From da1b911172cf3cf241b658fb121dece8eb75f3ea Mon Sep 17 00:00:00 2001 From: emillumine Date: Thu, 10 Mar 2022 17:56:47 +0100 Subject: [PATCH] set User.object_class and Group.object_class based on config when setting ldap models permit filtering with object_class by default in User.filter() and Group.filter() avoid having user/group base root in default filter results --- canaille/account.py | 6 +----- canaille/groups.py | 6 +----- canaille/ldap_backend/backend.py | 6 ++++++ canaille/models.py | 9 +++------ 4 files changed, 11 insertions(+), 16 deletions(-) diff --git a/canaille/account.py b/canaille/account.py index 85e494bd..25e08c65 100644 --- a/canaille/account.py +++ b/canaille/account.py @@ -159,11 +159,7 @@ def firstlogin(uid): @bp.route("/users") @permissions_needed("manage_users") def users(user): - users = User.filter( - objectClass=current_app.config["LDAP"].get( - "USER_CLASS", User.DEFAULT_OBJECT_CLASS - ) - ) + users = User.filter() return render_template("users.html", users=users, menuitem="users") diff --git a/canaille/groups.py b/canaille/groups.py index 8f2528ff..3e284986 100644 --- a/canaille/groups.py +++ b/canaille/groups.py @@ -19,11 +19,7 @@ bp = Blueprint("groups", __name__, url_prefix="/groups") @bp.route("/") @permissions_needed("manage_groups") def groups(user): - groups = Group.filter( - objectClass=current_app.config["LDAP"].get( - "GROUP_CLASS", Group.DEFAULT_OBJECT_CLASS - ) - ) + groups = Group.filter() return render_template("groups.html", groups=groups, menuitem="groups") diff --git a/canaille/ldap_backend/backend.py b/canaille/ldap_backend/backend.py index 91b39f43..7809a94f 100644 --- a/canaille/ldap_backend/backend.py +++ b/canaille/ldap_backend/backend.py @@ -21,12 +21,18 @@ def setup_ldap_models(app): user_base = user_base[: -len(app.config["LDAP"]["ROOT_DN"]) - 1] User.base = user_base User.id = app.config["LDAP"].get("USER_ID_ATTRIBUTE", User.DEFAULT_ID_ATTRIBUTE) + User.object_class = [ + app.config["LDAP"].get("USER_CLASS", User.DEFAULT_OBJECT_CLASS) + ] group_base = app.config["LDAP"].get("GROUP_BASE") if group_base.endswith(app.config["LDAP"]["ROOT_DN"]): group_base = group_base[: -len(app.config["LDAP"]["ROOT_DN"]) - 1] Group.base = group_base Group.id = app.config["LDAP"].get("GROUP_ID_ATTRIBUTE", Group.DEFAULT_ID_ATTRIBUTE) + Group.object_class = [ + app.config["LDAP"].get("GROUP_CLASS", Group.DEFAULT_OBJECT_CLASS) + ] def setup_backend(app): diff --git a/canaille/models.py b/canaille/models.py index 4a25a3c1..e1105d22 100644 --- a/canaille/models.py +++ b/canaille/models.py @@ -188,18 +188,15 @@ class Group(LDAPObject): def available_groups(cls, conn=None): conn = conn or cls.ldap() try: - attribute = current_app.config["LDAP"].get( + name_attribute = current_app.config["LDAP"].get( "GROUP_NAME_ATTRIBUTE", Group.DEFAULT_NAME_ATTRIBUTE ) - object_class = current_app.config["LDAP"].get( - "GROUP_CLASS", Group.DEFAULT_OBJECT_CLASS - ) except KeyError: return [] - groups = cls.filter(objectClass=object_class, conn=conn) + groups = cls.filter(conn=conn) Group.ldap_object_attributes(conn=conn) - return [(group[attribute][0], group.dn) for group in groups] + return [(group[name_attribute][0], group.dn) for group in groups] @property def name(self):