ZenModel.UserSettings

1 ########################################################################### 2 # 3 # This program is part of Zenoss Core, an open source monitoring platform. 4 # Copyright (C) 2007, Zenoss Inc. 5 # 6 # This program is free software; you can redistribute it and/or modify it 7 # under the terms of the GNU General Public License version 2 as published by 8 # the Free Software Foundation. 9 # 10 # For complete information please visit: http://www.zenoss.com/oss/ 11 # 12 ########################################################################### 13 14 import types 15 16 from random import choice 17 18 from Globals import DTMLFile 19 from Globals import InitializeClass 20 from AccessControl import ClassSecurityInfo 21 from AccessControl import getSecurityManager 22 from Acquisition import aq_base 23 from Products.PluggableAuthService import interfaces 24 from zExceptions import Unauthorized 25 from DateTime import DateTime 26 27 from Products.ZenEvents.ActionRule import ActionRule 28 from Products.ZenEvents.CustomEventView import CustomEventView 29 from Products.ZenRelations.RelSchema import * 30 from Products.ZenUtils import Time 31 from Products.ZenUtils.Utils import unused 32 from Products.ZenUtils import DotNetCommunication 33 from Products.ZenWidgets import messaging 34 35 from ZenossSecurity import * 36 from ZenModelRM import ZenModelRM 37 from Products.ZenUtils import Utils 38 39 from email.MIMEText import MIMEText 40 import socket 41 42 UserSettingsId = "ZenUsers" 43

44 -def manage_addUserSettingsManager(context, REQUEST=None):

45 """Create user settings manager.""" 46 ufm = UserSettingsManager(UserSettingsId) 47 context._setObject(ufm.getId(), ufm) 48 if REQUEST is not None: 49 REQUEST['RESPONSE'].redirect(context.absolute_url() + '/manage_main')

50 51

52 -def rolefilter(r): return r not in ("Anonymous", "Authenticated", "Owner")

53

54 -class UserSettingsManager(ZenModelRM):

55 """Manage zenoss user folders. 56 """ 57 security = ClassSecurityInfo() 58 59 meta_type = "UserSettingsManager" 60 61 #zPrimaryBasePath = ("", "zport") 62 63 sub_meta_types = ("UserSettings",) 64 65 factory_type_information = ( 66 { 67 'id' : 'UserSettingsManager', 68 'meta_type' : 'UserSettingsManager', 69 'description' : """Base class for all devices""", 70 'icon' : 'UserSettingsManager.gif', 71 'product' : 'ZenModel', 72 'factory' : 'manage_addUserSettingsManager', 73 'immediate_view' : 'manageUserFolder', 74 'actions' : 75 ( 76 { 'id' : 'settings' 77 , 'name' : 'Settings' 78 , 'action' : '../editSettings' 79 , 'permissions' : ( ZEN_MANAGE_DMD, ) 80 }, 81 { 'id' : 'manage' 82 , 'name' : 'Commands' 83 , 'action' : '../dataRootManage' 84 , 'permissions' : (ZEN_MANAGE_DMD,) 85 }, 86 { 'id' : 'users' 87 , 'name' : 'Users' 88 , 'action' : 'manageUserFolder' 89 , 'permissions' : ( ZEN_MANAGE_DMD, ) 90 }, 91 { 'id' : 'packs' 92 , 'name' : 'ZenPacks' 93 , 'action' : '../ZenPackManager/viewZenPacks' 94 , 'permissions' : ( ZEN_MANAGE_DMD, ) 95 }, 96 { 'id' : 'jobs' 97 , 'name' : 'Jobs' 98 , 'action' : '../joblist' 99 , 'permissions' : ( "Manage DMD", ) 100 }, 101 { 'id' : 'menus' 102 , 'name' : 'Menus' 103 , 'action' : '../editMenus' 104 , 'permissions' : ( ZEN_MANAGE_DMD, ) 105 }, 106 { 'id' : 'portlets' 107 , 'name' : 'Portlets' 108 , 'action' : '../editPortletPerms' 109 , 'permissions' : ( ZEN_MANAGE_DMD, ) 110 }, 111 { 'id' : 'daemons' 112 , 'name' : 'Daemons' 113 , 'action' : '../../About/zenossInfo' 114 , 'permissions' : ( ZEN_MANAGE_DMD, ) 115 }, 116 { 'id' : 'versions' 117 , 'name' : 'Versions' 118 , 'action' : '../../About/zenossVersions' 119 , 'permissions' : ( ZEN_MANAGE_DMD, ) 120 }, 121 { 'id' : 'backups' 122 , 'name' : 'Backups' 123 , 'action' : '../backupInfo' 124 , 'permissions' : ( ZEN_MANAGE_DMD, ) 125 }, 126 ) 127 }, 128 ) 129 130

131 - def getAllUserSettings(self):

132 """Return list user settings objects. 133 """ 134 # This code used to filter out the admin user. 135 # See ticket #1615 for why it no longer does. 136 users = self.objectValues(spec="UserSettings") 137 users.sort(lambda a,b:cmp(a.id, b.id)) 138 return users

139

140 - def getAllGroupSettings(self):

