diff --git a/main.py b/main.py index b7d52b6..abc3c41 100755 --- a/main.py +++ b/main.py @@ -27,7 +27,9 @@ def manage_users_extra_fields(ldap_conn: Connection, dolibarr_client: Dolibarrpy manage_user_extra_fields(ldap_conn, dolibarr_user, dolibarr_client) -def manage_user_extra_fields(ldap_conn: Connection, dolibarr_user: dict, dolibarr_client: Dolibarrpy): +def manage_user_extra_fields(ldap_conn: Connection, dolibarr_user: dict, dolibarr_client: Dolibarrpy, /, + manage_user_attrs: bool = True, manage_group_attrs: bool = True, + oldgroupid: int | None = None, newgroupid: int | None = None, new_group: dict | None = None): login = dolibarr_user['login'] obj_inetorgperson = ObjectDef(['top', 'inetOrgPerson', 'posixAccount'], ldap_conn) obj_user = ObjectDef(['top', 'inetOrgPerson', 'posixAccount'] + config.LDAP_GROUPS_EXTRA_OBJECT_CLASSES, ldap_conn) @@ -57,8 +59,10 @@ def manage_user_extra_fields(ldap_conn: Connection, dolibarr_user: dict, dolibar users_reader.search() users_writer = Writer.from_cursor(users_reader, object_def=obj_user) ldap_user = users_writer[0] - append_extra_fields_to_ldap_user(ldap_user, dolibarr_user) - append_extra_group_fields_to_ldap_user(ldap_user, dolibarr_user, dolibarr_client) + if manage_user_attrs: + append_extra_fields_to_ldap_user(ldap_user, dolibarr_user) + if manage_group_attrs: + append_extra_group_fields_to_ldap_user(ldap_user, dolibarr_user, dolibarr_client, oldgroupid=oldgroupid, newgroupid=newgroupid, new_group=new_group) users_writer.commit() @@ -83,17 +87,16 @@ def append_extra_fields_to_ldap_user(ldap_user: WritableEntry, dolibarr_user: di value = dolibarr_user['array_options'][f'options_{dolibarr_attr}'] if value: values.append(value) - if not values: - continue if ldap_attr.endswith('[]'): ldap_attr = ldap_attr[:-2] value = values else: - value = values[0] + value = values[0] if values else "" setattr(ldap_user, ldap_attr, value) -def append_extra_group_fields_to_ldap_user(ldap_user: WritableEntry, dolibarr_user: dict, dolibarr_client: Dolibarrpy): +def append_extra_group_fields_to_ldap_user(ldap_user: WritableEntry, dolibarr_user: dict, dolibarr_client: Dolibarrpy, /, + oldgroupid: int | None = None, newgroupid: int | None = None, new_group: dict | None = None): if not any(dolibarr_attr.startswith('GROUP') for extra_field in config.LDAP_USERS_EXTRA_FIELDS for dolibarr_attr in extra_field.split(':')[0].split('|')): @@ -101,6 +104,12 @@ def append_extra_group_fields_to_ldap_user(ldap_user: WritableEntry, dolibarr_us user_id = dolibarr_user['id'] dolibarr_groups: list[dict] = dolibarr_client.get_user_groups_uid(user_id) + if oldgroupid: + dolibarr_groups = [group for group in dolibarr_groups if group['id'] != oldgroupid] + if newgroupid: + dolibarr_groups.append(dolibarr_client.call_get_api('users/groups', newgroupid)) + if new_group: + dolibarr_groups = [group for group in dolibarr_groups if group['id'] != new_group['id']] + [new_group] for extra_field in config.LDAP_USERS_EXTRA_FIELDS: dolibarr_attrs, ldap_attr = extra_field.split(':') @@ -120,13 +129,11 @@ def append_extra_group_fields_to_ldap_user(ldap_user: WritableEntry, dolibarr_us value = dolibarr_group.get(dolibarr_attr, dolibarr_group['array_options'][f'options_{dolibarr_attr}']) if value: values.append(value) - if not values: - continue if ldap_attr.endswith('[]'): ldap_attr = ldap_attr[:-2] value = values else: - value = values[0] + value = values[0] if values else "" setattr(ldap_user, ldap_attr, value) @@ -179,13 +186,11 @@ def append_extra_fields_to_ldap_group(ldap_group: WritableEntry, dolibarr_group: value = dolibarr_group['array_options'][f'options_{dolibarr_attr}'] if value: values.append(value) - if not values: - continue if ldap_attr.endswith('[]'): ldap_attr = ldap_attr[:-2] value = values else: - value = values[0] + value = values[0] if values else "" setattr(ldap_group, ldap_attr, value) @@ -200,15 +205,25 @@ def webhook_receiver(): obj = data['object'] if config.DOLIBARR_API_DEBUG: print("Received webhook trigger of type", triggercode, "with content:") - print(json.dumps(obj)) + print(json.dumps(obj, indent=4)) dolibarr_client = Dolibarrpy(url=config.DOLIBARR_API_BASE, token=config.DOLIBARR_API_TOKEN, timeout=16, debug=config.DOLIBARR_API_DEBUG) ldap_server = Server(config.LDAP_HOST, config.LDAP_PORT, get_info=ALL) if triggercode.startswith('USER_'): + oldgid, newgid = None, None + if 'context' in obj and obj['context']: + audit = obj['context']['audit'] + if audit == "UserSetInGroup": + newgid = obj['context']['newgroupid'] + elif audit == "UserRemovedFromGroup": + oldgid = obj['context']['oldgroupid'] with Connection(ldap_server, config.LDAP_BIND_USER, config.LDAP_BIND_PASSWORD) as ldap_conn: - manage_user_extra_fields(ldap_conn, obj) + manage_user_extra_fields(ldap_conn, obj, dolibarr_client, oldgroupid=oldgid, newgroupid=newgid) elif triggercode.startswith('USERGROUP_'): with Connection(ldap_server, config.LDAP_BIND_USER, config.LDAP_BIND_PASSWORD) as ldap_conn: manage_group_extra_fields(ldap_conn, obj) + group_members = obj['members'] + for group_member in group_members.values(): + manage_user_extra_fields(ldap_conn, group_member, dolibarr_client, manage_user_attrs=False, new_group=obj) else: abort(400) return "", 204