ZenModel.UserSettings

1 ########################################################################### 2 # 3 # This program is part of Zenoss Core, an open source monitoring platform. 4 # Copyright (C) 2007, Zenoss Inc. 5 # 6 # This program is free software; you can redistribute it and/or modify it 7 # under the terms of the GNU General Public License version 2 as published by 8 # the Free Software Foundation. 9 # 10 # For complete information please visit: http://www.zenoss.com/oss/ 11 # 12 ########################################################################### 13 14 import types 15 16 from random import choice 17 18 from Globals import DTMLFile 19 from Globals import InitializeClass 20 from AccessControl import ClassSecurityInfo 21 from AccessControl import getSecurityManager 22 from Acquisition import aq_base 23 from Products.PluggableAuthService import interfaces 24 from zExceptions import Unauthorized 25 from DateTime import DateTime 26 27 from Products.ZenEvents.ActionRule import ActionRule 28 from Products.ZenEvents.CustomEventView import CustomEventView 29 from Products.ZenRelations.RelSchema import * 30 from Products.ZenUtils import Time 31 from Products.ZenUtils.Utils import unused 32 from Products.ZenUtils import DotNetCommunication 33 from Products.ZenWidgets import messaging 34 35 from ZenossSecurity import * 36 from ZenModelRM import ZenModelRM 37 from Products.ZenUtils import Utils 38 39 from email.MIMEText import MIMEText 40 import socket 41 42 UserSettingsId = "ZenUsers" 43

44 -def manage_addUserSettingsManager(context, REQUEST=None):

45 """Create user settings manager.""" 46 ufm = UserSettingsManager(UserSettingsId) 47 context._setObject(ufm.getId(), ufm) 48 if REQUEST is not None: 49 REQUEST['RESPONSE'].redirect(context.absolute_url() + '/manage_main')

50 51

52 -def rolefilter(r): return r not in ("Anonymous", "Authenticated", "Owner")

53

54 -class UserSettingsManager(ZenModelRM):

55 """Manage zenoss user folders. 56 """ 57 security = ClassSecurityInfo() 58 59 meta_type = "UserSettingsManager" 60 61 #zPrimaryBasePath = ("", "zport") 62 63 sub_meta_types = ("UserSettings",) 64 65 factory_type_information = ( 66 { 67 'id' : 'UserSettingsManager', 68 'meta_type' : 'UserSettingsManager', 69 'description' : """Base class for all devices""", 70 'icon' : 'UserSettingsManager.gif', 71 'product' : 'ZenModel', 72 'factory' : 'manage_addUserSettingsManager', 73 'immediate_view' : 'manageUserFolder', 74 'actions' : 75 ( 76 { 'id' : 'settings' 77 , 'name' : 'Settings' 78 , 'action' : '../editSettings' 79 , 'permissions' : ( ZEN_MANAGE_DMD, ) 80 }, 81 { 'id' : 'manage' 82 , 'name' : 'Commands' 83 , 'action' : '../dataRootManage' 84 , 'permissions' : (ZEN_MANAGE_DMD,) 85 }, 86 { 'id' : 'users' 87 , 'name' : 'Users' 88 , 'action' : 'manageUserFolder' 89 , 'permissions' : ( ZEN_MANAGE_DMD, ) 90 }, 91 { 'id' : 'packs' 92 , 'name' : 'ZenPacks' 93 , 'action' : '../ZenPackManager/viewZenPacks' 94 , 'permissions' : ( ZEN_MANAGE_DMD, ) 95 }, 96 { 'id' : 'jobs' 97 , 'name' : 'Jobs' 98 , 'action' : '../joblist' 99 , 'permissions' : ( "Manage DMD", ) 100 }, 101 { 'id' : 'menus' 102 , 'name' : 'Menus' 103 , 'action' : '../editMenus' 104 , 'permissions' : ( ZEN_MANAGE_DMD, ) 105 }, 106 { 'id' : 'portlets' 107 , 'name' : 'Portlets' 108 , 'action' : '../editPortletPerms' 109 , 'permissions' : ( ZEN_MANAGE_DMD, ) 110 }, 111 { 'id' : 'daemons' 112 , 'name' : 'Daemons' 113 , 'action' : '../../About/zenossInfo' 114 , 'permissions' : ( ZEN_MANAGE_DMD, ) 115 }, 116 { 'id' : 'versions' 117 , 'name' : 'Versions' 118 , 'action' : '../../About/zenossVersions' 119 , 'permissions' : ( ZEN_MANAGE_DMD, ) 120 }, 121 { 'id' : 'backups' 122 , 'name' : 'Backups' 123 , 'action' : '../backupInfo' 124 , 'permissions' : ( ZEN_MANAGE_DMD, ) 125 }, 126 ) 127 }, 128 ) 129 130

131 - def getAllUserSettings(self):

132 """Return list user settings objects. 133 """ 134 # This code used to filter out the admin user. 135 # See ticket #1615 for why it no longer does. 136 users = self.objectValues(spec="UserSettings") 137 users.sort(lambda a,b:cmp(a.id, b.id)) 138 return users

139

140 - def getAllGroupSettings(self):

141 """Return list user settings objects. 142 """ 143 groups = self.objectValues(spec="GroupSettings") 144 groups.sort(lambda a,b:cmp(a.id, b.id)) 145 return groups

