From 039141422618e42f298df13a4d739f2e3d92b2a4 Mon Sep 17 00:00:00 2001 From: Michael Scherer Date: Sun, 17 Jul 2011 17:38:02 +0000 Subject: add a array to store who was promoted, to pass to template --- lib/CatDap/Controller/admin.pm | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'lib/CatDap/Controller') diff --git a/lib/CatDap/Controller/admin.pm b/lib/CatDap/Controller/admin.pm index 6c93212..352c3b1 100644 --- a/lib/CatDap/Controller/admin.pm +++ b/lib/CatDap/Controller/admin.pm @@ -163,6 +163,7 @@ sub account_promote : Local { $c->assert_user_roles('Account Admins'); $c->stash( subpages => gensubpages('account') ); my @errors; + my @promoted; if ( defined $c->req->param('gid') and defined $c->req->param('username') ) { my $gid = $c->req->param('gid'); @@ -206,6 +207,8 @@ sub account_promote : Local { $idpool->replace( uidNumber => $uidnum ); $mesg = $idpool->update; $c->log->info("ERROR IdPool could not be reset to $uidnum: ", $mesg->error) if $mesg->code; + } else { + push @promoted, $uid; } } } @@ -228,6 +231,7 @@ sub account_promote : Local { my @groups = $mesg->entries; $c->stash( groups => \@groups ); $c->stash( errors => \@errors ); + $c->stash( promoted => \@promoted ); } sub account_modify : Local { -- cgit v1.2.1 From 077018601769448fb6817693359b83952537f2e8 Mon Sep 17 00:00:00 2001 From: Michael Scherer Date: Sun, 17 Jul 2011 19:19:04 +0000 Subject: sort user to promote by login --- lib/CatDap/Controller/admin.pm | 1 + 1 file changed, 1 insertion(+) (limited to 'lib/CatDap/Controller') diff --git a/lib/CatDap/Controller/admin.pm b/lib/CatDap/Controller/admin.pm index 352c3b1..89a0da0 100644 --- a/lib/CatDap/Controller/admin.pm +++ b/lib/CatDap/Controller/admin.pm @@ -224,6 +224,7 @@ sub account_promote : Local { } push @entries, \%new_entry; } + @entries = sort { $a->{'uid'} cmp $b->{'uid'} } @entries; $c->stash( entries => \@entries ); push @errors, $mesg->error if $mesg->code; -- cgit v1.2.1 From c3ac8525105a2d9bbf697eb910e1e9eba67c9610 Mon Sep 17 00:00:00 2001 From: Michael Scherer Date: Sun, 17 Jul 2011 21:43:32 +0000 Subject: more string to translate --- lib/CatDap/Controller/admin.pm | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'lib/CatDap/Controller') diff --git a/lib/CatDap/Controller/admin.pm b/lib/CatDap/Controller/admin.pm index 89a0da0..fd74650 100644 --- a/lib/CatDap/Controller/admin.pm +++ b/lib/CatDap/Controller/admin.pm @@ -182,7 +182,7 @@ sub account_promote : Local { my $entry = $mesg->entry; $mesg = $c->model('user')->search("(objectclass=sambaUnixIdPool)"); if ( $mesg->entries gt 1 ) { - push @errors, "More than one ID Pool"; + push @errors, $c->loc("More than one ID Pool"); #TODO forward to error page } @@ -512,7 +512,7 @@ sub password : Local { $mesg = $c->model('user')->search("uid=$uid"); push @errors,$mesg->error if $mesg->code; if ($mesg->entries gt 1) { - push @errors,'More than one entry matched'; + push @errors, $c->loc('More than one entry matched'); $c->detach; } $entry = $mesg->entry; @@ -525,14 +525,14 @@ sub password : Local { return 1; } if ($c->req->param('txnid') ne $c->session->{txnid}) { - push @errors,'Transaction ID mismatch'; + push @errors, $c->loc('Transaction ID mismatch'); $c->detach; } $newpass = Data::UUID->new->create_str(); my $pp = Net::LDAP::Control::PasswordPolicy->new; $mesg = $entry->replace( userPassword => $newpass,pwdReset => 'TRUE' )->update; if ($mesg->code) { - push @errors,"Password reset failed: " . $mesg->error; + push @errors, $c->loc("Password reset failed: ") . $mesg->error; $c->detach; } my $email = join(',',@mail); @@ -588,14 +588,14 @@ sub group : Local { if ( not $c->req->param('attribute') and not $c->req->param('value') ) { $attribute = 'owner'; $value = $c->user->ldap_entry->dn; - $c->stash( heading => 'Groups you manage'); + $c->stash( heading => $c->loc('Groups you manage')); } else { $attribute = $c->req->param('attribute'); $attribute =~ s/[^\w\d]//g; $value = $c->req->param('value'); $value =~ s/[^\w\d\* ]//g; - $c->stash( heading => 'Groups matching search criteria'); + $c->stash( heading => $c->loc('Groups matching search criteria')); } my $mesg = $c->model('user') @@ -621,7 +621,7 @@ sub group_modify : Local { my $mesg; $c->detach('/admin/group') if $group eq ''; if ( $group !~ /^[\w\d ]*$/ ) { - push @errors, "Group contains illegal characters"; + push @errors, $c->loc('Group contains illegal characters'); $c->detach('/admin/group'); } if (defined $op and $op eq 'delete') { @@ -649,7 +649,7 @@ sub group_modify : Local { } $mesg = $c->model('user')->search("(&(objectClass=groupOfNames)(cn=$group))"); if ( $mesg->entries gt 1 ) { - push @errors, 'More than one entry matched'; + push @errors, $c->loc('More than one entry matched'); $c->detach('/admin/group'); } $c->stash( group => $mesg->entry ); -- cgit v1.2.1 From 2444b8126eb04341af00b65233762bdd944fb7ef Mon Sep 17 00:00:00 2001 From: Michael Scherer Date: Thu, 21 Jul 2011 11:22:09 +0000 Subject: fix the regexp, so we can manage mga-* group --- lib/CatDap/Controller/admin.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/CatDap/Controller') diff --git a/lib/CatDap/Controller/admin.pm b/lib/CatDap/Controller/admin.pm index fd74650..de0c76a 100644 --- a/lib/CatDap/Controller/admin.pm +++ b/lib/CatDap/Controller/admin.pm @@ -620,7 +620,7 @@ sub group_modify : Local { my @entries; my $mesg; $c->detach('/admin/group') if $group eq ''; - if ( $group !~ /^[\w\d ]*$/ ) { + if ( $group !~ /^[\w\d- ]*$/ ) { push @errors, $c->loc('Group contains illegal characters'); $c->detach('/admin/group'); } -- cgit v1.2.1 From ba1ebfe77fbebb5591076b94c2870b43e8596072 Mon Sep 17 00:00:00 2001 From: Michael Scherer Date: Thu, 21 Jul 2011 12:11:34 +0000 Subject: fix code, Catalyst::Result do not have a forward method --- lib/CatDap/Controller/admin.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/CatDap/Controller') diff --git a/lib/CatDap/Controller/admin.pm b/lib/CatDap/Controller/admin.pm index de0c76a..814475f 100644 --- a/lib/CatDap/Controller/admin.pm +++ b/lib/CatDap/Controller/admin.pm @@ -612,7 +612,7 @@ sub group_modify : Local { $c->detach('/user/login') if not $c->user; my $mainrole = 'account'; if ( ! $c->check_user_roles('Account Admins') and ! $c->check_user_roles('Group Admins')) { - $c->res->forward('/user'); + $c->forward('/user'); } $mainrole = 'group' if (not $c->check_user_roles('Account Admins')); $c->stash( subpages => gensubpages($mainrole) ); -- cgit v1.2.1 From 6d861e125dff8edccdf6f4070fbb4642d0cd5c89 Mon Sep 17 00:00:00 2001 From: Michael Scherer Date: Thu, 21 Jul 2011 16:50:26 +0000 Subject: refactor the ldap query, and do it sooner so we can use it for access control --- lib/CatDap/Controller/admin.pm | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) (limited to 'lib/CatDap/Controller') diff --git a/lib/CatDap/Controller/admin.pm b/lib/CatDap/Controller/admin.pm index 814475f..452efd9 100644 --- a/lib/CatDap/Controller/admin.pm +++ b/lib/CatDap/Controller/admin.pm @@ -619,17 +619,25 @@ sub group_modify : Local { my @errors; my @entries; my $mesg; + $c->detach('/admin/group') if $group eq ''; if ( $group !