From b8a523b7ce6e97704206d931c71623a17dcbd02f Mon Sep 17 00:00:00 2001 From: George Taylor Date: Mon, 11 Nov 2024 16:45:14 +0000 Subject: [PATCH] fix: user cn incorrectly added as part of aliased role ref (#80) --- cli/__init__.py | 14 ++++++++++++-- cli/ldap_cmds/user.py | 41 ++++++++++++++++++----------------------- 2 files changed, 30 insertions(+), 25 deletions(-) diff --git a/cli/__init__.py b/cli/__init__.py index 7be218e..a19e1ad 100644 --- a/cli/__init__.py +++ b/cli/__init__.py @@ -1,7 +1,7 @@ import click + import cli.ldap_cmds.rbac import cli.ldap_cmds.user - from cli import ( logger, ) @@ -118,7 +118,6 @@ def update_user_home_areas( help="Remove role from users", is_flag=True, ) - @click.option( "-uf", "--user-filter", @@ -138,6 +137,17 @@ def update_user_roles( user_filter, roles_to_filter, ): + cli.ldap_cmds.user.update_roles( + roles, + user_ou, + root_dn, + add, + remove, + update_notes, + user_note=user_note, + user_filter=user_filter, + roles_to_filter=roles_to_filter, + ) @click.command() diff --git a/cli/ldap_cmds/user.py b/cli/ldap_cmds/user.py index 17ad0f7..ec8d07a 100644 --- a/cli/ldap_cmds/user.py +++ b/cli/ldap_cmds/user.py @@ -1,34 +1,28 @@ -import oracledb - -import cli.ldap_cmds - -from cli.logger import ( - log, +from datetime import ( + datetime, ) -from cli import ( - env, +from itertools import ( + product, ) import ldap +import oracledb from ldap.controls import SimplePagedResultsControl -import ldap.modlist as modlist - -from cli.ldap_cmds import ( - ldap_connect, -) from ldap3 import ( - MODIFY_REPLACE, MODIFY_DELETE, - DEREF_ALWAYS, + MODIFY_REPLACE, ) import cli.database -from itertools import ( - product, +import cli.ldap_cmds +from cli import ( + env, ) - -from datetime import ( - datetime, +from cli.ldap_cmds import ( + ldap_connect, +) +from cli.logger import ( + log, ) @@ -121,7 +115,7 @@ def add_roles_to_user(username, roles, user_ou="ou=Users", root_dn="dc=moj,dc=co f"cn={role},cn={username},{user_ou},{root_dn}", attributes={ "objectClass": ["NDRoleAssociation", "alias"], - "aliasedObjectName": f"cn={role},cn={username},cn=ndRoleCatalogue,{user_ou},{root_dn}", + "aliasedObjectName": f"cn={role},cn=ndRoleCatalogue,{user_ou},{root_dn}", }, ) except Exception as e: @@ -154,7 +148,7 @@ def process_user_roles_list( root_dn, ) except Exception as e: - log.exception(f"Failed to add role to user") + log.exception("Failed to add role to user") raise e @@ -162,6 +156,7 @@ def process_user_roles_list( # Update user roles ######################################### + def update_roles( roles, user_ou, @@ -525,7 +520,7 @@ def deactivate_crc_users(user_ou, root_dn): connection = cli.database.connection() for user_dn in all_users: try: - update_sql = f"UPDATE USER_ SET END_DATE=TRUNC(CURRENT_DATE) WHERE UPPER(DISTINGUISHED_NAME)=UPPER(:user_dn)" + update_sql = "UPDATE USER_ SET END_DATE=TRUNC(CURRENT_DATE) WHERE UPPER(DISTINGUISHED_NAME)=UPPER(:user_dn)" update_cursor = connection.cursor() update_cursor.execute( update_sql,