141 """Return list user settings objects. 142 """ 143 groups = self.objectValues(spec="GroupSettings") 144 groups.sort(lambda a,b:cmp(a.id, b.id)) 145 return groups

146

147 - def getAllUserSettingsNames(self, filtNames=()):

148 """Return list of all zenoss usernames. 149 """ 150 filt = lambda x: x not in filtNames 151 return [ u.id for u in self.getAllUserSettings() if filt(u.id) ]

152

153 - def getAllGroupSettingsNames(self, filtNames=()):

154 """Return list of all zenoss usernames. 155 """ 156 filt = lambda x: x not in filtNames 157 return [ g.id for g in self.getAllGroupSettings() if filt(g.id) ]

158

159 - def getUsers(self):

160 """Return list of Users wrapped in their settings folder. 161 """ 162 users = [] 163 for uset in self.objectValues(spec="UserSettings"): 164 user = self.acl_users.getUser(uset.id) 165 if user: users.append(user.__of__(uset)) 166 return users

167 168

169 - def getUser(self, userid=None):

170 """Return a user object. If userid is not passed return current user. 171 """ 172 if userid is None: 173 user = getSecurityManager().getUser() 174 else: 175 user = self.acl_users.getUser(userid) 176 if user: return user.__of__(self.acl_users)

177 178

179 - def getAllActionRules(self):

180 for u in self.getAllUserSettings() + self.getAllGroupSettings(): 181 for ar in u.getActionRules(): 182 yield ar

183

184 - def getUserSettings(self, userid=None):

185 """Return a user folder. If userid is not passed return current user. 186 """ 187 user=None 188 if userid is None: 189 user = getSecurityManager().getUser() 190 userid = user.getId() 191 if not userid: raise Unauthorized 192 folder = self._getOb(userid,None) 193 if not folder and userid: 194 ufolder = UserSettings(userid) 195 self._setObject(ufolder.getId(), ufolder) 196 folder = self._getOb(userid) 197 if not user: 198 user = self.getUser(userid) 199 if user: 200 # Load default values from our auth backend 201 psheets = user.listPropertysheets() 202 psheets.reverse() # Because first sheet should have priority 203 for ps in map(lambda ps: user.getPropertysheet(ps), psheets): 204 props = {} 205 for id in ps.propertyIds(): 206 props[id] = ps.getProperty(id) 207 ufolder.updatePropsFromDict(props) 208 folder.changeOwnership(user) 209 folder.manage_setLocalRoles(userid, ("Owner",)) 210 return folder

211 212

213 - def getGroupSettings(self, groupid):

214 if not self._getOb(groupid, False): 215 gfolder = GroupSettings(groupid) 216 self._setObject(gfolder.getId(), gfolder) 217 return self._getOb(groupid)

218 219

220 - def setDashboardState(self, userid=None, REQUEST=None):

221 """ Store a user's portlets and layout. If userid is not passed 222 set the state for the current user. 223 """ 224 user = self.getUserSettings(userid) 225 posted = Utils.extractPostContent(REQUEST) 226 if posted: 227 user.dashboardState = posted 228 return True

229

230 - def getUserSettingsUrl(self, userid=None):

231 """Return the url to the current user's folder. 232 """ 233 uf = self.getUserSettings(userid) 234 if uf: return uf.getPrimaryUrlPath() 235 return ""

236 237 238 security.declareProtected(ZEN_MANAGE_DMD, 'manage_addUser')

239 - def manage_addUser(self, userid, password=None,roles=("ZenUser",), 240 REQUEST=None,**kw):

241 """ 242 Add a Zenoss user to the system and set the user's default properties. 243 244 @parameter userid: username to add 245 @parameter password: password for the username 246 @parameter roles: tuple of role names 247 @parameter REQUEST: Zope object containing details about this request 248 """ 249 if not userid: return 250 251 userid= userid.strip() 252 253 illegal_usernames= [ 'user', ] 254 255 user_name= userid.lower() 256 if user_name in illegal_usernames: 257 if REQUEST: 258 messaging.IMessageSender(self).sendToBrowser( 259 'Error', 260 'The username "%s" is reserved.' % userid, 261 priority=messaging.WARNING 262 ) 263 return self.callZenScreen(REQUEST) 264 else: 265 return None 266 267 if password is None: 268 password = self.generatePassword() 269 270 self.acl_users._doAddUser(userid,password,roles,"") 271 user = self.acl_users.getUser(userid) 272 ufolder = self.getUserSettings(userid) 273 if REQUEST: kw = REQUEST.form 274 ufolder.updatePropsFromDict(kw) 275 276 if REQUEST: 277 messaging.IMessageSender(self).sendToBrowser( 278 'User Added', 279 'User "%s" has been created.' % userid 280 ) 281 return self.callZenScreen(REQUEST) 282 else: 283 return user

284 285

286 - def generatePassword(self):

287 """ Generate a valid password. 288 """ 289 # we don't use these to avoid typos: OQ0Il1 290 chars = 'ABCDEFGHJKLMNPRSTUVWXYZabcdefghijkmnopqrstuvwxyz23456789' 291 return ''.join( [ choice(chars) for i in range(6) ] )

