LDAP with sync rake task

This commit is contained in:
Matt Fu 2012-03-06 16:41:06 +08:00
parent 7f05f21930
commit d5a2de5476
23 changed files with 109 additions and 40 deletions

View File

@ -10,8 +10,16 @@ class Admin::ModuleAppsController < ApplicationController
def reload_frontend_pages def reload_frontend_pages
@categories =[]
@module_app = ModuleApp.find(params[:id]) @module_app = ModuleApp.find(params[:id])
@categories = @module_app.key.eql?('announcement') ? BulletinCategory.all : nil unless (@module_app.category.nil? rescue true)
@module_app.category.each do |category|
@categories << eval(category).all.entries
end
@categories.flatten!
else
@categories = nil
end
respond_to do |format| respond_to do |format|
format.js {} format.js {}
end end

View File

@ -63,13 +63,16 @@ class Admin::PagePartsController < ApplicationController
end end
def reload_widgets def reload_widgets
@categories =[]
@module_app = ModuleApp.find(params[:id]) @module_app = ModuleApp.find(params[:id])
case @module_app.key
when 'announcement' unless (@module_app.category.nil? rescue true)
@categories = BulletinCategory.all @module_app.category.each do |category|
when 'web_resource' @categories << eval(category).all.entries
@categories = WebLinkCategory.all
end end
@categories.flatten!
end
respond_to do |format| respond_to do |format|
format.js {} format.js {}
end end

View File

@ -1,3 +1,3 @@
class ObitWidgetController< OrbitFrontendComponentController class OrbitWidgetController< OrbitFrontendComponentController
end end

View File

@ -5,14 +5,16 @@ class SessionsController < Devise::SessionsController
# POST /resource/sign_in # POST /resource/sign_in
def create def create
# login_password = params[:user][:password]
# login_uid = params[:user][:nccu_ldap_uid]
login_password = params[:user][:password] login_password = params[:user][:password]
login_uid = params[:user][:nccu_ldap_uid] login_uid = params[:user][:nccu_ldap_uid]
result = false result = false
ldap = Net::LDAP.new ldap = Net::LDAP.new
# ldap.port = '8001' ldap.port = '8001'
# ldap.host = '127.0.0.1' ldap.host = '127.0.0.1'
ldap.port = '389' # ldap.port = '389'
ldap.host = '140.119.166.23' # ldap.host = '140.119.166.23'
ldap_filter = "(uid=#{login_uid})" ldap_filter = "(uid=#{login_uid})"
ldap_base = 'ou=People,dc=nccu,dc=edu,dc=tw' ldap_base = 'ou=People,dc=nccu,dc=edu,dc=tw'
ldap.authenticate("cn=uccn,ou=profile,dc=nccu,dc=edu,dc=tw","nccu2ucc") ldap.authenticate("cn=uccn,ou=profile,dc=nccu,dc=edu,dc=tw","nccu2ucc")
@ -24,9 +26,14 @@ class SessionsController < Devise::SessionsController
# resource = env['warden'].authenticate!(:check_nccu_ldap) # resource = env['warden'].authenticate!(:check_nccu_ldap)
# resource = warden.authenticate!(:scope => resource_name, :recall => "#{controller_path}#new") # resource = warden.authenticate!(:scope => resource_name, :recall => "#{controller_path}#new")
set_flash_message(:notice, :signed_in) if is_navigational_format? set_flash_message(:notice, :signed_in) if is_navigational_format?
unless resource_name.nil?
resource_name = resource._type.downcase resource_name = resource._type.downcase
sign_in(resource_name, resource) sign_in(resource_name, resource)
respond_with resource, :location => redirect_location(resource_name, resource) respond_with resource, :location => redirect_location(resource_name, resource)
else
flash[:notice] = t('devise.failure.ldap_pass_but_account_not_in_orbit')
render :action => "new"
end
else else
flash[:notice] = t('devise.failure.ldap_invalid') flash[:notice] = t('devise.failure.ldap_invalid')
render :action => "new" render :action => "new"

View File

@ -10,8 +10,8 @@
<p class="alert hide">You need to sign in or sign up before continuing.</p> <p class="alert hide">You need to sign in or sign up before continuing.</p>
<div class="main"> <div class="main">
<div class="control-group clear"> <div class="control-group clear">
<%= f.label :email %> <%= f.label :nccu_ldap_uid %>
<%= f.email_field :email, :placeholder => t(:email), :style => "width: 330px;" %> <%= f.text_field :nccu_ldap_uid, :placeholder => t("nccu"), :style => "width: 330px;" %>
<span class="help-inline">Please correct the error</span> <span class="help-inline">Please correct the error</span>
</div> </div>
<div class="control-group clear"> <div class="control-group clear">

