forked from radiorabe/freeipa-extending-ldap-schema-and-ui
-
Notifications
You must be signed in to change notification settings - Fork 0
/
nextcloud.py
160 lines (142 loc) · 5.61 KB
/
nextcloud.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
################################################################################
# nextcloud.py - FreeIPA plugin to enable / set a quota for nextcloud users
################################################################################
#
# Copyright (C) $( 2020 ) Radio Bern RaBe
# Switzerland
# http://www.rabe.ch
#
# This program is free software: you can redistribute it and/or
# modify it under the terms of the GNU Affero General Public
# License as published by the Free Software Foundation, version
# 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public
# License along with this program.
# If not, see <http://www.gnu.org/licenses/>.
#
# Please submit enhancements, bugfixes or comments via:
# https://github.com/radiorabe/kanboard-tasks-from-email
#
# Authors:
# Simon Nussbaum <[email protected]>
#
# --------------------------------------------------------------------------
# Adjustments 2021 Jasper Roloff <[email protected]>
# - merge both plugins into one single plugin
# - restructure file
# - add FreeIPA permissions
# - add support for groups
# --------------------------------------------------------------------------
#
# Description:
# With this plugin a switch will be added to the ipa cli to allow users/groups to
# connect to nextcloud. It will set the Attribute nextcloudEnabled either to
# TRUE or FALSE.
#
# Also, a switch will be added to the ipa cli to set a quota for
# users connecting to nextcloud. It will set the Attribute nextcloudQuota.
# Allowed values are 'default' or an integer with 'MB', 'GB' etc.
#
#
# For this to work, extending the LDAP schema is required.
#
# Usage:
# ipa group-mod --nextcloudenabled=TRUE <groupname>
# ipa user-mod --nextcloudenabled=TRUE <username>
# ipa user-mod --nextcloudquota="100 MB" <username>
#
from ipaserver.plugins import user, group
from ipalib.parameters import Str, Bool
from ipalib.text import _
# for groups
def groupadd_precallback(self, ldap, dn, entry, attrs_list, *keys, **options):
entry['objectclass'].append('nextcloudgroup')
return dn
def groupmod_precallback(self, ldap, dn, entry, attrs_list, *keys, **options):
if 'objectclass' not in entry.keys():
old_entry = ldap.get_entry(dn, ['objectclass'])
entry['objectclass'] = old_entry['objectclass']
entry['objectclass'].append('nextcloudgroup')
return dn
group.group.takes_params = group.group.takes_params + (
Bool('nextcloudenabled?',
cli_name='nextcloudenabled',
label=_('Nextcloud enabled?'),
doc=_('Whether or not a nextcloud is enabled for this group (default is false).'),
default=False,
autofill=True,
),
)
group.group_add.register_pre_callback(groupadd_precallback)
group.group_mod.register_pre_callback(groupmod_precallback)
group.group.default_attributes = group.group.default_attributes + ['nextcloudenabled']
group.group.managed_permissions = {**group.group.managed_permissions, **{
'System: Read Group Nextcloud Attributes': {
'ipapermbindruletype': 'anonymous',
'ipapermright': {'read', 'search', 'compare'},
'ipapermdefaultattr': {
'nextcloudenabled'
},
},
'System: Modify Group Nextcloud Attributes': {
'ipapermbindruletype': 'permission',
'ipapermright': {'write', 'add', 'delete'},
'ipapermdefaultattr': {
'nextcloudenabled'
},
},
}}
# for users
def useradd_precallback(self, ldap, dn, entry, attrs_list, *keys, **options):
entry['objectclass'].append('nextclouduser')
return dn
def usermod_precallback(self, ldap, dn, entry, attrs_list, *keys, **options):
if 'objectclass' not in entry.keys():
old_entry = ldap.get_entry(dn, ['objectclass'])
entry['objectclass'] = old_entry['objectclass']
entry['objectclass'].append('nextclouduser')
return dn
user.user.takes_params = user.user.takes_params + (
Bool('nextcloudenabled?',
cli_name='nextcloudenabled',
label=_('Nextcloud enabled?'),
doc=_('Whether or not a nextcloud is enabled for this user (default is false).'),
default=False,
autofill=True,
),
Str('nextcloudquota?',
cli_name='nextcloudquota',
label=_('Nextcloud Quota'),
doc=_(
'Defines Nextcloud quota in Bytes. Allowed values are "none", "default", e.g. "1024 MB" (default is "default").'),
default=u'default',
autofill=True,
pattern='^(default|none|[0-9]+ [MGT]B)$',
pattern_errmsg='may only be "none", "default" or a number of mega-, giga- or terabytes (e.g. 1024 MB)',
),
)
user.user.default_attributes = user.user.default_attributes + ['nextcloudquota', 'nextcloudenabled']
user.user_add.register_pre_callback(useradd_precallback)
user.user_mod.register_pre_callback(usermod_precallback)
user.user.managed_permissions = {**user.user.managed_permissions, **{
'System: Read User Nextcloud Attributes': {
'ipapermbindruletype': 'anonymous',
'ipapermright': {'read', 'search', 'compare'},
'ipapermdefaultattr': {
'nextcloudenabled', 'nextcloudquota'
},
},
'System: Modify User Nextcloud Attributes': {
'ipapermbindruletype': 'permission',
'ipapermright': {'write', 'add', 'delete'},
'ipapermdefaultattr': {
'nextcloudenabled', 'nextcloudquota'
},
},
}}