292 293 294 security.declareProtected(ZEN_MANAGE_DMD, 'manage_changeUser')

295 - def manage_changeUser(self, userid, password=None, sndpassword=None, 296 roles=None, domains=None, REQUEST=None, **kw):

297 """Change a zenoss users settings. 298 """ 299 user = self.acl_users.getUser(userid) 300 if not user: 301 if REQUEST: 302 messaging.IMessageSender(self).sendToBrowser( 303 'Error', 304 'User "%s" was not found.' % userid, 305 priority=messaging.WARNING 306 ) 307 return self.callZenScreen(REQUEST) 308 else: 309 return 310 if password and password != sndpassword: 311 if REQUEST: 312 messaging.IMessageSender(self).sendToBrowser( 313 'Error', 314 "Passwords didn't match. No change.", 315 priority=messaging.WARNING 316 ) 317 return self.callZenScreen(REQUEST) 318 else: 319 raise ValueError("passwords don't match") 320 if password is None: password = user._getPassword() 321 if roles is None: roles = user.roles 322 if domains is None: domains = user.domains 323 self.acl_users._doChangeUser(userid,password,roles,domains) 324 ufolder = self.getUserSettings(userid) 325 ufolder.updatePropsFromDict(kw) 326 if REQUEST: 327 messaging.IMessageSender(self).sendToBrowser( 328 'Settings Saved', 329 Time.SaveMessage() 330 ) 331 return self.callZenScreen(REQUEST) 332 else: 333 return user

334 335 336 security.declareProtected(ZEN_MANAGE_DMD, 'manage_deleteUsers')

337 - def manage_deleteUsers(self, userids=(), REQUEST=None):

338 """Delete a list of zenoss users from the system. 339 """ 340 # get a list of plugins that can add manage users and then call the 341 # appropriate methods 342 # 343 # XXX this needs to be reviewed when new plugins are added, such as the 344 # LDAP plugin 345 if 'admin' in userids: 346 messaging.IMessageSender(self).sendToBrowser( 347 'Error', 348 "Cannot delete admin user. No users were deleted.", 349 messaging.WARNING 350 ) 351 return self.callZenScreen(REQUEST) 352 353 ifaces = [interfaces.plugins.IUserAdderPlugin] 354 getPlugins = self.acl_users.plugins.listPlugins 355 plugins = [ getPlugins(x)[0][1] for x in ifaces ] 356 for userid in userids: 357 try: 358 for plugin in plugins: 359 plugin.removeUser(userid) 360 except KeyError: 361 # this means that there's no user in the acl_users, but that 362 # Zenoss still sees the user; we want to pass on this exception 363 # so that Zenoss can clean up 364 pass 365 if getattr(aq_base(self), userid, False): 366 us = self._getOb(userid) 367 for ar in us.adminRoles(): 368 ar.userSetting.removeRelation() 369 mobj = ar.managedObject().primaryAq() 370 mobj.adminRoles._delObject(ar.id) 371 self._delObject(userid) 372 373 if REQUEST: 374 messaging.IMessageSender(self).sendToBrowser( 375 'Users Deleted', 376 "Users were deleted: %s." % (', '.join(userids)) 377 ) 378 return self.callZenScreen(REQUEST)

379 380 381 security.declareProtected(ZEN_MANAGE_DMD, 'manage_addGroup')

382 - def manage_addGroup(self, groupid, REQUEST=None):

383 """Add a zenoss group to the system and set its default properties. 384 """ 385 if not groupid: return 386 try: 387 self.acl_users.groupManager.addGroup(groupid) 388 except KeyError: pass 389 self.getGroupSettings(groupid) 390 if REQUEST: 391 messaging.IMessageSender(self).sendToBrowser( 392 'Group Added', 393 'Group "%s" has been created.' % groupid 394 ) 395 return self.callZenScreen(REQUEST)

396 397 398 security.declareProtected(ZEN_MANAGE_DMD, 'manage_deleteGroups')

399 - def manage_deleteGroups(self, groupids=(), REQUEST=None):

400 """ Delete a zenoss group from the system 401 """ 402 gm = self.acl_users.groupManager 403 if type(groupids) in types.StringTypes: 404 groupids = [groupids] 405 for groupid in groupids: 406 if self._getOb(groupid): self._delObject(groupid) 407 try: 408 gm.removeGroup(groupid) 409 except KeyError: pass 410 if REQUEST: 411 messaging.IMessageSender(self).sendToBrowser( 412 'Groups Deleted', 413 "Groups were deleted: %s." % (', '.join(groupids)) 414 ) 415 return self.callZenScreen(REQUEST)

416 417 418 security.declareProtected(ZEN_MANAGE_DMD, 'manage_addUsersToGroups')

419 - def manage_addUsersToGroups(self, userids=(), groupids=(), REQUEST=None):

