error(_('User %s does not belong to school %r.') % (Display.user(user.get_udm_object(ldap_machine_write)), group_from_ldap.school))
> 			if request.flavor == 'class' and not user.is_teacher(ldap_machine_write):
> 				raise UMC_Error(_('User %s is not a teacher.') % (Display.user(user.get_udm_object(ldap_machine_write)),))
> 			if request.flavor == 'workgroup' and not user.is_student(ldap_machine_write):
> 				raise UMC_Error(_('User %s is not a student.') % (Display.user(user.get_udm_object(ldap_machine_write)),))
> 			users.append(user.dn)
> 
>-		grp.users = list(set(users))
>+		group_from_ldap.users = list(set(users) - removed_members)
> 		try:
>-			success = grp.modify(ldap_machine_write)
>-			MODULE.info('Modified, group has now members: %s' % (grp.users,))
>+			success = group_from_ldap.modify(ldap_machine_write)
>+			MODULE.info('Modified, group has now members: %s' % (group_from_ldap.users,))
> 		except udm_exceptions.base as exc:
>-			MODULE.process('An error occurred while modifying "%s": %s' % (group['$dn$'], exc.message))
>+			MODULE.process('An error occurred while modifying "%s": %s' % (group_from_umc['$dn$'], exc.message))
> 			raise UMC_Error(_('Failed to modify group (%s).') % exc.message)
> 
> 		self.finished(request.id, success)

Actions: View | Diff

Attachments on bug 44350: 8835 | 8867