paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-04 05:53:43 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
d15f2fb831ec881d2ff2092ce94b4e0e1a9b5a1a
zulip/zerver/management/commands/sync_ldap_user_data.py
Prakhar Pratyush 0fb5657131 transaction: Add durable=True to outermost transaction.atomic decorator. 
This commit adds 'durable=True' to the outermost transactions
of the following functions:
* do_create_multiuse_invite_link
* do_revoke_user_invite
* do_revoke_multi_use_invite
* sync_ldap_user_data
* do_reactivate_remote_server
* do_deactivate_remote_server
* bulk_handle_digest_email
* handle_customer_migration_from_server_to_realm
* add_reaction
* remove_reaction
* deactivate_user_group

It helps to avoid creating unintended savepoints in the future.

This is as a part of our plan to explicitly mark all the
transaction.atomic decorators with either 'savepoint=False' or
'durable=True' as required.

* 'savepoint=True' is used in special cases.
2024-11-01 16:41:15 -07:00

99 lines
3.8 KiB
Python
Raw Blame History

import logging
from argparse import ArgumentParser
from typing import Any
from django.conf import settings
from django.core.management.base import CommandError
from django.db import transaction
from django.db.models import QuerySet
from typing_extensions import override
from zerver.lib.logging_util import log_to_file
from zerver.lib.management import ZulipBaseCommand
from zerver.models import UserProfile
from zproject.backends import ZulipLDAPError, sync_user_from_ldap
## Setup ##
logger = logging.getLogger("zulip.sync_ldap_user_data")
log_to_file(logger, settings.LDAP_SYNC_LOG_PATH)
# Run this on a cron job to pick up on name changes.
@transaction.atomic(durable=True)
def sync_ldap_user_data(
user_profiles: QuerySet[UserProfile], deactivation_protection: bool = True
) -> None:
logger.info("Starting update.")
try:
realms = {u.realm.string_id for u in user_profiles}
for u in user_profiles:
# This will save the user if relevant, and will do nothing if the user
# does not exist.
try:
sync_user_from_ldap(u, logger)
except ZulipLDAPError as e:
logger.error("Error attempting to update user %s:", u.delivery_email)
logger.error(e.args[0])
if deactivation_protection:
if not UserProfile.objects.filter(is_bot=False, is_active=True).exists():
raise Exception(
"LDAP sync would have deactivated all users. This is most likely due "
"to a misconfiguration of LDAP settings. Rolling back...\n"
"Use the --force option if the mass deactivation is intended."
)
for string_id in realms:
if not UserProfile.objects.filter(
is_bot=False,
is_active=True,
realm__string_id=string_id,
role=UserProfile.ROLE_REALM_OWNER,
).exists():
raise Exception(
f"LDAP sync would have deactivated all owners of realm {string_id}. "
"This is most likely due "
"to a misconfiguration of LDAP settings. Rolling back...\n"
"Use the --force option if the mass deactivation is intended."
)
except Exception:
logger.exception("LDAP sync failed")
raise
logger.info("Finished update.")
class Command(ZulipBaseCommand):
@override
def add_arguments(self, parser: ArgumentParser) -> None:
parser.add_argument(
"-f",
"--force",
action="store_true",
help="Disable the protection against deactivating all users.",
)
self.add_realm_args(parser)
self.add_user_list_args(parser)
@override
def handle(self, *args: Any, **options: Any) -> None:
if options.get("realm_id") is not None:
realm = self.get_realm(options)
user_profiles = self.get_users(options, realm, is_bot=False, include_deactivated=True)
else:
user_profiles = UserProfile.objects.select_related("realm").filter(is_bot=False)
if not user_profiles.exists():
# This case provides a special error message if one
# tries setting up LDAP sync before creating a realm.
raise CommandError("Zulip server contains no users. Have you created a realm?")
if len(user_profiles) == 0:
# We emphasize that this error is purely about the
# command-line parameters, since this has nothing to do
# with your LDAP configuration.
raise CommandError("Zulip server contains no users matching command-line parameters.")
sync_ldap_user_data(user_profiles, not options["force"])
Reference in New Issue View Git Blame Copy Permalink