420 """ Add users to a group 421 """ 422 if type(userids) in types.StringTypes: 423 userids = [userids] 424 if type(groupids) in types.StringTypes: 425 groupids = [groupids] 426 for groupid in groupids: 427 self._getOb(groupid).manage_addUsersToGroup(userids) 428 if REQUEST: 429 if len(groupids) == 0: 430 messaging.IMessageSender(self).sendToBrowser( 431 'Error', 432 'No groups were selected.', 433 priority=messaging.WARNING 434 ) 435 else: 436 messaging.IMessageSender(self).sendToBrowser( 437 'Groups Modified', 438 'Users %s were added to group %s.' % ( 439 ', '.join(userids), ', '.join(groupids)) 440 ) 441 return self.callZenScreen(REQUEST)

442 443 444 security.declareProtected(ZEN_MANAGE_DMD, 'manage_emailTestAdmin')

445 - def manage_emailTestAdmin(self, userid, REQUEST=None):

446 ''' Do email test for given user 447 ''' 448 userSettings = self.getUserSettings(userid) 449 msg = userSettings.manage_emailTest() 450 if msg: 451 messaging.IMessageSender(self).sendToBrowser('Email Test', msg) 452 if REQUEST: 453 return self.callZenScreen(REQUEST)

454 455 456 security.declareProtected(ZEN_MANAGE_DMD, 'manage_pagerTestAdmin')

457 - def manage_pagerTestAdmin(self, userid, REQUEST=None):

458 ''' Do pager test for given user 459 ''' 460 userSettings = self.getUserSettings(userid) 461 msg = userSettings.manage_pagerTest() 462 if msg: 463 messaging.IMessageSender(self).sendToBrowser('Pager Test', msg) 464 if REQUEST: 465 return self.callZenScreen(REQUEST)

466 467

468 - def cleanUserFolders(self):

469 """Delete orphaned user folders. 470 """ 471 userfolders = self._getOb(UserSettingsId) 472 userids = self.acl_users.getUserNames() 473 for fid in userfolders.objectIds(): 474 if fid not in userids: 475 userfolders._delObject(fid)

476 477

478 - def getAllRoles(self):

479 """Get list of all roles without Anonymous and Authenticated. 480 """ 481 return filter(rolefilter, self.valid_roles())

482 483

484 - def exportXmlHook(self,ofile, ignorerels):

485 map(lambda x: x.exportXml(ofile, ignorerels), self.getAllUserSettings())

486 487 488

489 -def manage_addUserSettings(context, id, title = None, REQUEST = None):

490 """make a device class""" 491 dc = UserSettings(id, title) 492 context._setObject(id, dc) 493 if REQUEST: 494 REQUEST['RESPONSE'].redirect(context.absolute_url() + '/manage_main')

495 496 497 addUserSettings = DTMLFile('dtml/addUserSettings',globals()) 498 499

500 -class UserSettings(ZenModelRM):

501 """zenoss user folder has users preferences. 502 """ 503 504 meta_type = "UserSettings" 505 506 sub_meta_types = ("ActionRule",) 507 508 email = "" 509 pager = "" 510 defaultPageSize = 40 511 defaultEventPageSize = 30 512 defaultAdminRole = "ZenUser" 513 defaultAdminLevel = 1 514 oncallStart = 0 515 oncallEnd = 0 516 escalationMinutes = 0 517 dashboardState = '' 518 netMapStartObject = '' 519 eventConsoleRefresh = True 520 zenossNetUser = '' 521 zenossNetPassword = '' 522 523 _properties = ZenModelRM._properties + ( 524 {'id':'email', 'type':'string', 'mode':'w'}, 525 {'id':'pager', 'type':'string', 'mode':'w'}, 526 {'id':'defaultPageSize', 'type':'int', 'mode':'w'}, 527 {'id':'defaultEventPageSize', 'type':'int', 'mode':'w'}, 528 {'id':'defaultAdminRole', 'type':'string', 'mode':'w'}, 529 {'id':'defaultAdminLevel', 'type':'int', 'mode':'w'}, 530 {'id':'oncallStart', 'type':'int', 'mode':'w'}, 531 {'id':'oncallEnd', 'type':'int', 'mode':'w'}, 532 {'id':'escalationMinutes', 'type':'int', 'mode':'w'}, 533 {'id':'dashboardState', 'type':'string', 'mode':'w'}, 534 {'id':'netMapStartObject', 'type':'string', 'mode':'w'}, 535 {'id':'eventConsoleRefresh', 'type':'boolean', 'mode':'w'}, 536 {'id':'zenossNetUser', 'type':'string', 'mode':'w'}, 537 {'id':'zenossNetPassword', 'type':'string', 'mode':'w'}, 538 ) 539 540 541 _relations = ( 542 ("adminRoles", ToMany(ToOne, "Products.ZenModel.AdministrativeRole", 543 "userSetting")), 544 ("messages", ToManyCont(ToOne, 545 "Products.ZenWidgets.PersistentMessage.PersistentMessage", 546 "messageQueue")), 547 ) 548 549 # Screen action bindings (and tab definitions) 550 factory_type_information = ( 551 { 552 'immediate_view' : 'editUserSettings', 553 'actions' : 554 ( 555 {'name' : 'Edit', 556 'action' : 'editUserSettings', 557 'permissions' : (ZEN_CHANGE_SETTINGS,), 558 }, 559 {'name' : 'Administered Objects', 560 'action' : 'administeredDevices', 561 'permissions' : (ZEN_CHANGE_ADMIN_OBJECTS,) 562 }, 563 {'name' : 'Event Views', 564 'action' : 'editEventViews', 565 # ideally make this its own permission 566 'permissions' : (ZEN_CHANGE_SETTINGS,), 567 }, 568 {'name' : 'Alerting Rules', 569 'action' : 'editActionRules', 570 'permissions' : (ZEN_CHANGE_ALERTING_RULES,), 571 }, 572 ) 573 }, 574 ) 575 576 security = ClassSecurityInfo() 577 578 security.declareProtected('View', 'zentinelTabs')

