From: Simo Sorce <simo@redhat.com>
Date: Fri, 4 Apr 2014 17:07:19 +0000 (-0400)
Subject: Admin classes to change SP properties
X-Git-Tag: v0.2.2~43
X-Git-Url: http://git.cascardo.info/?p=cascardo%2Fipsilon.git;a=commitdiff_plain;h=8cdf10beebc47e1dfa095d052a2f7ed317e905a0;hp=671c9261307a23daaeafdaf3263accc836ba7b70;ds=sidebyside

Admin classes to change SP properties

Signed-off-by: Simo Sorce <simo@redhat.com>
---

diff --git a/ipsilon/providers/saml2/admin.py b/ipsilon/providers/saml2/admin.py
index 1e1ddb7..c8d26b8 100755
--- a/ipsilon/providers/saml2/admin.py
+++ b/ipsilon/providers/saml2/admin.py
@@ -17,10 +17,105 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
+import cherrypy
 from ipsilon.util.page import Page
 from ipsilon.providers.saml2.provider import ServiceProvider
 
 
+class SPAdminPage(Page):
+
+    def __init__(self, sp, site, parent):
+        super(SPAdminPage, self).__init__(site)
+        self.sp = sp
+        self.title = sp.name
+        self.backurl = parent.url
+        self.url = '%s/sp/%s' % (parent.url, sp.name)
+
+    def form_standard(self, message=None, message_type=None):
+        return self._template('admin/providers/saml2_sp.html',
+                              message=message,
+                              message_type=message_type,
+                              title=self.title,
+                              name='saml2_sp_%s_form' % self.sp.name,
+                              backurl=self.backurl, action=self.url,
+                              data=self.sp)
+
+    def GET(self, *args, **kwargs):
+        return self.form_standard()
+
+    def POST(self, *args, **kwargs):
+
+        message = "Nothing was modified."
+        message_type = "info"
+        save = False
+
+        for key, value in kwargs.iteritems():
+            if key == 'name':
+                if value != self.sp.name:
+                    if self.user.is_admin or self.user.name == self.sp.owner:
+                        self._debug("Replacing %s: %s -> %s" %
+                                    (key, self.sp.name, value))
+                        self.sp.name = value
+                        save = True
+                    else:
+                        message = "Unauthorized to rename object"
+                        message_type = "error"
+                        return self.form_standard(message, message_type)
+
+            elif key == 'owner':
+                if value != self.sp.owner:
+                    if self.user.is_admin:
+                        self._debug("Replacing %s: %s -> %s" %
+                                    (key, self.sp.owner, value))
+                        self.sp.owner = value
+                        save = True
+                    else:
+                        message = "Unauthorized to set owner value"
+                        message_type = "error"
+                        return self.form_standard(message, message_type)
+
+            elif key == 'default_nameid':
+                if value != self.sp.default_nameid:
+                    if self.user.is_admin:
+                        self._debug("Replacing %s: %s -> %s" %
+                                    (key, self.sp.default_nameid, value))
+                        self.sp.default_nameid = value
+                        save = True
+                    else:
+                        message = "Unauthorized to set default nameid value"
+                        message_type = "error"
+                        return self.form_standard(message, message_type)
+
+            elif key == 'allowed_nameids':
+                v = set([x.strip() for x in value.split(',')])
+                if v != set(self.sp.allowed_nameids):
+                    if self.user.is_admin:
+                        self._debug("Replacing %s: %s -> %s" %
+                                    (key, self.sp.allowed_nameids, list(v)))
+                        self.sp.allowed_nameids = list(v)
+                        save = True
+                    else:
+                        message = "Unauthorized to set allowed nameids value"
+                        message_type = "error"
+                        return self.form_standard(message, message_type)
+
+        if save:
+            try:
+                self.sp.save_properties()
+                message = "Properties succssfully changed"
+                message_type = "success"
+            except Exception:  # pylint: disable=broad-except
+                message = "Failed to save data!"
+                message_type = "error"
+
+        return self.form_standard(message, message_type)
+
+    def root(self, *args, **kwargs):
+        op = getattr(self, cherrypy.request.method, self.GET)
+        if callable(op):
+            return op(*args, **kwargs)
+
+
 class AdminPage(Page):
     def __init__(self, site, config):
         super(AdminPage, self).__init__(site)
@@ -29,6 +124,13 @@ class AdminPage(Page):
         self.providers = []
         self.menu = []
         self.url = None
+        self.sp = Page(self._site)
+
+    def add_sp(self, name, sp):
+        page = SPAdminPage(sp, self._site, self)
+        self.sp.add_subtree(name, page)
+        self.providers.append(sp)
+        return page
 
