| Trees | Indices | Help |
|
|---|
|
|
1 ###########################################################################
2 #
3 # This program is part of Zenoss Core, an open source monitoring platform.
4 # Copyright (C) 2007, Zenoss Inc.
5 #
6 # This program is free software; you can redistribute it and/or modify it
7 # under the terms of the GNU General Public License version 2 or (at your
8 # option) any later version as published by the Free Software Foundation.
9 #
10 # For complete information please visit: http://www.zenoss.com/oss/
11 #
12 ###########################################################################
13
14 from DateTime import DateTime
15 from random import choice
16 from email.MIMEText import MIMEText
17 import socket
18 import logging
19 log = logging.getLogger("zen.UserSettings")
20
21 from Globals import DTMLFile
22 from Globals import InitializeClass
23 from AccessControl import ClassSecurityInfo
24 from AccessControl import getSecurityManager
25 from Acquisition import aq_base
26 from Products.PluggableAuthService import interfaces
27 from Products.PluggableAuthService.PluggableAuthService \
28 import _SWALLOWABLE_PLUGIN_EXCEPTIONS
29 from zExceptions import Unauthorized
30
31 from Products.ZenEvents.ActionRule import ActionRule
32 from Products.ZenEvents.CustomEventView import CustomEventView
33 from Products.ZenRelations.RelSchema import *
34 from Products.ZenUtils import Time
35 from Products.ZenUtils.Utils import unused, prepId
36 from Products.ZenUtils.guid.interfaces import IGUIDManager
37 from Products.ZenUtils import DotNetCommunication
38 from Products.ZenUtils.guid.interfaces import IGloballyIdentifiable
39 from Products.ZenWidgets import messaging
40 from Products.ZenModel.interfaces import IProvidesEmailAddresses, IProvidesPagerAddresses
41
42 from ZenossSecurity import *
43 from ZenModelRM import ZenModelRM
44 from Products.ZenUtils import Utils
45 from zope.interface import implements
46
47
49
50 UserSettingsId = "ZenUsers"
51
53 """Create user settings manager."""
54 ufm = UserSettingsManager(UserSettingsId)
55 context._setObject(ufm.getId(), ufm)
56 if REQUEST is not None:
57 REQUEST['RESPONSE'].redirect(context.absolute_url() + '/manage_main')
58
59
61
62
64 """Manage zenoss user folders.
65 """
66 security = ClassSecurityInfo()
67
68 meta_type = "UserSettingsManager"
69
70 #zPrimaryBasePath = ("", "zport")
71
72 sub_meta_types = ("UserSettings",)
73
74 factory_type_information = (
75 {
76 'id' : 'UserSettingsManager',
77 'meta_type' : 'UserSettingsManager',
78 'description' : """Base class for all devices""",
79 'icon' : 'UserSettingsManager.gif',
80 'product' : 'ZenModel',
81 'factory' : 'manage_addUserSettingsManager',
82 'immediate_view' : 'manageUserFolder',
83 'actions' :
84 (
85 { 'id' : 'settings'
86 , 'name' : 'Settings'
87 , 'action' : '../editSettings'
88 , 'permissions' : ( ZEN_MANAGE_DMD, )
89 },
90 { 'id' : 'manage'
91 , 'name' : 'Commands'
92 , 'action' : '../dataRootManage'
93 , 'permissions' : (ZEN_MANAGE_DMD,)
94 },
95 { 'id' : 'users'
96 , 'name' : 'Users'
97 , 'action' : 'manageUserFolder'
98 , 'permissions' : ( ZEN_MANAGE_DMD, )
99 },
100 { 'id' : 'packs'
101 , 'name' : 'ZenPacks'
102 , 'action' : '../ZenPackManager/viewZenPacks'
103 , 'permissions' : ( ZEN_MANAGE_DMD, )
104 },
105 { 'id' : 'jobs'
106 , 'name' : 'Jobs'
107 , 'action' : '../joblist'
108 , 'permissions' : ( "Manage DMD", )
109 },
110 #{ 'id' : 'menus'
111 #, 'name' : 'Menus'
112 #, 'action' : '../editMenus'
113 #, 'permissions' : ( ZEN_MANAGE_DMD, )
114 #},
115 { 'id' : 'portlets'
116 , 'name' : 'Portlets'
117 , 'action' : '../editPortletPerms'
118 , 'permissions' : ( ZEN_MANAGE_DMD, )
119 },
120 { 'id' : 'daemons'
121 , 'name' : 'Daemons'
122 , 'action' : '../../About/zenossInfo'
123 , 'permissions' : ( ZEN_MANAGE_DMD, )
124 },
125 { 'id' : 'versions'
126 , 'name' : 'Versions'
127 , 'action' : '../../About/zenossVersions'
128 , 'permissions' : ( ZEN_MANAGE_DMD, )
129 },
130 { 'id' : 'backups'
131 , 'name' : 'Backups'
132 , 'action' : '../backupInfo'
133 , 'permissions' : ( ZEN_MANAGE_DMD, )
134 },
135 { 'id' : 'eventConfig'
136 , 'name' : 'Events'
137 , 'action' : 'eventConfig'
138 , 'permissions' : ( "Manage DMD", )
139 },
140 )
141 },
142 )
143
144
146 """Return list user settings objects.
147 """
148 # This code used to filter out the admin user.
149 # See ticket #1615 for why it no longer does.