579 - def zentinelTabs(self, templateName):

580 """Return a list of hashs that define the screen tabs for this object. 581 [{'name':'Name','action':'template','selected':False},...] 582 """ 583 tabs = super(UserSettings, self).zentinelTabs(templateName) 584 # if we don't have any global roles take away edit tab 585 if self.hasNoGlobalRoles(): 586 return tabs[:-1] 587 return tabs

588

589 - def hasNoGlobalRoles(self):

590 """This user doesn't have global roles. Used to limit access 591 """ 592 return self.id != 'admin' and len(self.getUserRoles()) == 0

593

594 - def getUserRoles(self):

595 """Get current roles for this user. 596 """ 597 user = self.getUser(self.id) 598 if user: return filter(rolefilter, user.getRoles()) 599 return []

600 601

602 - def getUserGroupSettingsNames(self):

603 """Return group settings objects for user 604 """ 605 user = self.getUser(self.id) 606 gm = self.zport.acl_users.groupManager 607 if user: 608 return gm.getGroupsForPrincipal(user) 609 return ()

610 611 612 security.declareProtected(ZEN_CHANGE_SETTINGS, 'updatePropsFromDict')

613 - def updatePropsFromDict(self, propdict):

614 props = self.propertyIds() 615 for k, v in propdict.items(): 616 if k in props: setattr(self,k,v)

617 618

619 - def iseditable(self):

620 """Can the current user edit this settings object. 621 """ 622 owner = self.getOwner() 623 user = getSecurityManager().getUser() 624 if owner.has_role("Manager") and not user.has_role("Manager"): 625 return False 626 627 return user.has_role("Manager") or \ 628 user.has_role("ZenManager") or \ 629 owner.getUserName() == user.getUserName()

630 631

632 - def manage_beforeDelete(self, item, container):

633 """ 634 ActionRuleWindows need to be unindexed 635 """ 636 super(ZenModelRM, self).manage_beforeDelete(item, container) 637 for ar in self.getActionRules(): 638 ar.manage_beforeDelete(item, container)

639 640 641 security.declareProtected(ZEN_CHANGE_SETTINGS, 'manage_editUserSettings')

642 - def manage_editUserSettings(self, password=None, sndpassword=None, 643 roles=None, groups=None, domains=None, 644 REQUEST=None, **kw):

