Back to index

moin  1.9.0~rc2
openidrp_teams.py
Go to the documentation of this file.
00001 # -*- coding: iso-8859-1 -*-
00002 """
00003     MoinMoin - Launchpad Teams Extension for OpenID authorization
00004 
00005     @copyright: 2009 Canonical, Inc.
00006     @license: GNU GPL, see COPYING for details.
00007 """
00008 import re
00009 import logging
00010 import copy
00011 
00012 #from MoinMoin.util.moinoid import MoinOpenIDStore
00013 from MoinMoin import user
00014 from MoinMoin.auth import BaseAuth
00015 from MoinMoin.auth.openidrp import OpenIDAuth
00016 #OpenIDSREGAuth
00017 #from openid.consumer import consumer
00018 #from openid.yadis.discover import DiscoveryFailure
00019 #from openid.fetchers import HTTPFetchingError
00020 #from MoinMoin.widget import html
00021 #from MoinMoin.auth import CancelLogin, ContinueLogin
00022 #from MoinMoin.auth import MultistageFormLogin, MultistageRedirectLogin
00023 #from MoinMoin.auth import get_multistage_continuation_url
00024 
00025 from openid.extensions.teams import TeamsRequest, TeamsResponse, supportsTeams
00026 from MoinMoin import wikiutil
00027 from MoinMoin.PageEditor import PageEditor, conflict_markers
00028 from MoinMoin.Page import Page
00029 
00030 def openidrp_teams_modify_request(oidreq, cfg):
00031     # Request Launchpad teams information, if configured
00032     # should also check supportsTeams() result
00033     #if teams_extension_avail and len(cfg.openidrp_authorized_teams) > 0:
00034     if len(cfg.openidrp_authorized_teams) > 0:
00035         oidreq.addExtension(TeamsRequest(cfg.openidrp_authorized_teams))
00036 
00037 def openidrp_teams_create_user(info, u, cfg):
00038     # Check for Launchpad teams data in response
00039     teams = None
00040     #if teams_extension_avail and len(cfg.openidrp_authorized_teams) > 0:
00041     teams_response = TeamsResponse.fromSuccessResponse(info)
00042     teams = teams_response.is_member
00043     if teams:
00044         _save_teams_acl(u, teams, cfg)
00045     return u
00046 
00047 def openidrp_teams_update_user(info, u, cfg):
00048     teams = None
00049     teams_response = TeamsResponse.fromSuccessResponse(info)
00050     teams = teams_response.is_member
00051     if teams:
00052         _save_teams_acl(u, teams, cfg)
00053 
00054 # Take a list of Launchpad teams and add the user to the ACL pages
00055 # ACL group names cannot have "-" in them, although team names do.
00056 def _save_teams_acl(u, teams, cfg):
00057     logging.log(logging.INFO, "running save_teams_acl...")
00058 
00059     # remove any teams the user is no longer in
00060     if not hasattr(u, 'teams'):
00061         u.teams = []
00062     logging.log(logging.INFO, "old teams: " + str(u.teams)
00063         + "  new teams: " + str(teams))
00064 
00065     for t in u.teams:
00066         if not t in teams:
00067             logging.log(logging.INFO, "remove user from team: " + t)
00068             team = t.strip().replace("-", "")
00069             _remove_user_from_team(u, team, cfg)
00070 
00071     for t in teams:
00072         team = t.strip().replace("-", "")
00073         if not team:
00074             continue
00075         logging.log(logging.INFO, "Launchpad team: "  + team)
00076         _add_user_to_team(u, team, cfg)
00077 
00078     u.teams = teams
00079     u.save()
00080 
00081 def _add_user_to_team(u, team, cfg):
00082     # use admin account to create or edit ACL page
00083     # http://moinmo.in/MoinDev/CommonTasks
00084     acl_request = u._request
00085     acl_request.user = user.User(acl_request, None, cfg.openidrp_acl_admin)
00086     pe = PageEditor(acl_request, team + cfg.openidrp_acl_page_postfix)
00087     acl_text = pe.get_raw_body()
00088     logging.log(logging.INFO, "ACL Page content: " + acl_text)
00089     # make sure acl command is first line of document
00090     # only the admin user specified in wikiconfig should
00091     # be allowed to change these acl files
00092     if not acl_text or acl_text == "" or acl_text[0] != "#":
00093         acl_text = "#acl Known:read All:\n" + acl_text
00094     # does ACL want uid, name, username, auth_username?
00095     p = re.compile(ur"^ \* %s" % u.name, re.MULTILINE)
00096     if not p.search(acl_text):
00097         logging.log(logging.INFO, "did not find user %s in acl, adding..." % u.name)
00098         acl_text += u" * %s\n" % u.name
00099         pe.saveText(acl_text, 0)
00100 
00101 def _remove_user_from_team(u, team, cfg):
00102     acl_request = u._request
00103     acl_request.user = user.User(acl_request, None, cfg.openidrp_acl_admin)
00104     pe = PageEditor(acl_request, team + cfg.openidrp_acl_page_postfix)
00105     acl_text = pe.get_raw_body()
00106     logging.log(logging.INFO, "ACL Page content: " + acl_text)
00107     # does ACL want uid, name, username, auth_username?
00108     p = re.compile(ur"^ \* %s" % u.name, re.MULTILINE)
00109     if p.search(acl_text):
00110         logging.log(logging.INFO, "found user %s in acl, removing..." % u.name)
00111         acl_text = acl_text.replace(" * %s\n" % u.name, "")
00112         try:
00113             pe.saveText(acl_text, 0)
00114         except PageEditor.EmptyPage:
00115             pe.deletePage()
00116