150 users = self.objectValues(spec="UserSettings")
151 users.sort(lambda a,b:cmp(a.id, b.id))
152 return users
153
155 """Return list user settings objects.
156 """
157 groups = self.objectValues(spec="GroupSettings")
158 groups.sort(lambda a,b:cmp(a.id, b.id))
159 return groups
160
162 """Return list of all zenoss usernames.
163 """
164 filt = lambda x: x not in filtNames
165 return [ u.id for u in self.getAllUserSettings() if filt(u.id) ]
166
168 """Return list of all zenoss usernames.
169 """
170 filt = lambda x: x not in filtNames
171 return [ g.id for g in self.getAllGroupSettings() if filt(g.id) ]
172
174 """Return list of Users wrapped in their settings folder.
175 """
176 users = []
177 for uset in self.objectValues(spec="UserSettings"):
178 user = self.acl_users.getUser(uset.id)
179 if user: users.append(user.__of__(uset))
180 return users
181
182
184 """Return a user object. If userid is not passed return current user.
185 """
186 if userid is None:
187 user = getSecurityManager().getUser()
188 else:
189 user = self.acl_users.getUser(userid)
190 if user: return user.__of__(self.acl_users)
191
192
194 for u in self.getAllUserSettings() + self.getAllGroupSettings():
195 for ar in u.getActionRules():
196 yield ar
197
199 """Return a user folder. If userid is not passed return current user.
200 """
201 user=None
202 if userid is None:
203 user = getSecurityManager().getUser()
204 userid = user.getId()
205 if not userid: raise Unauthorized
206 folder = self._getOb(userid,None)
207 if not folder and userid:
208 userid = str(userid)
209 ufolder = UserSettings(userid)
210 self._setObject(ufolder.getId(), ufolder)
211 folder = self._getOb(userid)
212 if not user:
213 user = self.getUser(userid)
214 if user:
215 # Load default values from our auth backend
216 psheets = user.listPropertysheets()
217 psheets.reverse() # Because first sheet should have priority
218 for ps in map(lambda ps: user.getPropertysheet(ps), psheets):
219 props = {}
220 for id in ps.propertyIds():
221 props[id] = ps.getProperty(id)
222 ufolder.updatePropsFromDict(props)
223 folder.changeOwnership(user)
224 folder.manage_setLocalRoles(userid, ("Owner",))
225 return folder
226
227
229 groupid = prepId(groupid)
230 if not self._getOb(groupid, False):
231 gfolder = GroupSettings(groupid)
232 self._setObject(gfolder.getId(), gfolder)
233 return self._getOb(groupid)
234
235
237 """ Store a user's portlets and layout. If userid is not passed
238 set the state for the current user.
239 """
240 user = self.getUserSettings(userid)
241 posted = Utils.extractPostContent(REQUEST)
242 if posted:
243 user.dashboardState = posted
244 return True
245
247 """Return the url to the current user's folder.
248 """
249 uf = self.getUserSettings(userid)
250 if uf: return uf.getPrimaryUrlPath()
251 return ""
252
253
254 security.declareProtected(ZEN_MANAGE_DMD, 'manage_addUser')
257 """
258 Add a Zenoss user to the system and set the user's default properties.
259
260 @parameter userid: username to add
261 @parameter password: password for the username
262 @parameter roles: tuple of role names
263 @parameter REQUEST: Zope object containing details about this request
264 """
265 if not userid: return
266
267 userid= userid.strip()
268
269 illegal_usernames= [ 'user', ]
270
271 user_name= userid.lower()
272 if user_name in illegal_usernames:
273 if REQUEST:
274 messaging.IMessageSender(self).sendToBrowser(
275 'Error',
276 'The username "%s" is reserved.' % userid,
277 priority=messaging.WARNING
278 )
279 return self.callZenScreen(REQUEST)
280 else:
281 return None
282
283 if password is None:
284 password = self.generatePassword()
285
286 self.acl_users._doAddUser(userid,password,roles,"")
287 self.acl_users.ZCacheable_invalidate()
288 user = self.acl_users.getUser(userid)
289 ufolder = self.getUserSettings(userid)
290 if REQUEST: kw = REQUEST.form
291 ufolder.updatePropsFromDict(kw)
292
293 if REQUEST:
294 messaging.IMessageSender(self).sendToBrowser(
295 'User Added',
296 'User "%s" has been created.' % userid
297 )
298 return self.callZenScreen(REQUEST)
299 else:
300 return user
301
302
304 """ Generate a valid password.
305 """
306 # we don't use these to avoid typos: OQ0Il1
307 chars = 'ABCDEFGHJKLMNPRSTUVWXYZabcdefghijkmnopqrstuvwxyz23456789'
308 return ''.join(choice(chars) for i in range(6))
309
310
312 """
313 Authenticates a given set of credentials against all configured
314 authentication plugins. Returns True for successful authentication and
315 False otherwise.
316 """
317 if login == 'admin':
318 acl_users = self.getPhysicalRoot().acl_users
319 else:
320 acl_users = self.acl_users
321
322 try:
323 authenticators = acl_users.plugins.listPlugins(
324 interfaces.plugins.IAuthenticationPlugin)
325 except _SWALLOWABLE_PLUGIN_EXCEPTIONS:
326 authenticators = ()
327
328 # try each authenticator until a non-None user_id is returned
329 for authenticator_id, auth in authenticators:
330 try:
331 uid_and_info = auth.authenticateCredentials(
332 {'login':login, 'password':password})
333
334 if isinstance(uid_and_info, tuple):
335 # make sure tuple has enough values to unpack
336 user_id, info = (uid_and_info + (None,None))[:2]
337
338 # return if authentication was a success
339 if user_id is not None:
340 return True
341
342 except _SWALLOWABLE_PLUGIN_EXCEPTIONS:
343 pass
344
345 # indicate no successful authentications
346 return False
347
348
349 security.declareProtected(ZEN_MANAGE_DMD, 'manage_changeUser')
350 - def manage_changeUser(self, userid, password=None, sndpassword=None,
351 roles=None, domains=None, REQUEST=None, **kw):
352 """Change a zenoss users settings.