645 """Update user settings. 646 """ 647 # get the user object; return if no user 648 user = self.acl_users.getUser(self.id) 649 if not user: 650 user = self.getPhysicalRoot().acl_users.getUser(self.id) 651 if not user: 652 if REQUEST: 653 messaging.IMessageSender(self).sendToBrowser( 654 'Error', 655 'User %s not found.' % self.id, 656 priority=messaging.WARNING 657 ) 658 return self.callZenScreen(REQUEST) 659 else: 660 return 661 662 # update role info 663 roleManager = self.acl_users.roleManager 664 origRoles = filter(rolefilter, user.getRoles()) 665 666 if not self.has_role('Manager') and roles and 'Manager' in roles: 667 if REQUEST: 668 messaging.IMessageSender(self).sendToBrowser( 669 'Error', 670 'Only Managers can make more Managers.', 671 priority=messaging.WARNING 672 ) 673 return self.callZenScreen(REQUEST) 674 else: 675 return 676 677 if not self.has_role('Manager') and origRoles and \ 678 'Manager' in origRoles: 679 680 if REQUEST: 681 messaging.IMessageSender(self).sendToBrowser( 682 'Error', 683 'Only Managers can modify other Managers.', 684 priority=messaging.WARNING 685 ) 686 return self.callZenScreen(REQUEST) 687 else: 688 return 689 690 # if there's a change, then we need to update 691 if roles != origRoles and self.isManager(): 692 from sets import Set as set 693 # get roles to remove and then remove them 694 removeRoles = list(set(origRoles).difference(set(roles))) 695 for role in removeRoles: 696 roleManager.removeRoleFromPrincipal(role, self.id) 697 # get roles to add and then add them 698 addRoles = list(set(roles).difference(set(origRoles))) 699 for role in addRoles: 700 roleManager.assignRoleToPrincipal(role, self.id) 701 702 # update group info 703 groupManager = self.acl_users.groupManager 704 origGroups = groupManager.getGroupsForPrincipal(user) 705 # if there's a change, then we need to update 706 if groups != origGroups and self.isManager(): 707 # can we use the built-in set? 708 try: 709 set() 710 except NameError: 711 from sets import Set as set 712 # get groups to remove and then remove them 713 removeGroups = set(origGroups).difference(set(groups)) 714 for groupid in removeGroups: 715 groupManager.removePrincipalFromGroup(user.getId(), groupid) 716 # get groups to add and then add them 717 addGroups = set(groups).difference(set(origGroups)) 718 for groupid in addGroups: 719 groupManager.addPrincipalToGroup(user.getId(), groupid) 720 721 # we're not managing domains right now 722 if domains: 723 msg = 'Zenoss does not currently manage domains for users.' 724 raise NotImplementedError(msg) 725 726 # update Zenoss user folder settings 727 if REQUEST: 728 kw = REQUEST.form 729 self.manage_changeProperties(**kw) 730 731 # update password info 732 userManager = self.acl_users.userManager 733 if password: 734 if password.find(':') >= 0: 735 if REQUEST: 736 messaging.IMessageSender(self).sendToBrowser( 737 'Error', 738 'Passwords cannot contain a ":". Password not updated.', 739 priority=messaging.WARNING 740 ) 741 return self.callZenScreen(REQUEST) 742 else: 743 raise ValueError("Passwords cannot contain a ':' ") 744 elif password != sndpassword: 745 if REQUEST: 746 messaging.IMessageSender(self).sendToBrowser( 747 'Error', 748 'Passwords did not match. Password not updated.', 749 priority=messaging.WARNING 750 ) 751 return self.callZenScreen(REQUEST) 752 else: 753 raise ValueError("Passwords don't match") 754 else: 755 try: userManager.updateUserPassword(self.id, password) 756 except KeyError: 757 self.getPhysicalRoot().acl_users.userManager.updateUserPassword( 758 self.id, password) 759 if REQUEST: 760 loggedInUser = REQUEST['AUTHENTICATED_USER'] 761 # we only want to log out the user if it's *their* passowrd 762 # they've changed, not, for example, if the admin user is 763 # changing another user's password 764 if loggedInUser.getUserName() == self.id: 765 self.acl_users.logout(REQUEST) 766 767 # finish up 768 if REQUEST: 769 messaging.IMessageSender(self).sendToBrowser( 770 'Settings Saved', 771 Time.SaveMessage() 772 ) 773 return self.callZenScreen(REQUEST) 774 else: 775 return user

776 777 security.declareProtected(ZEN_CHANGE_ALERTING_RULES, 'manage_addActionRule')

778 - def manage_addActionRule(self, id=None, REQUEST=None):

779 """Add an action rule to this object. 780 """ 781 if id: 782 ar = ActionRule(id) 783 self._setObject(id, ar) 784 ar = self._getOb(id) 785 user = getSecurityManager().getUser() 786 userid = user.getId() 787 if userid != self.id: 788 userid = self.id 789 user = self.getUser(userid) 790 ar.changeOwnership(user) 791 ar.manage_setLocalRoles(userid, ("Owner",)) 792 if REQUEST: 793 return self.callZenScreen(REQUEST)

794

795 - def getActionRules(self):

796 return self.objectValues(spec=ActionRule.meta_type)

797 798 security.declareProtected(ZEN_CHANGE_EVENT_VIEWS, 799 'manage_addCustomEventView')

800 - def manage_addCustomEventView(self, id=None, REQUEST=None):

801 """Add an action rule to this object. 802 """ 803 if id: 804 ar = CustomEventView(id) 805 self._setObject(id, ar) 806 ar = self._getOb(id) 807 user = getSecurityManager().getUser() 808 userid = user.getId() 809 if userid != self.id: 810 userid = self.id 811 user = self.getUser(userid) 812 ar.changeOwnership(user) 813 ar.manage_setLocalRoles(userid, ("Owner",)) 814 if REQUEST: 815 return self.callZenScreen(REQUEST)

816 817 818 security.declareProtected(ZEN_CHANGE_ADMIN_OBJECTS, 819 'manage_addAdministrativeRole')

820 - def manage_addAdministrativeRole(self, name=None, type='device', 821 role=None, REQUEST=None):

822 "Add a Admin Role to this device" 823 unused(role) 824 mobj = None 825 if not name: 826 name = REQUEST.deviceName 827 if type == 'device': 828 mobj =self.getDmdRoot("Devices").findDevice(name) 829 else: 830 try: 831 root = type.capitalize()+'s' 832 if type == "deviceClass": 833 mobj = self.getDmdRoot("Devices").getOrganizer(name) 834 else: 835 mobj = self.getDmdRoot(root).getOrganizer(name) 836 except KeyError: pass 837 if not mobj: 838 if REQUEST: 839 messaging.IMessageSender(self).sendToBrowser( 840 'Error', 841 "%s %s not found"%(type.capitalize(),name), 842 priority=messaging.WARNING 843 ) 844 return self.callZenScreen(REQUEST) 845 else: return 846 roleNames = [ r.id for r in mobj.adminRoles() ] 847 if self.id in roleNames: 848 if REQUEST: 849 messaging.IMessageSender(self).sendToBrowser( 850 'Error', 851 (("Administrative Role for %s %s " 852 "for user %s already exists.") % (type, name, self.id)), 853 priority=messaging.WARNING 854 ) 855 return self.callZenScreen(REQUEST) 856 else: return 857 mobj.manage_addAdministrativeRole(self.id) 858 if REQUEST: 859 messaging.IMessageSender(self).sendToBrowser( 860 'Role Added', 861 ("Administrative Role for %s %s for user %s added" % 862 (type, name, self.id)) 863 ) 864 return self.callZenScreen(REQUEST)

