set User.object_class and Group.object_class based on config when setting ldap models

permit filtering with object_class by default in User.filter() and Group.filter() avoid having user/group base root in default filter results
2022-03-10 17:56:47 +01:00 · 2022-03-10 17:56:47 +01:00 · da1b911172
commit da1b911172
parent 3c9f618564
4 changed files with 11 additions and 16 deletions
--- a/canaille/account.py
+++ b/canaille/account.py
@ -159,11 +159,7 @@ def firstlogin(uid):
@bp.route("/users")
@permissions_needed("manage_users")
 def users(user):
-    users = User.filter(
-        objectClass=current_app.config["LDAP"].get(
-            "USER_CLASS", User.DEFAULT_OBJECT_CLASS
-        )
-    )
+    users = User.filter()
    return render_template("users.html", users=users, menuitem="users")


--- a/canaille/groups.py
+++ b/canaille/groups.py
@ -19,11 +19,7 @@ bp = Blueprint("groups", __name__, url_prefix="/groups")
@bp.route("/")
@permissions_needed("manage_groups")
 def groups(user):
-    groups = Group.filter(
-        objectClass=current_app.config["LDAP"].get(
-            "GROUP_CLASS", Group.DEFAULT_OBJECT_CLASS
-        )
-    )
+    groups = Group.filter()
    return render_template("groups.html", groups=groups, menuitem="groups")


--- a/canaille/ldap_backend/backend.py
+++ b/canaille/ldap_backend/backend.py
@ -21,12 +21,18 @@ def setup_ldap_models(app):
        user_base = user_base[: -len(app.config["LDAP"]["ROOT_DN"]) - 1]
    User.base = user_base
    User.id = app.config["LDAP"].get("USER_ID_ATTRIBUTE", User.DEFAULT_ID_ATTRIBUTE)
+    User.object_class = [
+        app.config["LDAP"].get("USER_CLASS", User.DEFAULT_OBJECT_CLASS)
+    ]

    group_base = app.config["LDAP"].get("GROUP_BASE")
    if group_base.endswith(app.config["LDAP"]["ROOT_DN"]):
        group_base = group_base[: -len(app.config["LDAP"]["ROOT_DN"]) - 1]
    Group.base = group_base
    Group.id = app.config["LDAP"].get("GROUP_ID_ATTRIBUTE", Group.DEFAULT_ID_ATTRIBUTE)
+    Group.object_class = [
+        app.config["LDAP"].get("GROUP_CLASS", Group.DEFAULT_OBJECT_CLASS)
+    ]


 def setup_backend(app):
--- a/canaille/models.py
+++ b/canaille/models.py
@ -188,18 +188,15 @@ class Group(LDAPObject):
    def available_groups(cls, conn=None):
        conn = conn or cls.ldap()
        try:
-            attribute = current_app.config["LDAP"].get(
+            name_attribute = current_app.config["LDAP"].get(
                "GROUP_NAME_ATTRIBUTE", Group.DEFAULT_NAME_ATTRIBUTE
            )
-            object_class = current_app.config["LDAP"].get(
-                "GROUP_CLASS", Group.DEFAULT_OBJECT_CLASS
-            )
        except KeyError:
            return []

-        groups = cls.filter(objectClass=object_class, conn=conn)
+        groups = cls.filter(conn=conn)
        Group.ldap_object_attributes(conn=conn)
-        return [(group[attribute][0], group.dn) for group in groups]
+        return [(group[name_attribute][0], group.dn) for group in groups]

    @property
    def name(self):