353 """
354 user = self.acl_users.getUser(userid)
355 if not user:
356 if REQUEST:
357 messaging.IMessageSender(self).sendToBrowser(
358 'Error',
359 'User "%s" was not found.' % userid,
360 priority=messaging.WARNING
361 )
362 return self.callZenScreen(REQUEST)
363 else:
364 return
365 if password and password != sndpassword:
366 if REQUEST:
367 messaging.IMessageSender(self).sendToBrowser(
368 'Error',
369 "Passwords didn't match. No change.",
370 priority=messaging.WARNING
371 )
372 return self.callZenScreen(REQUEST)
373 else:
374 raise ValueError("passwords don't match")
375 if password is None: password = user._getPassword()
376 if roles is None: roles = user.roles
377 if domains is None: domains = user.domains
378 self.acl_users._doChangeUser(userid,password,roles,domains)
379 self.acl_users.ZCacheable_invalidate()
380 ufolder = self.getUserSettings(userid)
381 ufolder.updatePropsFromDict(kw)
382 if REQUEST:
383 messaging.IMessageSender(self).sendToBrowser(
384 'Settings Saved',
385 Time.SaveMessage()
386 )
387 return self.callZenScreen(REQUEST)
388 else:
389 return user
390
391
392 security.declareProtected(ZEN_MANAGE_DMD, 'manage_deleteUsers')
394 """Delete a list of zenoss users from the system.
395 """
396 # get a list of plugins that can add manage users and then call the
397 # appropriate methods
398 #
399 # XXX this needs to be reviewed when new plugins are added, such as the
400 # LDAP plugin
401 if 'admin' in userids:
402 messaging.IMessageSender(self).sendToBrowser(
403 'Error',
404 "Cannot delete admin user. No users were deleted.",
405 messaging.WARNING
406 )
407 return self.callZenScreen(REQUEST)
408
409 ifaces = [interfaces.plugins.IUserAdderPlugin]
410 getPlugins = self.acl_users.plugins.listPlugins
411 plugins = [ getPlugins(x)[0][1] for x in ifaces ]
412 for userid in userids:
413 try:
414 for plugin in plugins:
415 plugin.removeUser(userid)
416 self.acl_users.ZCacheable_invalidate()
417 except KeyError:
418 # this means that there's no user in the acl_users, but that
419 # Zenoss still sees the user; we want to pass on this exception
420 # so that Zenoss can clean up
421 pass
422 if getattr(aq_base(self), userid, False):
423 us = self._getOb(userid)
424 us.removeAdminRoles()
425 for ar in us.adminRoles():
426 ar.userSetting.removeRelation()
427 mobj = ar.managedObject().primaryAq()
428 mobj.adminRoles._delObject(ar.id)
429 self._delObject(userid)
430
431 if REQUEST:
432 messaging.IMessageSender(self).sendToBrowser(
433 'Users Deleted',
434 "Users were deleted: %s." % (', '.join(userids))
435 )
436 return self.callZenScreen(REQUEST)
437
438
439 security.declareProtected(ZEN_MANAGE_DMD, 'manage_addGroup')
441 """Add a zenoss group to the system and set its default properties.
442 """
443 if not groupid: return
444 groupid = prepId(groupid)
445 try:
446 self.acl_users.groupManager.addGroup(groupid)
447 self.acl_users.ZCacheable_invalidate()
448 except KeyError: pass
449 self.getGroupSettings(groupid)
450 if REQUEST:
451 messaging.IMessageSender(self).sendToBrowser(
452 'Group Added',
453 'Group "%s" has been created.' % groupid
454 )
455 return self.callZenScreen(REQUEST)
456
457
458 security.declareProtected(ZEN_MANAGE_DMD, 'manage_deleteGroups')
460 """ Delete a zenoss group from the system
461 """
462 gm = self.acl_users.groupManager
463 if isinstance(groupids, basestring):
464 groupids = [groupids]
465 for groupid in groupids:
466 if self._getOb(groupid):
467 group = self._getOb(groupid)
468 group.removeAdminRoles()
469 self._delObject(groupid)
470 try:
471 gm.removeGroup(groupid)
472 self.acl_users.ZCacheable_invalidate()
473 except KeyError: pass
474 if REQUEST:
475 messaging.IMessageSender(self).sendToBrowser(
476 'Groups Deleted',
477 "Groups were deleted: %s." % (', '.join(groupids))
478 )
479 return self.callZenScreen(REQUEST)
480
481
482 security.declareProtected(ZEN_MANAGE_DMD, 'manage_addUsersToGroups')
484 """ Add users to a group
485 """
486 if isinstance(userids, basestring):
487 userids = [userids]
488 if isinstance(groupids, basestring):
489 groupids = [groupids]
490 for groupid in groupids:
491 self._getOb(groupid).manage_addUsersToGroup(userids)
492 if REQUEST:
493 if not groupids:
494 messaging.IMessageSender(self).sendToBrowser(
495 'Error',
496 'No groups were selected.',
497 priority=messaging.WARNING
498 )
499 else:
500 messaging.IMessageSender(self).sendToBrowser(
501 'Groups Modified',
502 'Users %s were added to group %s.' % (
503 ', '.join(userids), ', '.join(groupids))
504 )
505 return self.callZenScreen(REQUEST)
506
507
508 security.declareProtected(ZEN_MANAGE_DMD, 'manage_emailTestAdmin')
510 ''' Do email test for given user
511 '''
512 userSettings = self.getUserSettings(userid)
513 msg = userSettings.manage_emailTest()
514 if msg:
515 messaging.IMessageSender(self).sendToBrowser('Email Test', msg)
516 if REQUEST:
517 return self.callZenScreen(REQUEST)
518
519
520 security.declareProtected(ZEN_MANAGE_DMD, 'manage_pagerTestAdmin')
522 ''' Do pager test for given user
523 '''
524 userSettings = self.getUserSettings(userid)
525 msg = userSettings.manage_pagerTest()
526 if msg:
527 messaging.IMessageSender(self).sendToBrowser('Pager Test', msg)
528 if REQUEST:
529 return self.callZenScreen(REQUEST)
530
531
533 """Delete orphaned user folders.