865 866 867 security.declareProtected(ZEN_CHANGE_ADMIN_OBJECTS, 868 'manage_editAdministrativeRoles')

869 - def manage_editAdministrativeRoles(self, ids=(), role=(), 870 level=(), REQUEST=None):

871 """Edit list of admin roles. 872 """ 873 if type(ids) in types.StringTypes: 874 ids = [ids] 875 level = [level] 876 role = [role] 877 else: 878 ids = list(ids) 879 for ar in self.adminRoles(): 880 mobj = ar.managedObject() 881 try: i = ids.index(mobj.managedObjectName()) 882 except ValueError: continue 883 mobj = mobj.primaryAq() 884 mobj.manage_editAdministrativeRoles(self.id, role[i], level[i]) 885 if REQUEST: 886 if ids: 887 messaging.IMessageSender(self).sendToBrowser( 888 'Roles Updated', 889 "Administrative roles were updated." 890 ) 891 return self.callZenScreen(REQUEST)

892 893 894 security.declareProtected(ZEN_CHANGE_ADMIN_OBJECTS, 895 'manage_deleteAdministrativeRole')

896 - def manage_deleteAdministrativeRole(self, delids=(), REQUEST=None):

897 "Delete a admin role to this device" 898 if type(delids) in types.StringTypes: 899 delids = [delids] 900 for ar in self.adminRoles(): 901 mobj = ar.managedObject() 902 if mobj.managedObjectName() not in delids: continue 903 mobj = mobj.primaryAq() 904 mobj.manage_deleteAdministrativeRole(self.id) 905 if REQUEST: 906 if delids: 907 messaging.IMessageSender(self).sendToBrowser( 908 'Roles Deleted', 909 "Administrative roles were deleted." 910 ) 911 return self.callZenScreen(REQUEST)

912 913 914 security.declareProtected(ZEN_CHANGE_SETTINGS, 'getAllAdminRoles')

915 - def getAllAdminRoles(self):

916 """Return all admin roles for this user and its groups 917 """ 918 ars = self.adminRoles() 919 for group in self.getUser().getGroups(): 920 gs = self.getGroupSettings(group) 921 ars.extend(gs.adminRoles()) 922 return ars

923 924 925 security.declareProtected(ZEN_CHANGE_SETTINGS, 'manage_emailTest')

926 - def manage_emailTest(self, REQUEST=None):

927 ''' Send a test email to the given userid. 928 ''' 929 destSettings = self.getUserSettings(self.getId()) 930 destAddresses = destSettings.getEmailAddresses() 931 msg = None 932 if destAddresses: 933 fqdn = socket.getfqdn() 934 thisUser = self.getUser() 935 srcId = thisUser.getId() 936 self.getUserSettings(srcId) 937 srcAddress = self.dmd.getEmailFrom() 938 # Read body from file probably 939 body = ('This is a test message sent by %s' % srcId + 940 ' from the Zenoss installation on %s.' % fqdn) 941 emsg = MIMEText(body) 942 emsg['Subject'] = 'Zenoss Email Test' 943 emsg['From'] = srcAddress 944 emsg['To'] = ', '.join(destAddresses) 945 emsg['Date'] = DateTime().rfc822() 946 result, errorMsg = Utils.sendEmail(emsg, self.dmd.smtpHost, 947 self.dmd.smtpPort, 948 self.dmd.smtpUseTLS, self.dmd.smtpUser, 949 self.dmd.smtpPass) 950 if result: 951 msg = 'Test email sent to %s' % ', '.join(destAddresses) 952 else: 953 msg = 'Test failed: %s' % errorMsg 954 else: 955 msg = 'Test email not sent, user has no email address.' 956 if REQUEST: 957 messaging.IMessageSender(self).sendToBrowser( 958 'Email Test', 959 msg.replace("'", "\\'") 960 ) 961 return self.callZenScreen(REQUEST) 962 else: 963 return msg

964 965 966 security.declareProtected(ZEN_CHANGE_SETTINGS, 'manage_pagerTest')

967 - def manage_pagerTest(self, REQUEST=None):

968 ''' Send a test page 969 ''' 970 destSettings = self.getUserSettings(self.getId()) 971 destPagers = [ x.strip() for x in 972 (destSettings.getPagerAddresses() or []) ] 973 msg = None 974 fqdn = socket.getfqdn() 975 srcId = self.getUser().getId() 976 testMsg = ('Test sent by %s' % srcId + 977 ' from the Zenoss installation on %s.' % fqdn) 978 for destPager in destPagers: 979 result, errorMsg = Utils.sendPage(destPager, testMsg, 980 self.dmd.pageCommand) 981 if result: 982 msg = 'Test page sent to %s' % ', '.join(destPagers) 983 else: 984 msg = 'Test failed: %s' % errorMsg 985 break 986 if not destPagers: 987 msg = 'Test page not sent, user has no pager number.' 988 if REQUEST: 989 messaging.IMessageSender(self).sendToBrowser( 990 'Pager Test', msg) 991 return self.callZenScreen(REQUEST) 992 else: 993 return msg

