From f126e839167221277308a09daf8d9bce5137fe57 Mon Sep 17 00:00:00 2001 From: Oliver Stolpe Date: Tue, 7 Jan 2025 17:51:54 +0100 Subject: [PATCH] fix: group and user creation --- adminsec/tests/test_views.py | 9 ++++++--- adminsec/views.py | 13 ++++++------- usersec/models.py | 6 ++++++ .../usersec/hpcgroupcreaterequest_detail.html | 5 +++++ .../usersec/modules/request_buttons_user.html | 2 +- utils/cli/hpc_access_cli/main.py | 11 ++++++----- utils/cli/hpc_access_cli/states.py | 2 +- 7 files changed, 31 insertions(+), 17 deletions(-) diff --git a/adminsec/tests/test_views.py b/adminsec/tests/test_views.py index 998adb3..fbc29e0 100644 --- a/adminsec/tests/test_views.py +++ b/adminsec/tests/test_views.py @@ -2365,7 +2365,8 @@ def test_ldap_to_hpc_username_institute2(self): def test_ldap_to_hpc_username_invalid_string(self): username = "user" domain = "UNKNOWN" - self.assertEqual(ldap_to_hpc_username(username, domain), "") + with self.assertRaisesMessage(ValueError, "Unknown domain:"): + ldap_to_hpc_username(username, domain) def test_django_to_hpc_username_institute1(self): username = "user@" + settings.AUTH_LDAP_USERNAME_DOMAIN @@ -2381,11 +2382,13 @@ def test_django_to_hpc_username_institute2(self): def test_django_to_hpc_username_invalid_string(self): username = "user@A@B" - self.assertEqual(django_to_hpc_username(username), "") + with self.assertRaisesMessage(ValueError, "Invalid username format:"): + django_to_hpc_username(username) def test_django_to_hpc_username_invalid_domain(self): username = "user@UNKNOWN" - self.assertEqual(django_to_hpc_username(username), "") + with self.assertRaisesMessage(ValueError, "Unknown domain:"): + django_to_hpc_username(username) def test_convert_to_posix(self): name = "LeéèÄAöo" diff --git a/adminsec/views.py b/adminsec/views.py index 66eefe8..f14e188 100644 --- a/adminsec/views.py +++ b/adminsec/views.py @@ -140,25 +140,24 @@ def get_admin_emails(): def ldap_to_hpc_username(username, domain): - fail_string = "" ending = DOMAIN_MAPPING.get(domain.upper()) if not ending: - return fail_string + raise ValueError(f"Unknown domain: {domain}") return f"{username}{HPC_USERNAME_SEPARATOR}{ending}" def django_to_hpc_username(username): - fail_string = "" data = username.split(LDAP_USERNAME_SEPARATOR) - if not len(data) == 2: - return fail_string + if len(data) == 1: + return data[0] - username, domain = data + if len(data) == 2: + return ldap_to_hpc_username(data[0], data[1]) - return ldap_to_hpc_username(username, domain) + raise ValueError(f"Invalid username format: {username}") def ldap_to_django_username(username, domain): diff --git a/usersec/models.py b/usersec/models.py index ad14e24..a1f6192 100644 --- a/usersec/models.py +++ b/usersec/models.py @@ -710,10 +710,16 @@ def role(self): @property def is_pi(self): + if self.primary_group is None: + return False + return self.primary_group.owner == self @property def is_delegate(self): + if self.primary_group is None: + return False + return self.primary_group.delegate == self @property diff --git a/usersec/templates/usersec/hpcgroupcreaterequest_detail.html b/usersec/templates/usersec/hpcgroupcreaterequest_detail.html index dddd18a..e54a859 100644 --- a/usersec/templates/usersec/hpcgroupcreaterequest_detail.html +++ b/usersec/templates/usersec/hpcgroupcreaterequest_detail.html @@ -28,6 +28,11 @@

{% else %} {% include "usersec/modules/request_status_card.html" %} +
+
+ You can now access your group page by clicking the Archive button. +
+
{% endif %}
diff --git a/usersec/templates/usersec/modules/request_buttons_user.html b/usersec/templates/usersec/modules/request_buttons_user.html index 228f021..90f0606 100644 --- a/usersec/templates/usersec/modules/request_buttons_user.html +++ b/usersec/templates/usersec/modules/request_buttons_user.html @@ -6,7 +6,7 @@ {% if is_decided %} - {% if is_hpc_group_create_request %} + {% if is_hpc_group_create_request and is_denied %} diff --git a/utils/cli/hpc_access_cli/main.py b/utils/cli/hpc_access_cli/main.py index 24489df..84e8ee3 100644 --- a/utils/cli/hpc_access_cli/main.py +++ b/utils/cli/hpc_access_cli/main.py @@ -116,7 +116,8 @@ def sync_data( group_by_gid = {g.gid: g for g in hpcaccess_state.hpc_groups.values()} user_by_uuid = {u.uuid: u for u in hpcaccess_state.hpc_users.values()} owner_by_dn = { - user_dn(user_by_uuid[g.owner]): g.owner for g in hpcaccess_state.hpc_groups.values() + user_dn(user_by_uuid[g.owner]): user_by_uuid[g.owner].username + for g in hpcaccess_state.hpc_groups.values() } # console_err.print_json(data=operations.model_dump(mode="json")) with open("ldap_user_ops.ldif", "w") as fh_ldap_user_ops: @@ -197,14 +198,14 @@ def sync_data( fh_ldap_group_ops.write("\n") FS_OPS = FS_PROJECT_OPS if group_op.group.cn.startswith("hpc-prj") else FS_GROUP_OPS group = group_by_gid[group_op.group.gid_number] - with open(f"fs_group_ops_{group_op.group.dn}.sh", "w") as fh_fs_group_ops: + with open(f"fs_group_ops_{group_op.group.cn}.sh", "w") as fh_fs_group_ops: fh_fs_group_ops.write( FS_OPS % { - "owner": owner_by_dn(group_op.group.owner_dn), + "owner": owner_by_dn[group_op.group.owner_dn], "group": group_op.group.cn, - "quota1": group.resources_requested.tier1_work, - "quota2": group.resources_requested.tier1_scratch, + "quota1": int(group.resources_requested.tier1_work), + "quota2": int(group.resources_requested.tier1_scratch), "folder_work": group.folders.tier1_work, "folder_scratch": group.folders.tier1_scratch, "folder_unmirrored": group.folders.tier2_unmirrored, diff --git a/utils/cli/hpc_access_cli/states.py b/utils/cli/hpc_access_cli/states.py index 3ab78b5..d3e6f82 100644 --- a/utils/cli/hpc_access_cli/states.py +++ b/utils/cli/hpc_access_cli/states.py @@ -670,7 +670,7 @@ def _compare_ldap_users(self) -> List[LdapUserOp]: user = self.src.ldap_users[username] result.append(LdapUserOp(operation=StateOperation.DISABLE, user=user, diff={})) for username in missing_usernames: - user = self.src.ldap_users[username] + user = self.dst.ldap_users[username] result.append(LdapUserOp(operation=StateOperation.CREATE, user=user, diff={})) for username in common_usernames: src_user = self.src.ldap_users[username]