534 """
535 userfolders = self._getOb(UserSettingsId)
536 userids = self.acl_users.getUserNames()
537 for fid in userfolders.objectIds():
538 if fid not in userids:
539 userfolders._delObject(fid)
540 self.acl_users.ZCacheable_invalidate()
541
542
544 """Get list of all roles without Anonymous and Authenticated.
545 """
546 return filter(rolefilter, self.valid_roles())
547
548
551
552
553
555 """make a device class"""
556 dc = UserSettings(id, title)
557 context._setObject(id, dc)
558 if REQUEST:
559 REQUEST['RESPONSE'].redirect(context.absolute_url() + '/manage_main')
560
561
562 addUserSettings = DTMLFile('dtml/addUserSettings',globals())
563
564
566 """zenoss user folder has users preferences.
567 """
568 implements(IProvidesEmailAddresses, IProvidesPagerAddresses, IGloballyIdentifiable)
569
570 meta_type = "UserSettings"
571
572 sub_meta_types = ("ActionRule",)
573
574 email = ""
575 pager = ""
576 defaultPageSize = 40
577 defaultEventPageSize = 30
578 defaultAdminRole = "ZenUser"
579 defaultAdminLevel = 1
580 oncallStart = 0
581 oncallEnd = 0
582 escalationMinutes = 0
583 dashboardState = ''
584 netMapStartObject = ''
585 eventConsoleRefresh = True
586 zenossNetUser = ''
587 zenossNetPassword = ''
588
589 _properties = ZenModelRM._properties + (
590 {'id':'email', 'type':'string', 'mode':'w'},
591 {'id':'pager', 'type':'string', 'mode':'w'},
592 {'id':'defaultPageSize', 'type':'int', 'mode':'w'},
593 {'id':'defaultEventPageSize', 'type':'int', 'mode':'w'},
594 {'id':'defaultAdminRole', 'type':'string', 'mode':'w'},
595 {'id':'defaultAdminLevel', 'type':'int', 'mode':'w'},
596 {'id':'oncallStart', 'type':'int', 'mode':'w'},
597 {'id':'oncallEnd', 'type':'int', 'mode':'w'},
598 {'id':'escalationMinutes', 'type':'int', 'mode':'w'},
599 {'id':'dashboardState', 'type':'string', 'mode':'w'},
600 {'id':'netMapStartObject', 'type':'string', 'mode':'w'},
601 {'id':'eventConsoleRefresh', 'type':'boolean', 'mode':'w'},
602 {'id':'zenossNetUser', 'type':'string', 'mode':'w'},
603 {'id':'zenossNetPassword', 'type':'string', 'mode':'w'},
604 )
605
606
607 _relations = (
608 ("adminRoles", ToMany(ToOne, "Products.ZenModel.AdministrativeRole",
609 "userSetting")),
610 ("messages", ToManyCont(ToOne,
611 "Products.ZenWidgets.PersistentMessage.PersistentMessage",
612 "messageQueue")),
613 )
614
615 # Screen action bindings (and tab definitions)
616 factory_type_information = (
617 {
618 'immediate_view' : 'editUserSettings',
619 'actions' :
620 (
621 {'name' : 'Edit',
622 'action' : 'editUserSettings',
623 'permissions' : (ZEN_CHANGE_SETTINGS,),
624 },
625 {'name' : 'Administered Objects',
626 'action' : 'administeredDevices',
627 'permissions' : (ZEN_CHANGE_ADMIN_OBJECTS,)
628 },
629 )
630 },
631 )
632
633 security = ClassSecurityInfo()
634
636 """This user doesn't have global roles. Used to limit access
637 """
638 return self.id != 'admin' and len(self.getUserRoles()) == 0
639
641 """Get current roles for this user.
642 """
643 user = self.getUser(self.id)
644 if user:
645 # This call will create GroupSettings objects for any externally-
646 # sourced groups.
