From ce0b0a9a799255bb507120b562a2a6c40b279fdc Mon Sep 17 00:00:00 2001 From: Roberto Rosario Date: Wed, 25 May 2016 01:08:03 -0400 Subject: [PATCH] Add management command to create an organization admin. --- mayan/apps/organizations/literals.py | 7 ++ .../apps/organizations/management/__init__.py | 0 .../management/commands/__init__.py | 0 .../commands/createorganizationadmin.py | 18 +++++ mayan/apps/organizations/models.py | 70 +++++++++++++++++++ mayan/apps/organizations/settings.py | 47 +++++++++++++ 6 files changed, 142 insertions(+) create mode 100644 mayan/apps/organizations/literals.py create mode 100644 mayan/apps/organizations/management/__init__.py create mode 100644 mayan/apps/organizations/management/commands/__init__.py create mode 100644 mayan/apps/organizations/management/commands/createorganizationadmin.py create mode 100644 mayan/apps/organizations/settings.py diff --git a/mayan/apps/organizations/literals.py b/mayan/apps/organizations/literals.py new file mode 100644 index 0000000000..97abb40b91 --- /dev/null +++ b/mayan/apps/organizations/literals.py @@ -0,0 +1,7 @@ +from __future__ import unicode_literals + +DEFAULT_ORGANIZATION_ADMIN_GROUP = 'Organization admins' +DEFAULT_ORGANIZATION_ADMIN_EMAIL = 'oadmin@example.com' +DEFAULT_ORGANIZATION_ADMIN_PASSWORD = None +DEFAULT_ORGANIZATION_ADMIN_ROLE = 'Organization admins' +DEFAULT_ORGANIZATION_ADMIN_USERNAME = 'oadmin' diff --git a/mayan/apps/organizations/management/__init__.py b/mayan/apps/organizations/management/__init__.py new file mode 100644 index 0000000000..e69de29bb2 diff --git a/mayan/apps/organizations/management/commands/__init__.py b/mayan/apps/organizations/management/commands/__init__.py new file mode 100644 index 0000000000..e69de29bb2 diff --git a/mayan/apps/organizations/management/commands/createorganizationadmin.py b/mayan/apps/organizations/management/commands/createorganizationadmin.py new file mode 100644 index 0000000000..64c18b4d4b --- /dev/null +++ b/mayan/apps/organizations/management/commands/createorganizationadmin.py @@ -0,0 +1,18 @@ +from __future__ import unicode_literals + +import os + +from django.conf import settings +from django.core import management +from django.utils.crypto import get_random_string + +from ...models import Organization + + + +class Command(management.BaseCommand): + help = 'Creates an organization admin user with a secure random password and all permissions.' + + def handle(self, *args, **options): + organization = Organization.objects.get_current() + organization.create_admin() diff --git a/mayan/apps/organizations/models.py b/mayan/apps/organizations/models.py index cbcb1494a1..932de76f8e 100644 --- a/mayan/apps/organizations/models.py +++ b/mayan/apps/organizations/models.py @@ -1,8 +1,11 @@ from __future__ import unicode_literals +import logging import string import warnings +from django.apps import apps +from django.contrib.auth import get_user_model from django.core.exceptions import ImproperlyConfigured, ValidationError from django.db import models from django.db.models.signals import pre_save, pre_delete @@ -10,7 +13,16 @@ from django.utils.deprecation import RemovedInDjango19Warning from django.utils.encoding import python_2_unicode_compatible from django.utils.translation import ugettext_lazy as _ +from permissions.classes import Permission + +from .settings import ( + setting_organization_admin_group, setting_organization_admin_email, + setting_organization_admin_password, setting_organization_admin_role, + setting_organization_admin_username +) + ORGANIZATION_CACHE = {} +logger = logging.getLogger(__name__) class OrganizationManager(models.Manager): @@ -56,6 +68,64 @@ class Organization(models.Model): def __str__(self): return self.label + def create_admin(self, email=setting_organization_admin_email.value, password=setting_organization_admin_password.value, username=setting_organization_admin_username.value): + UserModel = get_user_model() + + if password: + try: + # Let's try to see if it is a callable + password_value = password() + except TypeError: + password_value = password + else: + password_value = UserModel.objects.make_random_password() + + try: + UserModel.objects.get( + **{UserModel.USERNAME_FIELD: username, 'organization': self} + ) + except UserModel.DoesNotExist: + MayanGroup = apps.get_model('user_management', 'MayanGroup') + Role = apps.get_model('permissions', 'Role') + + group, created = MayanGroup.objects.get_or_create( + name=setting_organization_admin_group.value, organization=self + ) + + role, created = Role.objects.get_or_create( + label=setting_organization_admin_role.value, organization=self + ) + + logger.info( + 'Creating organization admin -- login: %s, email: %s, ' + 'password: %s', username, email, password_value + ) + + UserModel.objects.create( + **{ + 'email': email, + 'organization': self, + UserModel.USERNAME_FIELD: username + } + ) + + account = UserModel.on_organization.get( + **{UserModel.USERNAME_FIELD: username} + ) + account.set_password(raw_password=password_value) + account.save() + + role.organization_groups.add(group) + account.organization_groups.add(group) + + for permission in Permission.all(): + role.permissions.add(permission.stored_permission) + else: + logger.error( + 'Organization admin user already exists. -- login: %s', + username + ) + def clear_organization_cache(sender, **kwargs): """ diff --git a/mayan/apps/organizations/settings.py b/mayan/apps/organizations/settings.py new file mode 100644 index 0000000000..a6503dd9a8 --- /dev/null +++ b/mayan/apps/organizations/settings.py @@ -0,0 +1,47 @@ +from __future__ import unicode_literals + +import tempfile + +from django.utils.translation import ugettext_lazy as _ + +from smart_settings import Namespace + +from .literals import ( + DEFAULT_ORGANIZATION_ADMIN_EMAIL, DEFAULT_ORGANIZATION_ADMIN_GROUP, + DEFAULT_ORGANIZATION_ADMIN_PASSWORD, DEFAULT_ORGANIZATION_ADMIN_ROLE, + DEFAULT_ORGANIZATION_ADMIN_USERNAME +) + + +namespace = Namespace(name='organizations', label=_('Organizations')) +setting_organization_admin_email = namespace.add_setting( + global_name='ORGANIZATIONS_ADMIN_EMAIL', + default=DEFAULT_ORGANIZATION_ADMIN_EMAIL, + help_text=_('Email to use when creating organization admin users.') +) +setting_organization_admin_group = namespace.add_setting( + global_name='ORGANIZATIONS_ADMIN_GROUP', + default=DEFAULT_ORGANIZATION_ADMIN_GROUP, help_text=_( + 'Group to use when creating organization admin users.' + ), +) +setting_organization_admin_password = namespace.add_setting( + global_name='ORGANIZATIONS_ADMIN_PASSWORD', + default=DEFAULT_ORGANIZATION_ADMIN_PASSWORD, + help_text=_( + 'Password to use when creating organization admin users. If none is ' + 'specified a random password will be generated.' + ) +) +setting_organization_admin_role = namespace.add_setting( + global_name='ORGANIZATIONS_ADMIN_ROLE', + default=DEFAULT_ORGANIZATION_ADMIN_ROLE, help_text=_( + 'Role to use when creating organization admin users.' + ), +) +setting_organization_admin_username = namespace.add_setting( + global_name='ORGANIZATIONS_ADMIN_USERNAME', + default=DEFAULT_ORGANIZATION_ADMIN_USERNAME, help_text=_( + 'Username to use when creating organization admin users.' + ), +)