Skip to content

Commit

Permalink
YDA-4101: Ability to add external user on behalf of another user
Browse files Browse the repository at this point in the history
  • Loading branch information
claravox committed Oct 5, 2023
1 parent 7711ada commit 3db0d3c
Show file tree
Hide file tree
Showing 3 changed files with 40 additions and 5 deletions.
6 changes: 6 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -177,6 +177,8 @@ optional arguments:
usage: yimportgroups [-h] [-y {1.7,1.8,1.9}] -i INTERNAL_DOMAINS
[--offline-check | --online-check] [--allow-update]
[--delete] [--verbose] [--no-validate-domains]
[--creator-user CREATOR_USER]
[--creator-zone CREATOR_ZONE]
csvfile

Creates a list of groups based on a CSV file
Expand All @@ -197,6 +199,10 @@ optional arguments:
--verbose, -v Show information as extracted from CSV file
--no-validate-domains, -n
Do not validate email address domains
--creator-user CREATOR_USER
User who creates user
--creator-zone CREATOR_ZONE
Zone of the user who creates user

The CSV file is expected to include the following labels in its header (the first row):
'category' = category for the group
Expand Down
22 changes: 20 additions & 2 deletions yclienttools/common_rules.py
Original file line number Diff line number Diff line change
Expand Up @@ -100,6 +100,22 @@ def call_uuGroupGetMemberType(self, groupname, user):
( 'user', user) ])
return self.call_rule('uuGroupGetMemberType', parms, 1)[0]

def call_uuGroupUserAddByOtherCreator(self, groupname, username, creator_user, creator_zone):
"""Adds user to group on the behalf of a creator user.
:param: groupname
:param: username
:param: creator_user
:param: creator_zone
:returns: (status, message) ; status !=0 is error
"""
parms = OrderedDict([
('groupname', groupname),
('username', username),
('creatorUser', creator_user),
('creatorZone', creator_zone)])
return self.call_rule('uuGroupUserAdd', parms, 2)

def call_uuGroupUserAdd(self, groupname, username):
"""Adds user to group.
Expand Down Expand Up @@ -176,9 +192,11 @@ def call_uuGroupAdd(self, groupname, category,
('category', category),
('subcategory', subcategory),
('schema_id', 'default-2'),
('expirationdate', ''),
('expiration_date', ''),
('description', description),
('classification', classification)])
('dataClassification', classification),
('co_identifier', '')
])

return self.call_rule('uuGroupAdd', parms, 2)

Expand Down
17 changes: 14 additions & 3 deletions yclienttools/importgroups.py
Original file line number Diff line number Diff line change
Expand Up @@ -184,8 +184,9 @@ def validate_data(rule_interface, args, data):
for user in managers + members + viewers:
if not is_internal_user(user, args.internal_domains.split(",")):
# ensure that external users already have an iRODS account
# we do not want to be the actor that creates them
if not rule_interface.call_uuUserExists(user):
# we do not want to be the actor that creates them (unless
# we are creating them in the name of a creator user)
if not rule_interface.call_uuUserExists(user)and not args.creator_user:
errors.append(
'Group {} has nonexisting external user {}'.format(groupname, user))

Expand Down Expand Up @@ -222,7 +223,10 @@ def apply_data(rule_interface, args, data):
currentrole = rule_interface.call_uuGroupGetMemberType(groupname, username)

if currentrole == "none":
[status, msg] = rule_interface.call_uuGroupUserAdd(groupname, username)
if args.creator_user:
[status, msg] = rule_interface.call_uuGroupUserAddByOtherCreator(groupname, username, args.creator_user, args.creator_zone)
else:
[status, msg] = rule_interface.call_uuGroupUserAdd(groupname, username)

if status == '0':
currentrole = "member"
Expand Down Expand Up @@ -333,6 +337,9 @@ def entry():
if args.delete and not args.allow_update:
_exit_with_error("Using the --delete option without the --allow-update option is not supported.")

if (args.creator_user and not args.creator_zone) or (not args.creator_user and args.creator_zone):
_exit_with_error("Using the --creator-user option without the --creator-zone option is not supported.")

if args.offline_check:
sys.exit(0)

Expand Down Expand Up @@ -379,6 +386,10 @@ def _get_args():
help='Show information as extracted from CSV file')
parser.add_argument('--no-validate-domains', '-n', action='store_true',
help='Do not validate email address domains')
parser.add_argument('--creator-user', type=str,
help='User who creates user')
parser.add_argument('--creator-zone', type=str,
help='Zone of the user who creates user')
return parser.parse_args()


Expand Down

0 comments on commit 3db0d3c

Please sign in to comment.