647 self.getAllAdminRoles()
648 return filter(rolefilter, user.getRoles())
649 return []
650
651
653 """Return group settings objects for user
654 """
655 user = self.getUser(self.id)
656 if user:
657 return self.acl_users._getGroupsForPrincipal(user)
658 return ()
659
660
661 security.declareProtected(ZEN_CHANGE_SETTINGS, 'updatePropsFromDict')
663 props = self.propertyIds()
664 for k, v in propdict.items():
665 if k in props: setattr(self,k,v)
666
667
669 """Can the current user edit this settings object.
670 """
671 currentUser = getSecurityManager().getUser()
672
673 # Managers can edit any users' settings.
674 if currentUser.has_role("Manager"):
675 return True
676
677 # thisUser can be None if the plugin that created it is inactive.
678 thisUser = self.acl_users.getUser(self.id)
679 if thisUser is None:
680 return False
681
682 # ZenManagers can edit any users' settings except for Managers.
683 if currentUser.has_role("ZenManager") \
684 and not thisUser.has_role("Manager"):
685 return True
686
687 # Users can edit their own settings.
688 if thisUser.getUserName() == currentUser.getUserName():
689 return True
690
691 return False
692
693
694 security.declareProtected(ZEN_CHANGE_SETTINGS, 'manage_resetPassword')
696 """
697 Reset a password.
698 """
699 email = self.email.strip()
700 if not email:
701 messaging.IMessageSender(self).sendToBrowser(
702 'Password Reset Failed',
703 'Cannot send password reset email; user has no'+
704 ' email address.',
705 priority=messaging.WARNING
706 )
707 return self.callZenScreen(self.REQUEST)
708
709 newpw = self.generatePassword()
710 body = """
711 Your Zenoss password has been reset at %s's request.
712
713 Your new password is: %s
714 """ % (self.getUser().getId(), newpw)
715 msg = MIMEText(body)
716 msg['Subject'] = 'Zenoss Password Reset Request'
717 msg['From'] = self.dmd.getEmailFrom()
718 msg['To'] = email
719 msg['Date'] = DateTime().rfc822()
720 result, errorMsg = Utils.sendEmail(msg, self.dmd.smtpHost,
721 self.dmd.smtpPort,
722 self.dmd.smtpUseTLS, self.dmd.smtpUser,
723 self.dmd.smtpPass)
724 if result:
725 userManager = self.acl_users.userManager
726 try:
727 userManager.updateUserPassword(self.id, newpw)
728 except KeyError:
729 self.getPhysicalRoot().acl_users.userManager.updateUserPassword(
730 self.id, newpw)
731 messaging.IMessageSender(self).sendToBrowser(
732 'Password reset',
733 'An email with a new password has been sent.'
734 )
735 loggedInUser = self.REQUEST['AUTHENTICATED_USER']
736 # we only want to log out the user if it's *their* password
737 # they've changed, not, for example, if the admin user is
738 # changing another user's password
739 if loggedInUser.getUserName() == self.id:
740 self.acl_users.logout(self.REQUEST)
741 else:
742 messaging.IMessageSender(self).sendToBrowser(
743 'Password reset failed',
744 'Unable to send password reset email: %s' % errorMsg,
745 priority=messaging.WARNING
746 )
747 return self.callZenScreen(self.REQUEST)
748
749
750 security.declareProtected(ZEN_CHANGE_SETTINGS, 'manage_editUserSettings')
751 - def manage_editUserSettings(self, oldpassword=None, password=None,
752 sndpassword=None, roles=None, groups=None,
753 domains=None, REQUEST=None, **kw):
754 """Update user settings.
755 """
756 # get the user object; return if no user
757 user = self.acl_users.getUser(self.id)
758 if not user:
759 user = self.getPhysicalRoot().acl_users.getUser(self.id)
760 if not user:
761 if REQUEST:
762 messaging.IMessageSender(self).sendToBrowser(
763 'Error',
764 'User %s not found.' % self.id,
765 priority=messaging.WARNING
766 )
767 return self.callZenScreen(REQUEST)
768 else:
769 return
770
771 # Verify existing password
772 curuser = self.getUser().getId()
773 if not oldpassword or not self.ZenUsers.authenticateCredentials(
774 curuser, oldpassword):
775 if REQUEST:
776 messaging.IMessageSender(self).sendToBrowser(
777 'Error',
778 'Confirmation password is empty or invalid. Please'+
779 ' confirm your password for security reasons.',
780 priority=messaging.WARNING
781 )
782 return self.callZenScreen(REQUEST)
783 else:
784 raise ValueError("Current password is incorrect.")
785
786 # update role info
787 roleManager = self.acl_users.roleManager
788 origRoles = filter(rolefilter, user.getRoles())
789
790 if not self.has_role('Manager') and roles and 'Manager' in roles:
791 if REQUEST:
792 messaging.IMessageSender(self).sendToBrowser(
793 'Error',
794 'Only Managers can make more Managers.',
795 priority=messaging.WARNING
796 )
797 return self.callZenScreen(REQUEST)
798 else:
799 return
800
801 if not self.has_role('Manager') and origRoles and \
802 'Manager' in origRoles:
803
804 if REQUEST:
805 messaging.IMessageSender(self).sendToBrowser(
806 'Error',
807 'Only Managers can modify other Managers.',
808 priority=messaging.WARNING
809 )
810 return self.callZenScreen(REQUEST)
811 else:
812 return
813
814 # if there's a change, then we need to update
815 if roles != origRoles and self.isManager():
816 from sets import Set as set
817 # get roles to remove and then remove them
818 removeRoles = list(set(origRoles).difference(set(roles)))
819 for role in removeRoles:
820 try:
821 roleManager.removeRoleFromPrincipal(role, self.id)
822 except KeyError:
823 # User doesn't actually have that role; ignore
824 pass
825 # get roles to add and then add them
826 addRoles = list(set(roles).difference(set(origRoles)))
827 for role in addRoles:
828 roleManager.assignRoleToPrincipal(role, self.id)
829
830 # update group info
831 groupManager = self.acl_users.groupManager
832 origGroups = groupManager.getGroupsForPrincipal(user)
833 # if there's a change, then we need to update
834 if groups != origGroups and self.isManager():
835 # can we use the built-in set?
