mirror of
https://github.com/zulip/zulip.git
synced 2025-11-04 22:13:26 +00:00
63cc18a94b
This commit updates the select_related calls in queries to get UserProfile objects in sync_ldap_user_data code to pass "realm" as argument to select_related call. Also, note that "realm" is the only non-null foreign key field in UserProfile object, so select_related() was only fetching realm object previously as well. But we should still pass "realm" as argument in select_related call so that we can make sure that only required fields are selected in case we add more foreign keys to UserProfile in future.
96 lines
3.8 KiB
Python
96 lines
3.8 KiB
Python
import logging
|
|
from argparse import ArgumentParser
|
|
from typing import Any, Collection
|
|
|
|
from django.conf import settings
|
|
from django.core.management.base import CommandError
|
|
from django.db import transaction
|
|
|
|
from zerver.lib.logging_util import log_to_file
|
|
from zerver.lib.management import ZulipBaseCommand
|
|
from zerver.models import UserProfile
|
|
from zproject.backends import ZulipLDAPError, sync_user_from_ldap
|
|
|
|
## Setup ##
|
|
logger = logging.getLogger("zulip.sync_ldap_user_data")
|
|
log_to_file(logger, settings.LDAP_SYNC_LOG_PATH)
|
|
|
|
|
|
# Run this on a cron job to pick up on name changes.
|
|
@transaction.atomic
|
|
def sync_ldap_user_data(
|
|
user_profiles: Collection[UserProfile], deactivation_protection: bool = True
|
|
) -> None:
|
|
logger.info("Starting update.")
|
|
try:
|
|
realms = {u.realm.string_id for u in user_profiles}
|
|
|
|
for u in user_profiles:
|
|
# This will save the user if relevant, and will do nothing if the user
|
|
# does not exist.
|
|
try:
|
|
sync_user_from_ldap(u, logger)
|
|
except ZulipLDAPError as e:
|
|
logger.error("Error attempting to update user %s:", u.delivery_email)
|
|
logger.error(e.args[0])
|
|
|
|
if deactivation_protection:
|
|
if not UserProfile.objects.filter(is_bot=False, is_active=True).exists():
|
|
raise Exception(
|
|
"LDAP sync would have deactivated all users. This is most likely due "
|
|
"to a misconfiguration of LDAP settings. Rolling back...\n"
|
|
"Use the --force option if the mass deactivation is intended."
|
|
)
|
|
for string_id in realms:
|
|
if not UserProfile.objects.filter(
|
|
is_bot=False,
|
|
is_active=True,
|
|
realm__string_id=string_id,
|
|
role=UserProfile.ROLE_REALM_OWNER,
|
|
).exists():
|
|
raise Exception(
|
|
f"LDAP sync would have deactivated all owners of realm {string_id}. "
|
|
"This is most likely due "
|
|
"to a misconfiguration of LDAP settings. Rolling back...\n"
|
|
"Use the --force option if the mass deactivation is intended."
|
|
)
|
|
except Exception:
|
|
logger.exception("LDAP sync failed")
|
|
raise
|
|
|
|
logger.info("Finished update.")
|
|
|
|
|
|
class Command(ZulipBaseCommand):
|
|
def add_arguments(self, parser: ArgumentParser) -> None:
|
|
parser.add_argument(
|
|
"-f",
|
|
"--force",
|
|
action="store_true",
|
|
help="Disable the protection against deactivating all users.",
|
|
)
|
|
|
|
self.add_realm_args(parser)
|
|
self.add_user_list_args(parser)
|
|
|
|
def handle(self, *args: Any, **options: Any) -> None:
|
|
if options.get("realm_id") is not None:
|
|
realm = self.get_realm(options)
|
|
user_profiles = self.get_users(options, realm, is_bot=False, include_deactivated=True)
|
|
else:
|
|
user_profile_query = UserProfile.objects.select_related("realm").filter(is_bot=False)
|
|
|
|
if not user_profile_query.exists():
|
|
# This case provides a special error message if one
|
|
# tries setting up LDAP sync before creating a realm.
|
|
raise CommandError("Zulip server contains no users. Have you created a realm?")
|
|
user_profiles = list(user_profile_query)
|
|
|
|
if len(user_profiles) == 0:
|
|
# We emphasize that this error is purely about the
|
|
# command-line parameters, since this has nothing to do
|
|
# with your LDAP configuration.
|
|
raise CommandError("Zulip server contains no users matching command-line parameters.")
|
|
|
|
sync_ldap_user_data(user_profiles, not options["force"])
|