~ /^[\w\d- ]*$/ ) { push @errors, $c->loc('Group contains illegal characters'); $c->detach('/admin/group'); } + + my $mesg_group = $c->model('user')->search("(&(objectClass=groupOfNames)(cn=$group))"); + if ( $mesg_group->entries gt 1 ) { + push @errors, $c->loc('More than one entry matched'); + $c->detach('/admin/group'); + } + if (defined $op and $op eq 'delete') { - $mesg = $c->model('user')->search("(&(objectClass=groupOfNames)(cn=$group))"); - @entries = $mesg->entries; + @entries = $mesg_group->entries; $entries[0]->delete( $attr => $value)->update; $c->res->redirect("/admin/group_modify/$group"); - } + } + if ( defined $op and $op eq 'add' ) { my $member = $c->req->param('member'); $mesg = $c->model('user')->search("(uid=$member)"); @@ -642,17 +650,12 @@ sub group_modify : Local { } @entries = $mesg->entries; my $dn = $entries[0]->dn; - $mesg = $c->model('user')->search("(&(objectClass=groupOfNames)(cn=$group))"); - @entries = $mesg->entries; + @entries = $mesg_group->entries; $entries[0]->add( 'member' => $dn )->update; $c->res->redirect("/admin/group_modify/$group"); } - $mesg = $c->model('user')->search("(&(objectClass=groupOfNames)(cn=$group))"); - if ( $mesg->entries gt 1 ) { - push @errors, $c->loc('More than one entry matched'); - $c->detach('/admin/group'); - } - $c->stash( group => $mesg->entry ); + + $c->stash( group => $mesg_group->entry ); } =head2 index -- cgit v1.2.1 From f40b65c3e1026f5cb96f705a92481ac38cb4c26c Mon Sep 17 00:00:00 2001 From: Michael Scherer Date: Thu, 21 Jul 2011 16:50:31 +0000 Subject: group the $mainrole related stuff together, check the permission after getting information on the role --- lib/CatDap/Controller/admin.pm | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'lib/CatDap/Controller') diff --git a/lib/CatDap/Controller/admin.pm b/lib/CatDap/Controller/admin.pm index 452efd9..dfea627 100644 --- a/lib/CatDap/Controller/admin.pm +++ b/lib/CatDap/Controller/admin.pm @@ -609,13 +609,13 @@ sub group : Local { sub group_modify : Local { my ( $self, $c, $group, $op, $attr, $value ) = @_; + $c->detach('/user/login') if not $c->user; + my $mainrole = 'account'; - if ( ! $c->check_user_roles('Account Admins') and ! $c->check_user_roles('Group Admins')) { - $c->forward('/user'); - } $mainrole = 'group' if (not $c->check_user_roles('Account Admins')); $c->stash( subpages => gensubpages($mainrole) ); + my @errors; my @entries; my $mesg; @@ -632,6 +632,10 @@ sub group_modify : Local { $c->detach('/admin/group'); } + if ( ! $c->check_user_roles('Account Admins') and ! $c->check_user_roles('Group Admins')) { + $c->forward('/user'); + } + if (defined $op and $op eq 'delete') { @entries = $mesg_group->entries; $entries[0]->delete( $attr => $value)->update; -- cgit v1.2.1 From 58cc2964a962b537e3d856775b9e451c65e10516 Mon Sep 17 00:00:00 2001 From: Michael Scherer Date: Thu, 21 Jul 2011 16:50:34 +0000 Subject: fix the order of the regexp, as test complain --- lib/CatDap/Controller/admin.