836 try:
837 set()
838 except NameError:
839 from sets import Set as set
840 # get groups to remove and then remove them
841 removeGroups = set(origGroups).difference(set(groups))
842 for groupid in removeGroups:
843 groupManager.removePrincipalFromGroup(user.getId(), groupid)
844 # get groups to add and then add them
845 addGroups = set(groups).difference(set(origGroups))
846 for groupid in addGroups:
847 try:
848 groupManager.addPrincipalToGroup(user.getId(), groupid)
849 except KeyError:
850 # This can occur if the group came from an external source.
851 pass
852
853 # we're not managing domains right now
854 if domains:
855 msg = 'Zenoss does not currently manage domains for users.'
856 raise NotImplementedError(msg)
857
858 # update Zenoss user folder settings
859 if REQUEST:
860 kw = REQUEST.form
861 self.manage_changeProperties(**kw)
862
863 # update password info
864 if self.id=='admin':
865 userManager = self.getPhysicalRoot().acl_users.userManager
866 else:
867 userManager = self.acl_users.userManager
868 if password:
869 if password.find(':') >= 0:
870 if REQUEST:
871 messaging.IMessageSender(self).sendToBrowser(
872 'Error',
873 'Passwords cannot contain a ":". Password not updated.',
874 priority=messaging.WARNING
875 )
876 return self.callZenScreen(REQUEST)
877 else:
878 raise ValueError("Passwords cannot contain a ':' ")
879 elif password != sndpassword:
880 if REQUEST:
881 messaging.IMessageSender(self).sendToBrowser(
882 'Error',
883 'Passwords did not match. Password not updated.',
884 priority=messaging.WARNING
885 )
886 return self.callZenScreen(REQUEST)
887 else:
888 raise ValueError("Passwords don't match")
889 else:
890 try: userManager.updateUserPassword(self.id, password)
891 except KeyError:
892 self.getPhysicalRoot().acl_users.userManager.updateUserPassword(
893 self.id, password)
894 if REQUEST:
895 loggedInUser = REQUEST['AUTHENTICATED_USER']
896 # we only want to log out the user if it's *their* passowrd
897 # they've changed, not, for example, if the admin user is
898 # changing another user's password
899 if loggedInUser.getUserName() == self.id:
900 self.acl_users.logout(REQUEST)
901
902 self.acl_users.ZCacheable_invalidate()
903
904 # finish up
905 if REQUEST:
906 messaging.IMessageSender(self).sendToBrowser(
907 'Settings Saved',
908 Time.SaveMessage()
909 )
910 return self.callZenScreen(REQUEST)
911 else:
912 return user
913
914 security.declareProtected(ZEN_CHANGE_ALERTING_RULES, 'manage_addActionRule')
916 """Add an action rule to this object.
917 """
918 if id:
919 ar = ActionRule(id)
920 self._setObject(id, ar)
921 ar = self._getOb(id)
922 user = getSecurityManager().getUser()
923 userid = user.getId()
924 if userid != self.id:
925 userid = self.id
926 user = self.getUser(userid)
927 ar.changeOwnership(user)
928 ar.manage_setLocalRoles(userid, ("Owner",))
929 if REQUEST:
930 return self.callZenScreen(REQUEST)
931
934
935 security.declareProtected(ZEN_CHANGE_EVENT_VIEWS,
936 'manage_addCustomEventView')
938 """Add an action rule to this object.