     def mount(self, page):
         self.menu = page.menu
@@ -36,7 +138,7 @@ class AdminPage(Page):
         for p in self.cfg.idp.get_providers():
             try:
                 sp = ServiceProvider(self.cfg, p)
-                self.providers.append(sp)
+                self.add_sp(sp.name, sp)
             except Exception, e:  # pylint: disable=broad-except
                 self._debug("Failed to find provider %s: %s" % (p, str(e)))
         page.add_subtree(self.name, self)
diff --git a/templates/admin/providers/saml2.html b/templates/admin/providers/saml2.html
index 0d0a05f..5185a6f 100644
--- a/templates/admin/providers/saml2.html
+++ b/templates/admin/providers/saml2.html
@@ -1,23 +1,16 @@
 {% extends "master-admin.html" %}
 {% block main %}
-{% if user.is_admin %}
-    <h2>Service Providers</h2>
+<h2>Service Providers</h2>
 
+<hr/>
+{% for p in providers %}
     <div class="row">
         <div class="col-md-3 col-sm-3 col-xs-6">
-            <a href="{{ baseurl }}/new">Add New</a>
+            <a href="{{ baseurl }}/sp/{{ p.name }}">{{ p.name }}</a>
         </div>
-    </div>
-    <hr/>
-    {% for p in providers %}
-        <div class="row">
-            <div class="col-md-3 col-sm-3 col-xs-6">
-                <a href="{{ baseurl }}/{{ p.name }}">{{ p.name }}</a>
-            </div>
-            <div class="col-md-3 col-sm-3 col-xs-6">
-                {{ p.provider_id }}
-            </div>
+        <div class="col-md-3 col-sm-3 col-xs-6">
+            {{ p.provider_id }}
         </div>
-    {% endfor %}
-{% endif %}
+    </div>
+{% endfor %}
 {% endblock %}
diff --git a/templates/admin/providers/saml2_sp.html b/templates/admin/providers/saml2_sp.html
new file mode 100644
index 0000000..50d38ed
--- /dev/null
+++ b/templates/admin/providers/saml2_sp.html
@@ -0,0 +1,61 @@
+{% extends "master-admin.html" %}
+{% block main %}
+    <h2>{{ title }}</h2>
+    {% if message %}
+    <div class="alert alert-{{message_type}}">
+        <p>{{ message }}</p>
+    </div>
+    {% endif %}
+    <div id="options">
+        <form role="form" id="{{ name }}" action="{{ action }}" method="post" enctype="application/x-www-form-urlencoded">
+
+        <div class="form-group">
+            <label for="provider_id">Provider ID:</label>
+            {{ data.provider_id }}
+        </div>
+
+        <div class="form-group">
+            <label for="name">Name:</label>
+            {% if user.name == data.owner or user.is_admin %}
+                <input type="text" class="form-control" name="name" value="{{ data.name }}"/>
+            {% else %}
+                {{ data.name }}
+            {% endif %}
+        </div>
+
+        <div class="form-group">
+            <label for="default_nameid">Default NameID:</label>
+            {% if user.is_admin -%}
+                <input type="text" class="form-control" name="default_nameid" value="
+            {%- endif -%}
+                {{ data.default_nameid }}
+            {%- if user.is_admin -%}
+                "/>
+            {%- endif %}
+        </div>
+
+        <div class="form-group">
+            <label for="allowed_nameids">Allowed NameIDs:</label>
+            {% if user.is_admin -%}
+                <input type="text" class="form-control" name="allowed_nameids" value="
+            {%- endif -%}
+                {{ data.allowed_nameids|join(', ') }}
+            {%- if user.is_admin -%}
+                "/>
+            {%- endif %}
+        </div>
+
+        {% if user.is_admin %}
+            <div class="form-group">
+                <label for="owner">User Owner:</label>
+                <input type="text" class="form-control" name="owner" value="{{ data.owner }}"/>
+            </div>
+        {% endif %}
+
+        <button id="submit" class="btn btn-primary" name="submit" type="submit" value="Submit">
+            Save
+        </button>
+        <a href="{{ backurl }}" class="btn btn-default" title="Back">Back</a>
+        </form>
+    </div>
+{% endblock %}