From 0050fc80d49ae43d1e82b38a24ecc22010e7a4ee Mon Sep 17 00:00:00 2001 From: Florian Best Date: Mon, 13 Jul 2020 19:34:05 +0200 Subject: [PATCH] WIP:acl-reload --- .../src/univention/management/console/acl.py | 14 +++++++---- .../management/console/protocol/session.py | 23 ++++++++----------- 2 files changed, 19 insertions(+), 18 deletions(-) diff --git a/management/univention-management-console/src/univention/management/console/acl.py b/management/univention-management-console/src/univention/management/console/acl.py index 0fe9efc0c7..e90eeca9a9 100644 --- a/management/univention-management-console/src/univention/management/console/acl.py +++ b/management/univention-management-console/src/univention/management/console/acl.py @@ -138,12 +138,13 @@ class ACLs(object): def __init__(self, ldap_base=None, acls=None): self.__ldap_base = ldap_base - # the main acl dict - if acls is None: - self.acls = [] - else: + self.reload() + if acls: self.acls = [Rule(x) for x in acls] + def reload(self): + self.acls = [] + def _expand_hostlist(self, hostlist): hosts = [] if self.__ldap_base is None: @@ -359,9 +360,12 @@ class LDAP_ACLs(ACLs): FROM_GROUP = False def __init__(self, lo, username, ldap_base): - ACLs.__init__(self, ldap_base) self.lo = lo self.username = username + ACLs.__init__(self, ldap_base) + + def reload(self): + super(LDAP_ACLs, self).reload() if self.lo: self._read_from_ldap() diff --git a/management/univention-management-console/src/univention/management/console/protocol/session.py b/management/univention-management-console/src/univention/management/console/protocol/session.py index 0a88365883..62c37f26eb 100644 --- a/management/univention-management-console/src/univention/management/console/protocol/session.py +++ b/management/univention-management-console/src/univention/management/console/protocol/session.py @@ -173,20 +173,19 @@ class ProcessorBase(Base): self._password = password self.auth_type = auth_type self._search_user_dn() - self._reload_acls_and_permitted_commands() + try: + if self.acls is None: + self.acls = LDAP_ACLs(self.lo, self._username, ucr['ldap/base']) + self._reload_acls_and_permitted_commands() + except (ldap.LDAPError, udm_errors.ldapError): + reset_ldap_connection_cache(self.lo) + raise self.update_module_passwords() def _reload_acls_and_permitted_commands(self): - self._reload_acls() + self.acls.reload() self.__command_list = moduleManager.permitted_commands(ucr['hostname'], self.acls) - def _reload_acls(self): - try: - self.acls = LDAP_ACLs(self.lo, self._username, ucr['ldap/base']) - except (ldap.LDAPError, udm_errors.ldapError): - reset_ldap_connection_cache() - raise - def _reload_i18n(self): self.i18n.set_locale(str(self.i18n.locale)) @@ -931,16 +930,14 @@ class SessionHandler(ProcessorBase): self.authenticated = False self.__credentials = None self.__locale = None + # All unauthenticated requests are passed here. We need to set empty ACL's + self.acls = ACLs() self._reload_acls_and_permitted_commands() def has_active_module_processes(self): if self.processor: return self.processor._ProcessorBase__processes - def _reload_acls(self): - """All unauthenticated requests are passed here. We need to set empty ACL's""" - self.acls = ACLs() - def error_handling(self, etype, exc, etraceback): super(SessionHandler, self).error_handling(etype, exc, etraceback) # make sure that the UMC login dialog is shown if e.g. restarting the UMC-Server during active sessions -- GitLab