939 """
940 if id:
941 ar = CustomEventView(id)
942 self._setObject(id, ar)
943 ar = self._getOb(id)
944 user = getSecurityManager().getUser()
945 userid = user.getId()
946 if userid != self.id:
947 userid = self.id
948 user = self.getUser(userid)
949 ar.changeOwnership(user)
950 ar.manage_setLocalRoles(userid, ("Owner",))
951 if REQUEST:
952 return self.callZenScreen(REQUEST)
953
954
955 security.declareProtected(ZEN_CHANGE_ADMIN_OBJECTS,
956 'manage_addAdministrativeRole')
957 - def manage_addAdministrativeRole(self, name=None, type='device', role=None,
958 guid=None, uid=None, REQUEST=None):
959 "Add a Admin Role to this device"
960 unused(role)
961 mobj = None
962 if guid or uid:
963 # look up our object by either guid or uid
964 if guid:
965 manager = IGUIDManager(self.dmd)
966 mobj = manager.getObject(guid)
967 elif uid:
968 mobj = self.unrestrictedTraverse(uid)
969 else:
970 # use magic to look up our object
971 if not name:
972 name = REQUEST.deviceName
973 if type == 'device':
974 mobj =self.getDmdRoot("Devices").findDevice(name)
975 else:
976 try:
977 root = type.capitalize()+'s'
978 if type == "deviceClass":
979 mobj = self.getDmdRoot("Devices").getOrganizer(name)
980 else:
981 mobj = self.getDmdRoot(root).getOrganizer(name)
982 except KeyError: pass
983 if not mobj:
984 if REQUEST:
985 messaging.IMessageSender(self).sendToBrowser(
986 'Error',
987 "%s %s not found"%(type.capitalize(),name),
988 priority=messaging.WARNING
989 )
990 return self.callZenScreen(REQUEST)
991 else: return
992 roleNames = [ r.id for r in mobj.adminRoles() ]
993 if self.id in roleNames:
994 if REQUEST:
995 messaging.IMessageSender(self).sendToBrowser(
996 'Error',
997 (("Administrative Role for %s %s "
998 "for user %s already exists.") % (type, name, self.id)),
999 priority=messaging.WARNING
1000 )
1001 return self.callZenScreen(REQUEST)
1002 else: return
1003 mobj.manage_addAdministrativeRole(self.id)
1004 if REQUEST:
1005 messaging.IMessageSender(self).sendToBrowser(
1006 'Role Added',
1007 ("Administrative Role for %s %s for user %s added" %
1008 (type, name, self.id))
1009 )
1010 return self.callZenScreen(REQUEST)
1011
1012
1013 security.declareProtected(ZEN_CHANGE_ADMIN_OBJECTS,
1014 'manage_editAdministrativeRoles')
1017 """Edit list of admin roles.
1018 """
1019 if isinstance(ids, basestring):
1020 ids = [ids]
1021 level = [level]
1022 role = [role]
1023 else:
1024 ids = list(ids)
1025 for ar in self.adminRoles():
1026 mobj = ar.managedObject()
1027 try: i = ids.index(mobj.managedObjectName())
1028 except ValueError: continue
1029 mobj = mobj.primaryAq()
1030 mobj.manage_editAdministrativeRoles(self.id, role[i], level[i])
1031 if REQUEST:
1032 if ids:
1033 messaging.IMessageSender(self).sendToBrowser(
1034 'Roles Updated',
1035 "Administrative roles were updated."
1036 )
1037 return self.callZenScreen(REQUEST)
1038
1039
1040 security.declareProtected(ZEN_CHANGE_ADMIN_OBJECTS,
1041 'manage_deleteAdministrativeRole')
1043 "Delete a admin role to this device"
1044 if isinstance(delids, basestring):
1045 delids = [delids]
1046 for ar in self.adminRoles():
1047 mobj = ar.managedObject()
1048 if mobj.managedObjectName() not in delids: continue
1049 mobj = mobj.primaryAq()
1050 mobj.manage_deleteAdministrativeRole(self.id)
1051 if REQUEST:
1052 if delids:
1053 messaging.IMessageSender(self).sendToBrowser(
1054 'Roles Deleted',
1055 "Administrative roles were deleted."
1056 )
1057 return self.callZenScreen(REQUEST)
1058
1059
1060 security.declareProtected(ZEN_CHANGE_SETTINGS, 'getAllAdminRoles')
1062 """Return all admin roles for this user and its groups
1063 """
1064 ars = self.adminRoles()
1065 for group in self.getUser().getGroups():
1066 gs = self.getGroupSettings(group)
1067 ars.extend(gs.adminRoles())
1068 return ars
1069
1070
1071 security.declareProtected(ZEN_CHANGE_SETTINGS, 'manage_emailTest')
1073 ''' Send a test email to the given userid.
1074 '''
1075 destSettings = self.getUserSettings(self.getId())
1076 destAddresses = destSettings.getEmailAddresses()
1077 msg = None
1078 if destAddresses:
1079 fqdn = socket.getfqdn()
1080 thisUser = self.getUser()
1081 srcId = thisUser.getId()
1082 self.getUserSettings(srcId)
1083 srcAddress = self.dmd.getEmailFrom()
1084 # Read body from file probably
1085 body = ('This is a test message sent by %s' % srcId +
1086 ' from the Zenoss installation on %s.' % fqdn)
1087 emsg = MIMEText(body)
1088 emsg['Subject'] = 'Zenoss Email Test'
1089 emsg['From'] = srcAddress
1090 emsg['To'] = ', '.join(destAddresses)
1091 emsg['Date'] = DateTime().rfc822()
1092 result, errorMsg = Utils.sendEmail(emsg, self.dmd.smtpHost,
1093 self.dmd.smtpPort,
1094 self.dmd.smtpUseTLS, self.dmd.smtpUser,
1095 self.dmd.smtpPass)
1096 if result:
1097 msg = 'Test email sent to %s' % ', '.join(destAddresses)
1098 else:
1099 msg = 'Test failed: %s' % errorMsg
1100 else:
1101 msg = 'Test email not sent, user has no email address.'