146

147 - def getAllUserSettingsNames(self, filtNames=()):

148 """Return list of all zenoss usernames. 149 """ 150 filt = lambda x: x not in filtNames 151 return [ u.id for u in self.getAllUserSettings() if filt(u.id) ]

152

153 - def getAllGroupSettingsNames(self, filtNames=()):

154 """Return list of all zenoss usernames. 155 """ 156 filt = lambda x: x not in filtNames 157 return [ g.id for g in self.getAllGroupSettings() if filt(g.id) ]

158

159 - def getUsers(self):

160 """Return list of Users wrapped in their settings folder. 161 """ 162 users = [] 163 for uset in self.objectValues(spec="UserSettings"): 164 user = self.acl_users.getUser(uset.id) 165 if user: users.append(user.__of__(uset)) 166 return users

167 168

169 - def getUser(self, userid=None):

170 """Return a user object. If userid is not passed return current user. 171 """ 172 if userid is None: 173 user = getSecurityManager().getUser() 174 else: 175 user = self.acl_users.getUser(userid) 176 if user: return user.__of__(self.acl_users)

177 178

179 - def getAllActionRules(self):

180 for u in self.getAllUserSettings() + self.getAllGroupSettings(): 181 for ar in u.getActionRules(): 182 yield ar

183

184 - def getUserSettings(self, userid=None):

185 """Return a user folder. If userid is not passed return current user. 186 """ 187 user=None 188 if userid is None: 189 user = getSecurityManager().getUser() 190 userid = user.getId() 191 if not userid: raise Unauthorized 192 folder = self._getOb(userid,None) 193 if not folder and userid: 194 ufolder = UserSettings(userid) 195 self._setObject(ufolder.getId(), ufolder) 196 folder = self._getOb(userid) 197 if not user: 198 user = self.getUser(userid) 199 if user: 200 # Load default values from our auth backend 201 psheets = user.listPropertysheets() 202 psheets.reverse() # Because first sheet should have priority 203 for ps in map(lambda ps: user.getPropertysheet(ps), psheets): 204 props = {} 205 for id in ps.propertyIds(): 206 props[id] = ps.getProperty(id) 207 ufolder.updatePropsFromDict(props) 208 folder.changeOwnership(user) 209 folder.manage_setLocalRoles(userid, ("Owner",)) 210 return folder

211 212

213 - def getGroupSettings(self, groupid):

214 if not self._getOb(groupid, False): 215 gfolder = GroupSettings(groupid) 216 self._setObject(gfolder.getId(), gfolder) 217 return self._getOb(groupid)

218 219

220 - def setDashboardState(self, userid=None, REQUEST=None):

221 """ Store a user's portlets and layout. If userid is not passed 222 set the state for the current user. 223 """ 224 user = self.getUserSettings(userid) 225 posted = Utils.extractPostContent(REQUEST) 226 if posted: 227 user.dashboardState = posted 228 return True

229

230 - def getUserSettingsUrl(self, userid=None):

231 """Return the url to the current user's folder. 232 """ 233 uf = self.getUserSettings(userid) 234 if uf: return uf.getPrimaryUrlPath() 235 return ""

236 237 238 security.declareProtected(ZEN_MANAGE_DMD, 'manage_addUser')

239 - def manage_addUser(self, userid, password=None,roles=("ZenUser",), 240 REQUEST=None,**kw):

241 """ 242 Add a Zenoss user to the system and set the user's default properties. 243 244 @parameter userid: username to add 245 @parameter password: password for the username 246 @parameter roles: tuple of role names 247 @parameter REQUEST: Zope object containing details about this request 248 """ 249 if not userid: return 250 251 userid= userid.strip() 252 253 illegal_usernames= [ 'user', ] 254 255 user_name= userid.lower() 256 if user_name in illegal_usernames: 257 if REQUEST: 258 messaging.IMessageSender(self).sendToBrowser( 259 'Error', 260 'The username "%s" is reserved.' % userid, 261 priority=messaging.WARNING 262 ) 263 return self.callZenScreen(REQUEST) 264 else: 265 return None 266 267 if password is None: 268 password = self.generatePassword() 269 270 self.acl_users._doAddUser(userid,password,roles,"") 271 self.acl_users.ZCacheable_invalidate() 272 user = self.acl_users.getUser(userid) 273 ufolder = self.getUserSettings(userid) 274 if REQUEST: kw = REQUEST.form 275 ufolder.updatePropsFromDict(kw) 276 277 if REQUEST: 278 messaging.IMessageSender(self).sendToBrowser( 279 'User Added', 280 'User "%s" has been created.' % userid 281 ) 282 return self.callZenScreen(REQUEST) 283 else: 284 return user

285 286

287 - def generatePassword(self):

288 """ Generate a valid password. 289 """ 290 # we don't use these to avoid typos: OQ0Il1 291 chars = 'ABCDEFGHJKLMNPRSTUVWXYZabcdefghijkmnopqrstuvwxyz23456789' 292 return ''.join( [ choice(chars) for i in range(6) ] )

293 294 295 security.declareProtected(ZEN_MANAGE_DMD, 'manage_changeUser')

