Merge branch 'master' of github.com:globocom/database-as-a-service

Author: Silvano Buback

dbaas/account/backends.py

@@ -8,8 +8,8 @@
 class DbaasBackend(ModelBackend):
 
     def has_perm(self, user_obj, perm, obj=None):
-
+        #LOG.debug("validating perm %s for user %s" % (perm, user_obj))
         if not user_obj.is_active:
             return False
         else:
-            return perm in user_obj.get_all_permissions()
+            return perm in user_obj.get_all_permissions(obj=None)

dbaas/account/helper.py

@@ -47,5 +47,5 @@ def find_ldap_groups_from_user(username=None):
         finally:
             conn.unbind()
             LOG.info("LDAP connection closed")
-    LOG.debug("ldap groups found for username %s: %s" % (username, groups))
+    LOG.info("ldap groups found for username %s: %s" % (username, groups))
     return groups

dbaas/account/management/__init__.py

@@ -0,0 +1,62 @@
+# encoding: utf-8
+# from datetime import datetime
+import sys
+import traceback
+import logging
+from sets import Set
+from django.contrib.auth.models import User, Group, Permission
+from django.core.management.base import BaseCommand
+
+
+only_print_errors = True
+
+LOG = logging.getLogger(__name__)
+
+class Command(BaseCommand):
+    help = u'Fix user roles permissions'
+    
+    #dba has all permissions in role_reguler
+    groups_roles = {'role_dba': [u'view_host', u'change_enginetype', u'delete_planattribute', u'add_enginetype', 
+                                u'physical.view_databaseinfra', u'change_databaseinfra', u'change_host', 
+                                u'delete_auditrequest', u'change_auditchange', u'add_instance', 
+                                u'can_manage_quarantine_databases', u'add_planattribute', 
+                                u'delete_plan', u'add_databaseinfra', u'view_planattribute', 
+                                u'change_planattribute', u'change_auditrequest', u'delete_host', 
+                                u'add_host', u'change_plan', u'view_plan', u'change_audit', u'delete_audit', 
+                                u'add_audit', u'change_instance', u'view_engine', u'change_engine', 
+                                u'delete_databaseinfra', u'add_auditchange', u'add_auditrequest', 
+                                u'view_enginetype', u'delete_auditchange', u'add_engine', 
+                                u'delete_instance', u'delete_enginetype', u'view_instance', u'delete_engine', u'add_plan'],
+                    'role_regular': [u'add_credential', u'change_credential', u'delete_credential', u'view_credential', 
+                                    u'add_database', u'change_database', u'delete_database', u'view_database', 
+                                    u'add_project', u'change_project', u'delete_project', u'view_project']}
+
+    def handle(self, *args, **options):
+
+        #print "groups_roles: %s" % Command.groups_roles
+        role_dba = Group.objects.get_or_create(name="role_dba")[0]
+        role_regular = Group.objects.get_or_create(name="role_regular")[0]
+
+        #clean permissions
+        self.remove_permissions(group=role_dba)
+        self.remove_permissions(group=role_regular)
+
+        #role_regular
+        codenames = Command.groups_roles['role_regular']
+        permissions_regular = Permission.objects.filter(codename__in=codenames)
+        self.add_permissions(group=role_regular, permissions=permissions_regular)
+        
+        #role_dba
+        codenames = codenames + Command.groups_roles['role_dba']
+        permissions_dba = Permission.objects.filter(codename__in=codenames)
+        self.add_permissions(group=role_dba, permissions=permissions_dba)
+
+    def remove_permissions(self, group=None):
+        print "removing permissions for group %s" % group
+        [group.permissions.remove(permission) for permission in group.permissions.all()]
+        print "*" *50
+
+    def add_permissions(self, group=None, permissions=None):
+        print "adding permissions %s to group %s" % (permissions, group)
+        [group.permissions.add(permission) for permission in permissions]
+        print "*" *50

dbaas/account/management/commands/__init__.py

@@ -0,0 +1,25 @@
+# -*- coding: utf-8 -*-
+import datetime
+from south.db import db
+from south.v2 import SchemaMigration
+from django.db import models
+from django.contrib.auth.models import User, Group
+
+class Migration(SchemaMigration):
+
+    ROLES = ["role_dba", "role_regular"]
+
+    def forwards(self, orm):
+
+        [Group.objects.get_or_create(name=role) for role in Migration.ROLES]
+
+
+    def backwards(self, orm):
+        groups = Group.objects.filter(name__in=Migration.ROLES)
+        [group.delete for group in groups]
+
+    models = {
+
+    }
+
+    complete_apps = ['account']

dbaas/account/management/commands/fix_user_roles_permissions.py

@@ -52,7 +52,10 @@ def user_pre_save(sender, **kwargs):
 @receiver(post_save, sender=User)
 def user_post_save(sender, **kwargs):
     user = kwargs.get('instance')
-    LOG.debug("user %s post save signal" % user)
+    created = kwargs.get('created')
+    if created:
+        LOG.debug("new user %s created" % user)
+        sync_ldap_groups_with_user(user=user)
 
 
 def user_m2m_changed(sender, **kwargs):