1102 if REQUEST:
1103 messaging.IMessageSender(self).sendToBrowser(
1104 'Email Test',
1105 msg.replace("'", "\\'")
1106 )
1107 return self.callZenScreen(REQUEST)
1108 else:
1109 return msg
1110
1111
1112 security.declareProtected(ZEN_CHANGE_SETTINGS, 'manage_pagerTest')
1114 ''' Send a test page
1115 '''
1116 destSettings = self.getUserSettings(self.getId())
1117 destPagers = [ x.strip() for x in
1118 (destSettings.getPagerAddresses() or []) ]
1119 msg = None
1120 fqdn = socket.getfqdn()
1121 srcId = self.getUser().getId()
1122 testMsg = ('Test sent by %s' % srcId +
1123 ' from the Zenoss installation on %s.' % fqdn)
1124 for destPager in destPagers:
1125 result, errorMsg = Utils.sendPage(destPager, testMsg,
1126 self.dmd.pageCommand)
1127 if result:
1128 msg = 'Test page sent to %s' % ', '.join(destPagers)
1129 else:
1130 msg = 'Test failed: %s' % errorMsg
1131 break
1132 if not destPagers:
1133 msg = 'Test page not sent, user has no pager number.'
1134 if REQUEST:
1135 messaging.IMessageSender(self).sendToBrowser(
1136 'Pager Test', msg)
1137 return self.callZenScreen(REQUEST)
1138 else:
1139 return msg
1140
1142 """patch to export all user configuration
1143 """
1144 for o in self.objectValues():
1145 if hasattr(aq_base(o), 'exportXml'):
1146 o.exportXml(ofile, ignorerels)
1147
1152
1157
1159 """
1160 Use the Zenoss.net credentials associated with this user to log in to a
1161 Zenoss.net session.
1162 """
1163 session = DotNetCommunication.getDotNetSession(
1164 self.zenossNetUser,
1165 self.zenossNetPassword)
1166 return session
1167
1169 """
1170 Call before deleting a user or group this will
1171 remove this user/group from the list of admin objects for
1172 everything that the object adminstered before. This
1173 prevents broken relationships
1174 """
1175 for role in self.getAllAdminRoles():
1176 obj = role.managedObject().primaryAq()
1177 obj.manage_deleteAdministrativeRole(self.id)
1178
1180 implements(IProvidesEmailAddresses, IProvidesPagerAddresses)
1181 meta_type = 'GroupSettings'
1182
1183 factory_type_information = (
1184 {
1185 'immediate_view' : 'editGroupSettings',
1186 'actions' :
1187 (
1188 {'name' : 'Edit',
1189 'action' : 'editGroupSettings',
1190 'permissions' : (ZEN_CHANGE_SETTINGS,),
1191 },
1192 {'name' : 'Administered Objects',
1193 'action' : 'administeredDevices',
1194 'permissions' : (ZEN_CHANGE_ADMIN_OBJECTS,)
1195 },
1196 )
1197 },
1198 )
1199
1200 security = ClassSecurityInfo()
1201
1204
1205
1207 """This is a group we never have roles. This is set to false so that
1208 fuctionality that would normally be taken away for a restricted user is
1209 left in.
1210 """
1211 return False
1212
1213
1214 security.declareProtected(ZEN_MANAGE_DMD, 'manage_addUsersToGroup')
1216 """ Add user to this group
1217 """
1218 if isinstance(userids, basestring):
1219 userids = [userids]
1220 for userid in userids:
1221 self._getG().addPrincipalToGroup( userid, self.id )
1222 if REQUEST:
1223 messaging.IMessageSender(self).sendToBrowser(
1224 'Users Added',
1225 'Added %s to Group %s' % (','.join(userids), self.id)
1226 )
1227 return self.callZenScreen(REQUEST)
1228
1229 security.declareProtected(ZEN_MANAGE_DMD, 'manage_deleteUserFromGroup')
1232
1233 security.declareProtected(ZEN_MANAGE_DMD, 'manage_deleteUsersFromGroup')
1235 """ Delete users from this group
1236 """
1237 for userid in userids:
1238 self.manage_deleteUserFromGroup(userid)
1239 if REQUEST:
1240 messaging.IMessageSender(self).sendToBrowser(
1241 'Users Removed',
1242 'Deleted users from Group %s' % self.id
1243 )
1244 return self.callZenScreen(REQUEST)
1245
1247 return [ self.getUserSettings(u[0])
1248 for u in self._getG().listAssignedPrincipals(self.id) ]
1249
1251 """
1252 Returns a list of user ids that are members of this group.
1253 """
1254 # We must using reverse mapping of all users to their groups rather
1255 # than going directly to the group's assigned principals because
1256 # some group backends don't support listAssignedPrincipals.
1257 return [ u.id for u in self.ZenUsers.getAllUserSettings()
1258 if self.id in u.getUserGroupSettingsNames() ]
1259
1261 try:
1262 userIds = self.getMemberUserIds()
1263 except LocalAndLDAPUserEntries, ex:
1264 return str(ex)
1265
1266 return ", ".join(userIds)
1267
1269 try:
1270 userIds = self.getMemberUserIds()
1271 except LocalAndLDAPUserEntries, ex:
1272 return []
1273
1274 result = []
1275 for username in userIds:
1276 result.extend(self.getUserSettings(username).getEmailAddresses())
1277 return result
1278
1280 try:
1281 userIds = self.getMemberUserIds()
1282 except LocalAndLDAPUserEntries, ex:
1283 return []
1284
1285 result = []
1286 for username in userIds:
1287 result.extend(self.getUserSettings(username).getPagerAddresses())
1288 return result
1289
1290
1291 InitializeClass(UserSettingsManager)
1292 InitializeClass(UserSettings)
1293
| Trees | Indices | Help |
|
|---|
| Generated by Epydoc 3.0.1.1812 on Thu Sep 1 19:03:51 2011 | http://epydoc.sourceforge.net |