From 81804cb409d2e1862f4f373b4e24d192520134f2 Mon Sep 17 00:00:00 2001 From: Andrew Williams Date: Tue, 23 Mar 2010 21:00:33 +0000 Subject: [PATCH] Permission updates now disables accounts instead of deleting them, --- sso/cron.py | 18 ++++++++++++++---- sso/views.py | 8 +++----- templates/sso/profile.html | 9 ++++++--- 3 files changed, 23 insertions(+), 12 deletions(-) diff --git a/sso/cron.py b/sso/cron.py index d686cfc..92597f1 100644 --- a/sso/cron.py +++ b/sso/cron.py @@ -23,18 +23,28 @@ class RemoveInvalidUsers(): # For each user, update access list based on Corp details user.get_profile().update_access() - # Check each service account and delete access if they're not allowed + # Check each service account and disable access if they're not allowed for servacc in ServiceAccount.objects.filter(user=user): if not (set(user.groups.all()) & set(servacc.service.groups.all())): self._logger.info("User %s is not in allowed group for %s, deleting account" % (user.username, servacc.service)) - servacc.delete() + servacc.active = 0 + servacc.save() + servacc.user.message_set.create(message="Your %s account has been disabled due to lack of permissions. If this is incorrect, check your API keys." % (servacc.service)) pass + else: + if not servacc.active: + self._logger.info("User % is now in a allowed group for %s, enabling account" % (user.username, servacc.service)) + servacc.active = 1 + servacc.save() + servacc.user.message_set.create(message="Your %s account has been re-enabled, you may need to reset your password to access this service again." % (servacc.service)) + pass # For users set to not active, delete all accounts if not user.is_active: - print "User %s is inactive, deleting related service accounts" % user.username + print "User %s is inactive, disabling related service accounts" % user.username for servacc in ServiceAccount.objects.filter(user=user): - servacc.delete() + servacc.active = 0 + servacc.save() pass diff --git a/sso/views.py b/sso/views.py index 27fc0ea..c1ea8d1 100644 --- a/sso/views.py +++ b/sso/views.py @@ -119,9 +119,7 @@ def service_add(request): if form.is_valid(): acc = ServiceAccount() - acc.user = request.user - acc.service = form.cleaned_data['service'] acc.character = form.cleaned_data['character'] acc.password = hashlib.sha1('%s%s%s' % (form.cleaned_data['character'].name, settings.SECRET_KEY, random.randint(0, 2147483647))).hexdigest() @@ -173,6 +171,9 @@ def service_reset(request, serviceid=0, accept=0): except ServiceAccount.DoesNotExist: return HttpResponseRedirect(reverse('sso.views.profile')) + if not acc.active: + return HttpResponseRedirect(reverse('sso.views.profile')) + if acc.user == request.user: if not accept: return render_to_response('sso/serviceaccount/reset.html', locals(), context_instance=RequestContext(request)) @@ -186,7 +187,6 @@ def service_reset(request, serviceid=0, accept=0): return HttpResponseRedirect(reverse('sso.views.profile')) - @login_required def reddit_add(request): if request.method == 'POST': @@ -220,8 +220,6 @@ def reddit_del(request, redditid=0): return HttpResponseRedirect(reverse('sso.views.profile')) - - @login_required def user_view(request, username=None): if username: diff --git a/templates/sso/profile.html b/templates/sso/profile.html index 1cf5518..6af6301 100644 --- a/templates/sso/profile.html +++ b/templates/sso/profile.html @@ -25,12 +25,15 @@ create a login for a service click the Add Service link

{{ acc.service }} {{ acc.service_uid }} {{ acc.service.url }} - {{ acc.active }} - Delete / Reset + {% if acc.active %}Yes{% else %}No{% endif %} + Delete + {% if acc.active %} +  / Reset {% if acc.service.provide_login %}  / Login {% endif %} - + {% endif %} + {% endfor %}