296 - def manage_changeUser(self, userid, password=None, sndpassword=None, 297 roles=None, domains=None, REQUEST=None, **kw):

298 """Change a zenoss users settings. 299 """ 300 user = self.acl_users.getUser(userid) 301 if not user: 302 if REQUEST: 303 messaging.IMessageSender(self).sendToBrowser( 304 'Error', 305 'User "%s" was not found.' % userid, 306 priority=messaging.WARNING 307 ) 308 return self.callZenScreen(REQUEST) 309 else: 310 return 311 if password and password != sndpassword: 312 if REQUEST: 313 messaging.IMessageSender(self).sendToBrowser( 314 'Error', 315 "Passwords didn't match. No change.", 316 priority=messaging.WARNING 317 ) 318 return self.callZenScreen(REQUEST) 319 else: 320 raise ValueError("passwords don't match") 321 if password is None: password = user._getPassword() 322 if roles is None: roles = user.roles 323 if domains is None: domains = user.domains 324 self.acl_users._doChangeUser(userid,password,roles,domains) 325 self.acl_users.ZCacheable_invalidate() 326 ufolder = self.getUserSettings(userid) 327 ufolder.updatePropsFromDict(kw) 328 if REQUEST: 329 messaging.IMessageSender(self).sendToBrowser( 330 'Settings Saved', 331 Time.SaveMessage() 332 ) 333 return self.callZenScreen(REQUEST) 334 else: 335 return user

336 337 338 security.declareProtected(ZEN_MANAGE_DMD, 'manage_deleteUsers')

339 - def manage_deleteUsers(self, userids=(), REQUEST=None):

340 """Delete a list of zenoss users from the system. 341 """ 342 # get a list of plugins that can add manage users and then call the 343 # appropriate methods 344 # 345 # XXX this needs to be reviewed when new plugins are added, such as the 346 # LDAP plugin 347 if 'admin' in userids: 348 messaging.IMessageSender(self).sendToBrowser( 349 'Error', 350 "Cannot delete admin user. No users were deleted.", 351 messaging.WARNING 352 ) 353 return self.callZenScreen(REQUEST) 354 355 ifaces = [interfaces.plugins.IUserAdderPlugin] 356 getPlugins = self.acl_users.plugins.listPlugins 357 plugins = [ getPlugins(x)[0][1] for x in ifaces ] 358 for userid in userids: 359 try: 360 for plugin in plugins: 361 plugin.removeUser(userid) 362 self.acl_users.ZCacheable_invalidate() 363 except KeyError: 364 # this means that there's no user in the acl_users, but that 365 # Zenoss still sees the user; we want to pass on this exception 366 # so that Zenoss can clean up 367 pass 368 if getattr(aq_base(self), userid, False): 369 us = self._getOb(userid) 370 for ar in us.adminRoles(): 371 ar.userSetting.removeRelation() 372 mobj = ar.managedObject().primaryAq() 373 mobj.adminRoles._delObject(ar.id) 374 self._delObject(userid) 375 376 if REQUEST: 377 messaging.IMessageSender(self).sendToBrowser( 378 'Users Deleted', 379 "Users were deleted: %s." % (', '.join(userids)) 380 ) 381 return self.callZenScreen(REQUEST)

382 383 384 security.declareProtected(ZEN_MANAGE_DMD, 'manage_addGroup')

385 - def manage_addGroup(self, groupid, REQUEST=None):

386 """Add a zenoss group to the system and set its default properties. 387 """ 388 if not groupid: return 389 try: 390 self.acl_users.groupManager.addGroup(groupid) 391 self.acl_users.ZCacheable_invalidate() 392 except KeyError: pass 393 self.getGroupSettings(groupid) 394 if REQUEST: 395 messaging.IMessageSender(self).sendToBrowser( 396 'Group Added', 397 'Group "%s" has been created.' % groupid 398 ) 399 return self.callZenScreen(REQUEST)

400 401 402 security.declareProtected(ZEN_MANAGE_DMD, 'manage_deleteGroups')

403 - def manage_deleteGroups(self, groupids=(), REQUEST=None):

404 """ Delete a zenoss group from the system 405 """ 406 gm = self.acl_users.groupManager 407 if type(groupids) in types.StringTypes: 408 groupids = [groupids] 409 for groupid in groupids: 410 if self._getOb(groupid): self._delObject(groupid) 411 try: 412 gm.removeGroup(groupid) 413 self.acl_users.ZCacheable_invalidate() 414 except KeyError: pass 415 if REQUEST: 416 messaging.IMessageSender(self).sendToBrowser( 417 'Groups Deleted', 418 "Groups were deleted: %s." % (', '.join(groupids)) 419 ) 420 return self.callZenScreen(REQUEST)

421 422 423 security.declareProtected(ZEN_MANAGE_DMD, 'manage_addUsersToGroups')

424 - def manage_addUsersToGroups(self, userids=(), groupids=(), REQUEST=None):

