# Functions for interacting with the persons table in the database
#
+from datetime import datetime
from types import StringTypes
try:
from hashlib import md5
'enabled': Parameter(bool, "Has been enabled"),
'password': Parameter(str, "Account password in crypt() form", max = 254),
'verification_key': Parameter(str, "Reset password key", max = 254, nullok = True),
- 'verification_expires': Parameter(int, "Date and time when verification_key expires", nullok = True),
- 'last_updated': Parameter(int, "Date and time of last update", ro = True),
- 'date_created': Parameter(int, "Date and time when account was created", ro = True),
+ 'verification_expires': Parameter(datetime, "Date and time when verification_key expires", nullok = True),
+ 'last_updated': Parameter(datetime, "Date and time of last update", ro = True, nullok=True),
+ 'date_created': Parameter(datetime, "Date and time when account was created", ro = True, default=datetime.now()),
'role_ids': Parameter([int], "List of role identifiers", joined=True),
'roles': Parameter([str], "List of roles", joined=True),
'site_ids': Parameter([int], "List of site identifiers", joined=True),
'person_tag_ids' : Parameter ([int], "List of tags attached to this person", joined=True),
}
+ def validate_last_updated(self, last_updated):
+ # always return current timestamp
+ last_updated = datetime.now()
+ return last_updated
+
def validate_email(self, email):
"""
Validate email address. Stolen from Mailman.
return False
- def add_role(self, role_name, login_base=None):
+ def add_role(self, role_name, site_filter = {}):
+ assert 'keystone_id' in self
+ from PLC.Sites import Sites
user = self.api.client_shell.keystone.users.find(id=self['keystone_id'])
roles = Roles(self.api, {'name': role_name})
if not roles:
raise PLCInvalidArgument, "Role %s not found" % role_name
role = roles[0]
- if login_base:
- # add role at the requested site
- tenant = self.api.client_shell.keystone.tenants.find(name=login_base)
- self.api.client_shell.keystone.roles.add_user_role(user, role, tenant)
+ if site_filter:
+ sites = Sites(self.api, site_filter)
+ for site in sites:
+ # add role at the requested site
+ tenant = self.api.client_shell.keystone.tenants.find(id=site['tenant_id'])
+ self.api.client_shell.keystone.roles.add_user_role(user, tenant, role)
else:
- from PLC.Sites import Sites
# add role to at all of users sites
if not self['site_ids']:
raise PLCInvalidArgument, "Cannot add role unless user already belongs to a site or a valid site is specified"
sites = Sites(self.api, {'site_id': site_id})
site = sites[0]
tenant = self.api.client_shell.keystone.tenants.find(id=site['tenant_id'])
- self.api.client_shell.keystone.roles.add_user_role(user, role, tenant)
+ self.api.client_shell.keystone.roles.add_user_role(user, tenant, role)
def remove_role(self, role_name, login_base=None):
+ assert 'keystone_id' in self
user = self.api.client_shell.keystone.users.find(id=self['keystone_id'])
roles = Roles(self.api, {'name': role_name})
if not roles:
from PLC.Sites import Sites
# add role to at all of users sites
if not self['site_ids']:
- raise PLCInvalidArgument, "Cannot add role unless user already belongs to a site or a valid site
- is specified"
+ raise PLCInvalidArgument, "Must specify a valid site or add user to site first"
for site_id in self['site_ids']:
sites = Sites(self.api, {'site_id': site_id})
site = sites[0]