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/CatDap/Controller') diff --git a/lib/CatDap/Controller/admin.pm b/lib/CatDap/Controller/admin.pm index dfea627..e8771e6 100644 --- a/lib/CatDap/Controller/admin.pm +++ b/lib/CatDap/Controller/admin.pm @@ -621,7 +621,7 @@ sub group_modify : Local { my $mesg; $c->detach('/admin/group') if $group eq ''; - if ( $group !~ /^[\w\d- ]*$/ ) { + if ( $group !~ /^[-\w\d ]*$/ ) { push @errors, $c->loc('Group contains illegal characters'); $c->detach('/admin/group'); } -- cgit v1.2.1 From 403a3234914fbfe4f215ecefcfe3dbef95e6a16e Mon Sep 17 00:00:00 2001 From: Michael Scherer Date: Thu, 21 Jul 2011 17:10:36 +0000 Subject: let a user who is set as a owner of the group manage it --- lib/CatDap/Controller/admin.pm | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'lib/CatDap/Controller') diff --git a/lib/CatDap/Controller/admin.pm b/lib/CatDap/Controller/admin.pm index e8771e6..495a6a1 100644 --- a/lib/CatDap/Controller/admin.pm +++ b/lib/CatDap/Controller/admin.pm @@ -632,7 +632,12 @@ sub group_modify : Local { $c->detach('/admin/group'); } - if ( ! $c->check_user_roles('Account Admins') and ! $c->check_user_roles('Group Admins')) { + #FIXME I am sure that the code can be smaller and leaner + @entries = $mesg_group->entries; + @entries = $entries[0]->get_value('owner'); + my $is_owner = grep { $_ eq $c->user->ldap_entry->dn } @entries; + + if ( ! $is_owner and ! $c->check_user_roles('Account Admins') and ! $c->check_user_roles('Group Admins')) { $c->forward('/user'); } -- cgit v1.2.1 From ca484d71416a0b14585f1505d51ccde5c171a878 Mon Sep 17 00:00:00 2001 From: Michael Scherer Date: Thu, 21 Jul 2011 19:29:27 +0000 Subject: fix the redirection --- lib/CatDap/Controller/admin.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/CatDap/Controller') diff --git a/lib/CatDap/Controller/admin.pm b/lib/CatDap/Controller/admin.pm index 495a6a1..5d9eed8 100644 --- a/lib/CatDap/Controller/admin.pm +++ b/lib/CatDap/Controller/admin.pm @@ -578,7 +578,7 @@ sub group : Local { $mainrole = 'group'; } else { - $c->res->forward('/user'); + $c->forward('/user'); } #$c->assert_any_user_role({['Account Admins','Group Admins']}); #$mainrole = 'account' if $c->check_user_roles('Account Admins'); -- cgit v1.2.1 From c392ddf66dc25dd598a5aae4fd2a4e100d6752f6 Mon Sep 17 00:00:00 2001 From: Romain d'Alverny Date: Wed, 27 Jul 2011 16:53:34 +0000 Subject: code layout --- lib/CatDap/Controller/user.pm | 37 ++++++++++++++++++------------------- 1 file changed, 18 insertions(+), 19 deletions(-) (limited to 'lib/CatDap/Controller') diff --git a/lib/CatDap/Controller/user.pm b/lib/CatDap/Controller/user.pm index f2171eb..e6cc7a1 100644 --- a/lib/CatDap/Controller/user.pm +++ b/lib/CatDap/Controller/user.pm @@ -87,7 +87,7 @@ sub auto : Private { -cipher => 'Blowfish' ) or die $!; $c->session->{enc_password} = $cipher->encrypt($c->req->param('password') || $c->req->param('key')); - $c->response->cookies->{'key'} = { value => $key, expires => '+10m' }; + $c->response->cookies->{'key'} = { value => $key, expires => '+10m' }; $c->stash(pages => roles2pages($c->user->roles)); $c->session->{dn} = $c->user->ldap_entry->dn; $c->session->{user} = $c->req->param('username'); @@ -103,7 +103,7 @@ sub auto : Private { $password = $cipher->decrypt($c->session->{enc_password}); $c->log->debug("Re-authenticating user " . $c->user->username); $c->authenticate({username => $c->user->username,password => $password}); - $c->res->cookies->{'key'} = {value => $key, expires => '+10m'}; + $c->res->cookies->{'key'} = {value => $key, expires => '+10m'}; $c->stash(pages => roles2pages($c->user->roles)); $c->log->info($@) if $@; @@ -279,29 +279,28 @@ sub password : Local { my ($mesg,$newpass,$cipher); $c->stash(subpages => gensubpages()); if ( not defined $c->req->param('password') or not defined $c->req->param('newpassword1') or not defined $c->req->param('newpassword2')) { - -#if ( not defined $c->req->param('newpassword1') or not defined $c->req->param('newpassword2')) { + #if ( not defined $c->req->param('newpassword1') or not defined $c->req->param('newpassword2')) { $c->detach; } # Re-authenticate to check the user has the right password if (not $c->authenticate({ - 'username' => $c->user->username, - 'password' => $c->req->param('password'), - }) - ) { - $c->stash(errors => [ $c->loc('Password incorrect') ]); - $c->detach; + 'username' => $c->user->username, + 'password' => $c->req->param('password'), + }) + ) { + $c->stash(errors => [ $c->loc('Password incorrect') ]); + $c->detach; } if ($c->req->param('newpassword1') eq $c->req->param('newpassword2')) { $newpass = $c->req->param('newpassword1'); } else { push @{${$c->stash}{'errors'}},$c->loc('New passwords dont match'); - $c->detach; + $c->detach; } my $pp = Net::LDAP::Control::PasswordPolicy->new; $mesg = $c->model('User')->set_password( - #oldpasswd => $c->req->param('password'), + #oldpasswd => $c->req->param('password'), newpasswd => $newpass, control => [ $pp ], ); @@ -319,7 +318,7 @@ sub password : Local { ) or die $!; $c->session->{enc_password} = $cipher->encrypt($newpass); push @{${$c->stash}{'errors'}},"Password change succeeded"; - #$c->res->redirect('/user'); + #$c->res->redirect('/user'); } } @@ -336,17 +335,17 @@ sub firstlogin : Local { username => $c->req->param('username'), password => $c->req->param('key')}) ) { $c->stash(errors => ['An error occurred']); - $c->log->info("Failed to authenticate user in first login: " . $c->req->param('key')); + $c->log->info("Failed to authenticate user in first login: " . $c->req->param('key')); $c->res->redirect('/user'); - } - # cache password for next request with form data + } + # cache password for next request with form data my $keyprefix = $self->get_keyprefix($c); - my $key = Data::UUID->new->create_str(); + my $key = Data::UUID->new->create_str(); $cipher = Crypt::CBC->new( -key => $keyprefix . $key, -cipher => 'Blowfish' ) or die $!; $c->session->{enc_password} = $cipher->encrypt($c->req->param('key')); - $c->response->cookies->{'key'} = { value => $key, expires => '+10m' }; + $c->response->cookies->{'key'} = { value => $key, expires => '+10m' }; $c->detach; } @@ -364,7 +363,7 @@ sub firstlogin : Local { ) or die $!; my $password = $cipher->decrypt($c->session->{enc_password}); $c->authenticate({username => $c->req->param('username'),password => $password}) - or $c->log->info("Authenticating user for first password change failed"); + or $c->log->info("Authenticating user for first password change failed"); my $pp = Net::LDAP::Control::PasswordPolicy->new; $mesg = $c->model('User')->set_password( -- cgit v1.2.1