425 """ Add users to a group 426 """ 427 if type(userids) in types.StringTypes: 428 userids = [userids] 429 if type(groupids) in types.StringTypes: 430 groupids = [groupids] 431 for groupid in groupids: 432 self._getOb(groupid).manage_addUsersToGroup(userids) 433 if REQUEST: 434 if len(groupids) == 0: 435 messaging.IMessageSender(self).sendToBrowser( 436 'Error', 437 'No groups were selected.', 438 priority=messaging.WARNING 439 ) 440 else: 441 messaging.IMessageSender(self).sendToBrowser( 442 'Groups Modified', 443 'Users %s were added to group %s.' % ( 444 ', '.join(userids), ', '.join(groupids)) 445 ) 446 return self.callZenScreen(REQUEST)

447 448 449 security.declareProtected(ZEN_MANAGE_DMD, 'manage_emailTestAdmin')

450 - def manage_emailTestAdmin(self, userid, REQUEST=None):

451 ''' Do email test for given user 452 ''' 453 userSettings = self.getUserSettings(userid) 454 msg = userSettings.manage_emailTest() 455 if msg: 456 messaging.IMessageSender(self).sendToBrowser('Email Test', msg) 457 if REQUEST: 458 return self.callZenScreen(REQUEST)

459 460 461 security.declareProtected(ZEN_MANAGE_DMD, 'manage_pagerTestAdmin')

462 - def manage_pagerTestAdmin(self, userid, REQUEST=None):

463 ''' Do pager test for given user 464 ''' 465 userSettings = self.getUserSettings(userid) 466 msg = userSettings.manage_pagerTest() 467 if msg: 468 messaging.IMessageSender(self).sendToBrowser('Pager Test', msg) 469 if REQUEST: 470 return self.callZenScreen(REQUEST)

471 472

473 - def cleanUserFolders(self):

474 """Delete orphaned user folders. 475 """ 476 userfolders = self._getOb(UserSettingsId) 477 userids = self.acl_users.getUserNames() 478 for fid in userfolders.objectIds(): 479 if fid not in userids: 480 userfolders._delObject(fid) 481 self.acl_users.ZCacheable_invalidate()

482 483

484 - def getAllRoles(self):

485 """Get list of all roles without Anonymous and Authenticated. 486 """ 487 return filter(rolefilter, self.valid_roles())

488 489

490 - def exportXmlHook(self,ofile, ignorerels):

491 map(lambda x: x.exportXml(ofile, ignorerels), self.getAllUserSettings())

492 493 494

495 -def manage_addUserSettings(context, id, title = None, REQUEST = None):

496 """make a device class""" 497 dc = UserSettings(id, title) 498 context._setObject(id, dc) 499 if REQUEST: 500 REQUEST['RESPONSE'].redirect(context.absolute_url() + '/manage_main')

501 502 503 addUserSettings = DTMLFile('dtml/addUserSettings',globals()) 504 505

506 -class UserSettings(ZenModelRM):

507 """zenoss user folder has users preferences. 508 """ 509 510 meta_type = "UserSettings" 511 512 sub_meta_types = ("ActionRule",) 513 514 email = "" 515 pager = "" 516 defaultPageSize = 40 517 defaultEventPageSize = 30 518 defaultAdminRole = "ZenUser" 519 defaultAdminLevel = 1 520 oncallStart = 0 521 oncallEnd = 0 522 escalationMinutes = 0 523 dashboardState = '' 524 netMapStartObject = '' 525 eventConsoleRefresh = True 526 zenossNetUser = '' 527 zenossNetPassword = '' 528 529 _properties = ZenModelRM._properties + ( 530 {'id':'email', 'type':'string', 'mode':'w'}, 531 {'id':'pager', 'type':'string', 'mode':'w'}, 532 {'id':'defaultPageSize', 'type':'int', 'mode':'w'}, 533 {'id':'defaultEventPageSize', 'type':'int', 'mode':'w'}, 534 {'id':'defaultAdminRole', 'type':'string', 'mode':'w'}, 535 {'id':'defaultAdminLevel', 'type':'int', 'mode':'w'}, 536 {'id':'oncallStart', 'type':'int', 'mode':'w'}, 537 {'id':'oncallEnd', 'type':'int', 'mode':'w'}, 538 {'id':'escalationMinutes', 'type':'int', 'mode':'w'}, 539 {'id':'dashboardState', 'type':'string', 'mode':'w'}, 540 {'id':'netMapStartObject', 'type':'string', 'mode':'w'}, 541 {'id':'eventConsoleRefresh', 'type':'boolean', 'mode':'w'}, 542 {'id':'zenossNetUser', 'type':'string', 'mode':'w'}, 543 {'id':'zenossNetPassword', 'type':'string', 'mode':'w'}, 544 ) 545 546 547 _relations = ( 548 ("adminRoles", ToMany(ToOne, "Products.ZenModel.AdministrativeRole", 549 "userSetting")), 550 ("messages", ToManyCont(ToOne, 551 "Products.ZenWidgets.PersistentMessage.PersistentMessage", 552 "messageQueue")), 553 ) 554 555 # Screen action bindings (and tab definitions) 556 factory_type_information = ( 557 { 558 'immediate_view' : 'editUserSettings', 559 'actions' : 560 ( 561 {'name' : 'Edit', 562 'action' : 'editUserSettings', 563 'permissions' : (ZEN_CHANGE_SETTINGS,), 564 }, 565 {'name' : 'Administered Objects', 566 'action' : 'administeredDevices', 567 'permissions' : (ZEN_CHANGE_ADMIN_OBJECTS,) 568 }, 569 {'name' : 'Event Views', 570 'action' : 'editEventViews', 571 # ideally make this its own permission 572 'permissions' : (ZEN_CHANGE_SETTINGS,), 573 }, 574 {'name' : 'Alerting Rules', 575 'action' : 'editActionRules', 576 'permissions' : (ZEN_CHANGE_ALERTING_RULES,), 577 }, 578 ) 579 }, 580 ) 581 582 security = ClassSecurityInfo() 583 584 security.declareProtected('View', 'zentinelTabs')