994

995 - def exportXmlHook(self, ofile, ignorerels):

996 """patch to export all user configuration 997 """ 998 for o in self.objectValues(): 999 if hasattr(aq_base(o), 'exportXml'): 1000 o.exportXml(ofile, ignorerels)

1001

1002 - def getPagerAddresses(self):

1003 if self.pager.strip(): 1004 return [self.pager.strip()] 1005 return []

1006

1007 - def getEmailAddresses(self):

1008 if self.email.strip(): 1009 return [self.email] 1010 return []

1011

1012 - def getDotNetSession(self):

1013 """ 1014 Use the Zenoss.net credentials associated with this user to log in to a 1015 Zenoss.net session. 1016 """ 1017 session = DotNetCommunication.getDotNetSession( 1018 self.zenossNetUser, 1019 self.zenossNetPassword) 1020 return session

1021

1022 -class GroupSettings(UserSettings):

1023 1024 meta_type = 'GroupSettings' 1025 1026 factory_type_information = ( 1027 { 1028 'immediate_view' : 'editGroupSettings', 1029 'actions' : 1030 ( 1031 {'name' : 'Edit', 1032 'action' : 'editGroupSettings', 1033 'permissions' : (ZEN_CHANGE_SETTINGS,), 1034 }, 1035 {'name' : 'Administered Objects', 1036 'action' : 'administeredDevices', 1037 'permissions' : (ZEN_CHANGE_ADMIN_OBJECTS,) 1038 }, 1039 {'name' : 'Event Views', 1040 'action' : 'editEventViews', 1041 # ideally make this its own permission 1042 'permissions' : (ZEN_CHANGE_SETTINGS,), 1043 }, 1044 {'name' : 'Alerting Rules', 1045 'action' : 'editActionRules', 1046 'permissions' : (ZEN_CHANGE_ALERTING_RULES,), 1047 }, 1048 ) 1049 }, 1050 ) 1051 1052 security = ClassSecurityInfo() 1053

1054 - def _getG(self):

1055 return self.zport.acl_users.groupManager

1056 1057

1058 - def hasNoGlobalRoles(self):

1059 """This is a group we never have roles. This is set to false so that 1060 fuctionality that would normally be taken away for a restricted user is 1061 left in. 1062 """ 1063 return False

1064 1065 1066 security.declareProtected(ZEN_MANAGE_DMD, 'manage_addUsersToGroup')

1067 - def manage_addUsersToGroup( self, userids, REQUEST=None ):

1068 """ Add user to this group 1069 """ 1070 if type(userids) in types.StringTypes: 1071 userids = [userids] 1072 for userid in userids: 1073 self._getG().addPrincipalToGroup( userid, self.id ) 1074 if REQUEST: 1075 messaging.IMessageSender(self).sendToBrowser( 1076 'Users Added', 1077 'Added %s to Group %s' % (','.join(userids), self.id) 1078 ) 1079 return self.callZenScreen(REQUEST)

1080 1081 security.declareProtected(ZEN_MANAGE_DMD, 'manage_deleteUserFromGroup')

1082 - def manage_deleteUserFromGroup( self, userid ):

1083 self._getG().removePrincipalFromGroup( userid, self.id )

1084 1085 security.declareProtected(ZEN_MANAGE_DMD, 'manage_deleteUsersFromGroup')

1086 - def manage_deleteUsersFromGroup(self, userids=(), REQUEST=None ):

1087 """ Delete users from this group 1088 """ 1089 for userid in userids: 1090 self.manage_deleteUserFromGroup(userid) 1091 if REQUEST: 1092 messaging.IMessageSender(self).sendToBrowser( 1093 'Users Removed', 1094 'Deleted users from Group %s' % self.id 1095 ) 1096 return self.callZenScreen(REQUEST)

1097

1098 - def getMemberUserSettings(self):

1099 return [ self.getUserSettings(u[0]) 1100 for u in self._getG().listAssignedPrincipals(self.id) ]

1101

1102 - def getMemberUserIds(self):

1103 return [ u[0] for u in self._getG().listAssignedPrincipals(self.id) ]

1104

1105 - def printUsers(self):

1106 return ", ".join(self.getMemberUserIds())

1107

1108 - def getEmailAddresses(self):

1109 result = [] 1110 for username in self.getMemberUserIds(): 1111 result.extend(self.getUserSettings(username).getEmailAddresses()) 1112 return result

1113

1114 - def getPagerAddresses(self):

1115 result = [] 1116 for username in self.getMemberUserIds(): 1117 result.extend(self.getUserSettings(username).getPagerAddresses()) 1118 return result

1119 1120 1121 InitializeClass(UserSettingsManager) 1122 InitializeClass(UserSettings) 1123

Source Code for Module ZenModel.UserSettings