test-auth/sso/cron.py

import logging

from django_cron import cronScheduler, Job
from django.contrib.auth.models import User, Group
from eve_api.models import EVEAccount
from sso.models import ServiceAccount

class RemoveInvalidUsers(Job):
        """
        Cycles through all users, check if their permissions are correct.
        """

        # run every 2 hours
        run_every = 7200

        @property
        def _logger(self):
            if not hasattr(self, '__logger'):
                self.__logger = logging.getLogger(__name__)
            return self.__logger
                
        def job(self):
            for user in User.objects.all():
                # For each user, update access list based on Corp details
                user.get_profile().update_access()

                # Check each service account and delete access if they're not allowed
                for servacc in ServiceAccount.objects.filter(user=user):
                    if not (set(user.groups.all()) & set(servacc.service.groups.all())):
                        print "User %s is not in allowed group for %s, deleting account" % (user.username, servacc.service)
                        servacc.delete()
                        pass

                # For users set to not active, delete all accounts
                if not user.is_active:
                    print "User %s is inactive, deleting related service accounts" % user.username
                    for servacc in ServiceAccount.objects.filter(user=user):
                        servacc.delete()
                        pass


cronScheduler.register(RemoveInvalidUsers)