585 - def zentinelTabs(self, templateName):

586 """Return a list of hashs that define the screen tabs for this object. 587 [{'name':'Name','action':'template','selected':False},...] 588 """ 589 tabs = super(UserSettings, self).zentinelTabs(templateName) 590 # if we don't have any global roles take away edit tab 591 if self.hasNoGlobalRoles(): 592 return tabs[:-1] 593 return tabs

594

595 - def hasNoGlobalRoles(self):

596 """This user doesn't have global roles. Used to limit access 597 """ 598 return self.id != 'admin' and len(self.getUserRoles()) == 0

599

600 - def getUserRoles(self):

601 """Get current roles for this user. 602 """ 603 user = self.getUser(self.id) 604 if user: 605 # This call will create GroupSettings objects for any externally- 606 # sourced groups. 607 self.getAllAdminRoles() 608 return filter(rolefilter, user.getRoles()) 609 return []

610 611

612 - def getUserGroupSettingsNames(self):

613 """Return group settings objects for user 614 """ 615 user = self.getUser(self.id) 616 if user: 617 return self.acl_users._getGroupsForPrincipal(user) 618 return ()

619 620 621 security.declareProtected(ZEN_CHANGE_SETTINGS, 'updatePropsFromDict')

622 - def updatePropsFromDict(self, propdict):

623 props = self.propertyIds() 624 for k, v in propdict.items(): 625 if k in props: setattr(self,k,v)

626 627

628 - def iseditable(self):

629 """Can the current user edit this settings object. 630 """ 631 currentUser = getSecurityManager().getUser() 632 633 # Managers can edit any users' settings. 634 if currentUser.has_role("Manager"): 635 return True 636 637 # thisUser can be None if the plugin that created it is inactive. 638 thisUser = self.acl_users.getUser(self.id) 639 if thisUser is None: 640 return False 641 642 # ZenManagers can edit any users' settings except for Managers. 643 if currentUser.has_role("ZenManager") \ 644 and not thisUser.has_role("Manager"): 645 return True 646 # 647 # Users can edit their own settings. 648 if thisUser.getUserName() == currentUser.getUserName(): 649 return True 650 651 return False

652 653

654 - def manage_beforeDelete(self, item, container):

655 """ 656 ActionRuleWindows need to be unindexed 657 """ 658 super(ZenModelRM, self).manage_beforeDelete(item, container) 659 for ar in self.getActionRules(): 660 ar.manage_beforeDelete(item, container)

661 662 663 security.declareProtected(ZEN_CHANGE_SETTINGS, 'manage_editUserSettings')

664 - def manage_editUserSettings(self, password=None, sndpassword=None, 665 roles=None, groups=None, domains=None, 666 REQUEST=None, **kw):

