X-Git-Url: http://git.cascardo.info/?p=cascardo%2Fipsilon.git;a=blobdiff_plain;f=ipsilon%2Fproviders%2Fsaml2%2Fadmin.py;h=c8d26b8a5b422cb07248437f122e0bee56b2ede5;hp=1e1ddb77d77b88438478dbd4fe63f1b9d9517e13;hb=8cdf10beebc47e1dfa095d052a2f7ed317e905a0;hpb=671c9261307a23daaeafdaf3263accc836ba7b70 diff --git a/ipsilon/providers/saml2/admin.py b/ipsilon/providers/saml2/admin.py index 1e1ddb7..c8d26b8 100755 --- a/ipsilon/providers/saml2/admin.py +++ b/ipsilon/providers/saml2/admin.py @@ -17,10 +17,105 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . +import cherrypy from ipsilon.util.page import Page from ipsilon.providers.saml2.provider import ServiceProvider +class SPAdminPage(Page): + + def __init__(self, sp, site, parent): + super(SPAdminPage, self).__init__(site) + self.sp = sp + self.title = sp.name + self.backurl = parent.url + self.url = '%s/sp/%s' % (parent.url, sp.name) + + def form_standard(self, message=None, message_type=None): + return self._template('admin/providers/saml2_sp.html', + message=message, + message_type=message_type, + title=self.title, + name='saml2_sp_%s_form' % self.sp.name, + backurl=self.backurl, action=self.url, + data=self.sp) + + def GET(self, *args, **kwargs): + return self.form_standard() + + def POST(self, *args, **kwargs): + + message = "Nothing was modified." + message_type = "info" + save = False + + for key, value in kwargs.iteritems(): + if key == 'name': + if value != self.sp.name: + if self.user.is_admin or self.user.name == self.sp.owner: + self._debug("Replacing %s: %s -> %s" % + (key, self.sp.name, value)) + self.sp.name = value + save = True + else: + message = "Unauthorized to rename object" + message_type = "error" + return self.form_standard(message, message_type) + + elif key == 'owner': + if value != self.sp.owner: + if self.user.is_admin: + self._debug("Replacing %s: %s -> %s" % + (key, self.sp.owner, value)) + self.sp.owner = value + save = True + else: + message = "Unauthorized to set owner value" + message_type = "error" + return self.form_standard(message, message_type) + + elif key == 'default_nameid': + if value != self.sp.default_nameid: + if self.user.is_admin: + self._debug("Replacing %s: %s -> %s" % + (key, self.sp.default_nameid, value)) + self.sp.default_nameid = value + save = True + else: + message = "Unauthorized to set default nameid value" + message_type = "error" + return self.form_standard(message, message_type) + + elif key == 'allowed_nameids': + v = set([x.strip() for x in value.split(',')]) + if v != set(self.sp.allowed_nameids): + if self.user.is_admin: + self._debug("Replacing %s: %s -> %s" % + (key, self.sp.allowed_nameids, list(v))) + self.sp.allowed_nameids = list(v) + save = True + else: + message = "Unauthorized to set allowed nameids value" + message_type = "error" + return self.form_standard(message, message_type) + + if save: + try: + self.sp.save_properties() + message = "Properties succssfully changed" + message_type = "success" + except Exception: # pylint: disable=broad-except + message = "Failed to save data!" + message_type = "error" + + return self.form_standard(message, message_type) + + def root(self, *args, **kwargs): + op = getattr(self, cherrypy.request.method, self.GET) + if callable(op): + return op(*args, **kwargs) + + class AdminPage(Page): def __init__(self, site, config): super(AdminPage, self).__init__(site) @@ -29,6 +124,13 @@ class AdminPage(Page): self.providers = [] self.menu = [] self.url = None + self.sp = Page(self._site) + + def add_sp(self, name, sp): + page = SPAdminPage(sp, self._site, self) + self.sp.add_subtree(name, page) + self.providers.append(sp) + return page def mount(self, page): self.menu = page.menu @@ -36,7 +138,7 @@ class AdminPage(Page): for p in self.cfg.idp.get_providers(): try: sp = ServiceProvider(self.cfg, p) - self.providers.append(sp) + self.add_sp(sp.name, sp) except Exception, e: # pylint: disable=broad-except self._debug("Failed to find provider %s: %s" % (p, str(e))) page.add_subtree(self.name, self)