667 """Update user settings. 668 """ 669 # get the user object; return if no user 670 user = self.acl_users.getUser(self.id) 671 if not user: 672 user = self.getPhysicalRoot().acl_users.getUser(self.id) 673 if not user: 674 if REQUEST: 675 messaging.IMessageSender(self).sendToBrowser( 676 'Error', 677 'User %s not found.' % self.id, 678 priority=messaging.WARNING 679 ) 680 return self.callZenScreen(REQUEST) 681 else: 682 return 683 684 # update role info 685 roleManager = self.acl_users.roleManager 686 origRoles = filter(rolefilter, user.getRoles()) 687 688 if not self.has_role('Manager') and roles and 'Manager' in roles: 689 if REQUEST: 690 messaging.IMessageSender(self).sendToBrowser( 691 'Error', 692 'Only Managers can make more Managers.', 693 priority=messaging.WARNING 694 ) 695 return self.callZenScreen(REQUEST) 696 else: 697 return 698 699 if not self.has_role('Manager') and origRoles and \ 700 'Manager' in origRoles: 701 702 if REQUEST: 703 messaging.IMessageSender(self).sendToBrowser( 704 'Error', 705 'Only Managers can modify other Managers.', 706 priority=messaging.WARNING 707 ) 708 return self.callZenScreen(REQUEST) 709 else: 710 return 711 712 # if there's a change, then we need to update 713 if roles != origRoles and self.isManager(): 714 from sets import Set as set 715 # get roles to remove and then remove them 716 removeRoles = list(set(origRoles).difference(set(roles))) 717 for role in removeRoles: 718 roleManager.removeRoleFromPrincipal(role, self.id) 719 # get roles to add and then add them 720 addRoles = list(set(roles).difference(set(origRoles))) 721 for role in addRoles: 722 roleManager.assignRoleToPrincipal(role, self.id) 723 724 # update group info 725 groupManager = self.acl_users.groupManager 726 origGroups = groupManager.getGroupsForPrincipal(user) 727 # if there's a change, then we need to update 728 if groups != origGroups and self.isManager(): 729 # can we use the built-in set? 730 try: 731 set() 732 except NameError: 733 from sets import Set as set 734 # get groups to remove and then remove them 735 removeGroups = set(origGroups).difference(set(groups)) 736 for groupid in removeGroups: 737 groupManager.removePrincipalFromGroup(user.getId(), groupid) 738 # get groups to add and then add them 739 addGroups = set(groups).difference(set(origGroups)) 740 for groupid in addGroups: 741 try: 742 groupManager.addPrincipalToGroup(user.getId(), groupid) 743 except KeyError: 744 # This can occur if the group came from an external source. 745 pass 746 747 # we're not managing domains right now 748 if domains: 749 msg = 'Zenoss does not currently manage domains for users.' 750 raise NotImplementedError(msg) 751 752 # update Zenoss user folder settings 753 if REQUEST: 754 kw = REQUEST.form 755 self.manage_changeProperties(**kw) 756 757 # update password info 758 userManager = self.acl_users.userManager 759 if password: 760 if password.find(':') >= 0: 761 if REQUEST: 762 messaging.IMessageSender(self).sendToBrowser( 763 'Error', 764 'Passwords cannot contain a ":". Password not updated.', 765 priority=messaging.WARNING 766 ) 767 return self.callZenScreen(REQUEST) 768 else: 769 raise ValueError("Passwords cannot contain a ':' ") 770 elif password != sndpassword: 771 if REQUEST: 772 messaging.IMessageSender(self).sendToBrowser( 773 'Error', 774 'Passwords did not match. Password not updated.', 775 priority=messaging.WARNING 776 ) 777 return self.callZenScreen(REQUEST) 778 else: 779 raise ValueError("Passwords don't match") 780 else: 781 try: userManager.updateUserPassword(self.id, password) 782 except KeyError: 783 self.getPhysicalRoot().acl_users.userManager.updateUserPassword( 784 self.id, password) 785 if REQUEST: 786 loggedInUser = REQUEST['AUTHENTICATED_USER'] 787 # we only want to log out the user if it's *their* passowrd 788 # they've changed, not, for example, if the admin user is 789 # changing another user's password 790 if loggedInUser.getUserName() == self.id: 791 self.acl_users.logout(REQUEST) 792 793 self.acl_users.ZCacheable_invalidate() 794 795 # finish up 796 if REQUEST: 797 messaging.IMessageSender(self).sendToBrowser( 798 'Settings Saved', 799 Time.SaveMessage() 800 ) 801 return self.callZenScreen(REQUEST) 802 else: 803 return user

804 805 security.declareProtected(ZEN_CHANGE_ALERTING_RULES, 'manage_addActionRule')

806 - def manage_addActionRule(self, id=None, REQUEST=None):

807 """Add an action rule to this object. 808 """ 809 if id: 810 ar = ActionRule(id) 811 self._setObject(id, ar) 812 ar = self._getOb(id) 813 user = getSecurityManager().getUser() 814 userid = user.getId() 815 if userid != self.id: 816 userid = self.id 817 user = self.getUser(userid) 818 ar.changeOwnership(user) 819 ar.manage_setLocalRoles(userid, ("Owner",)) 820 if REQUEST: 821 return self.callZenScreen(REQUEST)

822

823 - def getActionRules(self):

824 return self.objectValues(spec=ActionRule.meta_type)

825 826 security.declareProtected(ZEN_CHANGE_EVENT_VIEWS, 827 'manage_addCustomEventView')

828 - def manage_addCustomEventView(self, id=None, REQUEST=None):

829 """Add an action rule to this object. 830 """ 831 if id: 832 ar = CustomEventView(id) 833 self._setObject(id, ar) 834 ar = self._getOb(id) 835 user = getSecurityManager().getUser() 836 userid = user.getId() 837 if userid != self.id: 838 userid = self.id 839 user = self.getUser(userid) 840 ar.changeOwnership(user) 841 ar.manage_setLocalRoles(userid, ("Owner",)) 842 if REQUEST: 843 return self.callZenScreen(REQUEST)

844 845 846 security.declareProtected(ZEN_CHANGE_ADMIN_OBJECTS, 847 'manage_addAdministrativeRole')

848 - def manage_addAdministrativeRole(self, name=None, type='device', 849 role=None, REQUEST=None):

850 "Add a Admin Role to this device" 851 unused(role) 852 mobj = None 853 if not name: 854 name = REQUEST.deviceName 855 if type == 'device': 856 mobj =self.getDmdRoot("Devices").findDevice(name) 857 else: 858 try: 859 root = type.capitalize()+'s' 860 if type == "deviceClass": 861 mobj = self.getDmdRoot("Devices").getOrganizer(name) 862 else: 863 mobj = self.getDmdRoot(root).getOrganizer(name) 864 except KeyError: pass 865 if not mobj: 866 if REQUEST: 867 messaging.IMessageSender(self).sendToBrowser( 868 'Error', 869 "%s %s not found"%(type.capitalize(),name), 870 priority=messaging.WARNING 871 ) 872 return self.callZenScreen(REQUEST) 873 else: return 874 roleNames = [ r.id for r in mobj.adminRoles() ] 875 if self.id in roleNames: 876 if REQUEST: 877 messaging.IMessageSender(self).sendToBrowser( 878 'Error', 879 (("Administrative Role for %s %s " 880 "for user %s already exists.") % (type, name, self.id)), 881 priority=messaging.WARNING 882 ) 883 return self.callZenScreen(REQUEST) 884 else: return 885 mobj.manage_addAdministrativeRole(self.id) 886 if REQUEST: 887 messaging.IMessageSender(self).sendToBrowser( 888 'Role Added', 889 ("Administrative Role for %s %s for user %s added" % 890 (type, name, self.id)) 891 ) 892 return self.callZenScreen(REQUEST)

893 894 895 security.declareProtected(ZEN_CHANGE_ADMIN_OBJECTS, 896 'manage_editAdministrativeRoles')

897 - def manage_editAdministrativeRoles(self, ids=(), role=(), 898 level=(), REQUEST=None):

899 """Edit list of admin roles. 900 """ 901 if type(ids) in types.StringTypes: 902 ids = [ids] 903 level = [level] 904 role = [role] 905 else: 906 ids = list(ids) 907 for ar in self.adminRoles(): 908 mobj = ar.managedObject() 909 try: i = ids.index(mobj.managedObjectName()) 910 except ValueError: continue 911 mobj = mobj.primaryAq() 912 mobj.manage_editAdministrativeRoles(self.id, role[i], level[i]) 913 if REQUEST: 914 if ids: 915 messaging.IMessageSender(self).sendToBrowser( 916 'Roles Updated', 917 "Administrative roles were updated." 918 ) 919 return self.callZenScreen(REQUEST)

920 921 922 security.declareProtected(ZEN_CHANGE_ADMIN_OBJECTS, 923 'manage_deleteAdministrativeRole')

924 - def manage_deleteAdministrativeRole(self, delids=(), REQUEST=None):

925 "Delete a admin role to this device" 926 if type(delids) in types.StringTypes: 927 delids = [delids] 928 for ar in self.adminRoles(): 929 mobj = ar.managedObject() 930 if mobj.managedObjectName() not in delids: continue 931 mobj = mobj.primaryAq() 932 mobj.manage_deleteAdministrativeRole(self.id) 933 if REQUEST: 934 if delids: 935 messaging.IMessageSender(self).sendToBrowser( 936 'Roles Deleted', 937 "Administrative roles were deleted." 938 ) 939 return self.callZenScreen(REQUEST)

940 941 942 security.declareProtected(ZEN_CHANGE_SETTINGS, 'getAllAdminRoles')

943 - def getAllAdminRoles(self):

944 """Return all admin roles for this user and its groups 945 """ 946 ars = self.adminRoles() 947 for group in self.getUser().getGroups(): 948 gs = self.getGroupSettings(group) 949 ars.extend(gs.adminRoles()) 950 return ars

951 952 953 security.declareProtected(ZEN_CHANGE_SETTINGS, 'manage_emailTest')

954 - def manage_emailTest(self, REQUEST=None):

955 ''' Send a test email to the given userid. 956 ''' 957 destSettings = self.getUserSettings(self.getId()) 958 destAddresses = destSettings.getEmailAddresses() 959 msg = None 960 if destAddresses: 961 fqdn = socket.getfqdn() 962 thisUser = self.getUser() 963 srcId = thisUser.getId() 964 self.getUserSettings(srcId) 965 srcAddress = self.dmd.getEmailFrom() 966 # Read body from file probably 967 body = ('This is a test message sent by %s' % srcId + 968 ' from the Zenoss installation on %s.' % fqdn) 969 emsg = MIMEText(body) 970 emsg['Subject'] = 'Zenoss Email Test' 971 emsg['From'] = srcAddress 972 emsg['To'] = ', '.join(destAddresses) 973 emsg['Date'] = DateTime().rfc822() 974 result, errorMsg = Utils.sendEmail(emsg, self.dmd.smtpHost, 975 self.dmd.smtpPort, 976 self.dmd.smtpUseTLS, self.dmd.smtpUser, 977 self.dmd.smtpPass) 978 if result: 979 msg = 'Test email sent to %s' % ', '.join(destAddresses) 980 else: 981 msg = 'Test failed: %s' % errorMsg 982 else: 983 msg = 'Test email not sent, user has no email address.' 984 if REQUEST: 985 messaging.IMessageSender(self).sendToBrowser( 986 'Email Test', 987 msg.replace("'", "\\'") 988 ) 989 return self.callZenScreen(REQUEST) 990 else: 991 return msg

992 993 994 security.declareProtected(ZEN_CHANGE_SETTINGS, 'manage_pagerTest')

995 - def manage_pagerTest(self, REQUEST=None):

996 ''' Send a test page 997 ''' 998 destSettings = self.getUserSettings(self.getId()) 999 destPagers = [ x.strip() for x in 1000 (destSettings.getPagerAddresses() or []) ] 1001 msg = None 1002 fqdn = socket.getfqdn() 1003 srcId = self.getUser().getId() 1004 testMsg = ('Test sent by %s' % srcId + 1005 ' from the Zenoss installation on %s.' % fqdn) 1006 for destPager in destPagers: 1007 result, errorMsg = Utils.sendPage(destPager, testMsg, 1008 self.dmd.pageCommand) 1009 if result: 1010 msg = 'Test page sent to %s' % ', '.join(destPagers) 1011 else: 1012 msg = 'Test failed: %s' % errorMsg 1013 break 1014 if not destPagers: 1015 msg = 'Test page not sent, user has no pager number.' 1016 if REQUEST: 1017 messaging.IMessageSender(self).sendToBrowser( 1018 'Pager Test', msg) 1019 return self.callZenScreen(REQUEST) 1020 else: 1021 return msg

1022

1023 - def exportXmlHook(self, ofile, ignorerels):

1024 """patch to export all user configuration 1025 """ 1026 for o in self.objectValues(): 1027 if hasattr(aq_base(o), 'exportXml'): 1028 o.exportXml(ofile, ignorerels)

1029

1030 - def getPagerAddresses(self):

1031 if self.pager.strip(): 1032 return [self.pager.strip()] 1033 return []

1034

1035 - def getEmailAddresses(self):

1036 if self.email.strip(): 1037 return [self.email] 1038 return []

1039

1040 - def getDotNetSession(self):

1041 """ 1042 Use the Zenoss.net credentials associated with this user to log in to a 1043 Zenoss.net session. 1044 """ 1045 session = DotNetCommunication.getDotNetSession( 1046 self.zenossNetUser, 1047 self.zenossNetPassword) 1048 return session

1049

1050 -class GroupSettings(UserSettings):

1051 1052 meta_type = 'GroupSettings' 1053 1054 factory_type_information = ( 1055 { 1056 'immediate_view' : 'editGroupSettings', 1057 'actions' : 1058 ( 1059 {'name' : 'Edit', 1060 'action' : 'editGroupSettings', 1061 'permissions' : (ZEN_CHANGE_SETTINGS,), 1062 }, 1063 {'name' : 'Administered Objects', 1064 'action' : 'administeredDevices', 1065 'permissions' : (ZEN_CHANGE_ADMIN_OBJECTS,) 1066 }, 1067 {'name' : 'Event Views', 1068 'action' : 'editEventViews', 1069 # ideally make this its own permission 1070 'permissions' : (ZEN_CHANGE_SETTINGS,), 1071 }, 1072 {'name' : 'Alerting Rules', 1073 'action' : 'editActionRules', 1074 'permissions' : (ZEN_CHANGE_ALERTING_RULES,), 1075 }, 1076 ) 1077 }, 1078 ) 1079 1080 security = ClassSecurityInfo() 1081

1082 - def _getG(self):

1083 return self.zport.acl_users.groupManager

1084 1085

1086 - def hasNoGlobalRoles(self):

1087 """This is a group we never have roles. This is set to false so that 1088 fuctionality that would normally be taken away for a restricted user is 1089 left in. 1090 """ 1091 return False

1092 1093 1094 security.declareProtected(ZEN_MANAGE_DMD, 'manage_addUsersToGroup')

1095 - def manage_addUsersToGroup( self, userids, REQUEST=None ):

1096 """ Add user to this group 1097 """ 1098 if type(userids) in types.StringTypes: 1099 userids = [userids] 1100 for userid in userids: 1101 self._getG().addPrincipalToGroup( userid, self.id ) 1102 if REQUEST: 1103 messaging.IMessageSender(self).sendToBrowser( 1104 'Users Added', 1105 'Added %s to Group %s' % (','.join(userids), self.id) 1106 ) 1107 return self.callZenScreen(REQUEST)

1108 1109 security.declareProtected(ZEN_MANAGE_DMD, 'manage_deleteUserFromGroup')

1110 - def manage_deleteUserFromGroup( self, userid ):

1111 self._getG().removePrincipalFromGroup( userid, self.id )

1112 1113 security.declareProtected(ZEN_MANAGE_DMD, 'manage_deleteUsersFromGroup')

1114 - def manage_deleteUsersFromGroup(self, userids=(), REQUEST=None ):

1115 """ Delete users from this group 1116 """ 1117 for userid in userids: 1118 self.manage_deleteUserFromGroup(userid) 1119 if REQUEST: 1120 messaging.IMessageSender(self).sendToBrowser( 1121 'Users Removed', 1122 'Deleted users from Group %s' % self.id 1123 ) 1124 return self.callZenScreen(REQUEST)

1125

1126 - def getMemberUserSettings(self):

1127 return [ self.getUserSettings(u[0]) 1128 for u in self._getG().listAssignedPrincipals(self.id) ]

1129

1130 - def getMemberUserIds(self):

1131 return [ u[0] for u in self._getG().listAssignedPrincipals(self.id) ]

1132

1133 - def printUsers(self):

1134 return ", ".join(self.getMemberUserIds())

1135

1136 - def getEmailAddresses(self):

1137 result = [] 1138 for username in self.getMemberUserIds(): 1139 result.extend(self.getUserSettings(username).getEmailAddresses()) 1140 return result

1141

1142 - def getPagerAddresses(self):

1143 result = [] 1144 for username in self.getMemberUserIds(): 1145 result.extend(self.getUserSettings(username).getPagerAddresses()) 1146 return result

1147 1148 1149 InitializeClass(UserSettingsManager) 1150 InitializeClass(UserSettings) 1151

Source Code for Module ZenModel.UserSettings