View File

@ -67,7 +67,7 @@
<li> <li>
<div class="input-prepend"> <div class="input-prepend">
<span class="add-on"><i class="icon-user"></i></span> <span class="add-on"><i class="icon-user"></i></span>
<%= f.text_field :email, :class => 'span2', :placeholder => t(:email), :size => 16 %> <%= f.text_field :nccu_ldap_uid, :class => 'span2', :placeholder => t('nccu_c.nccu_ldap_uid'), :size => 16 %>
</div> </div>
</li> </li>
<li> <li>

View File

@ -4,8 +4,8 @@ require 'mysql2'
mid_host = { mid_host = {
:host => 'mruling.nccu.edu.tw', #mruling.nccu.edu.tw or 127.0.0.1 :host => '127.0.0.1', #mruling.nccu.edu.tw or 127.0.0.1
:port => 3006, #3306 or 8005 :port => 8005, #3306 or 8005
:username => "root", :username => "root",
:password => "a3G6yWd9", :password => "a3G6yWd9",
:database => "RSS23_NCCU_MIDDLE", :database => "RSS23_NCCU_MIDDLE",

View File

@ -11,6 +11,7 @@ en:
unconfirmed: 'You have to confirm your account before continuing.' unconfirmed: 'You have to confirm your account before continuing.'
ldap_invalid: 'Your LDAP account is invalid' ldap_invalid: 'Your LDAP account is invalid'
ldap_connection_failed: 'LDAP connection failed' ldap_connection_failed: 'LDAP connection failed'
ldap_pass_but_account_not_in_orbit: 'LDAP account is not supported to sign up this site.'
locked: 'Your account is locked.' locked: 'Your account is locked.'
invalid: 'Invalid email or password.' invalid: 'Invalid email or password.'
invalid_token: 'Invalid authentication token.' invalid_token: 'Invalid authentication token.'

View File

@ -11,6 +11,7 @@ zh_tw:
unconfirmed: '您的帳號需需要經過確認後,才能繼續。' unconfirmed: '您的帳號需需要經過確認後,才能繼續。'
ldap_invalid: '您的LDAP帳號錯誤' ldap_invalid: '您的LDAP帳號錯誤'
ldap_connection_failed: '與LDAP之間連線異常' ldap_connection_failed: '與LDAP之間連線異常'
ldap_pass_but_account_not_in_orbit: '很抱歉您的LDAP帳號並不支援在此網站登入'
locked: '您的帳號已被鎖定。' locked: '您的帳號已被鎖定。'
invalid: 'Email 或密碼是無效的。' invalid: 'Email 或密碼是無效的。'
invalid_token: '無效的認證代碼。' invalid_token: '無效的認證代碼。'

View File

@ -117,6 +117,8 @@ en:
no_layout: You don't have a layout no_layout: You don't have a layout
name: Name name: Name
nccu: NCCU Custom nccu: NCCU Custom
nccu_c:
nccu_ldap_uid: NCCU LDAP Account
new_asset: New asset new_asset: New asset
new_component: New component new_component: New component
new_design: New design new_design: New design

View File

@ -77,6 +77,7 @@ zh_tw:
description: 描述 description: 描述
design: 網站版型 design: 網站版型
disable_language: 禁用語言 disable_language: 禁用語言
edit: 編輯
editing_home: 編輯首頁 editing_home: 編輯首頁
editing_layout: 編輯樣板 editing_layout: 編輯樣板
editing_link: 編輯連結 editing_link: 編輯連結
@ -95,7 +96,7 @@ zh_tw:
intro: 簡介 intro: 簡介
is_published: 被出版 is_published: 被出版
item: 網站架構 item: 網站架構
key: key:
language: 語言 language: 語言
layout: 佈局 layout: 佈局
layout_name: 佈局名字 layout_name: 佈局名字
@ -117,6 +118,8 @@ zh_tw:
no_layout: 您沒有佈局 no_layout: 您沒有佈局
name: 名稱 name: 名稱
nccu: 政大客制 nccu: 政大客制
nccu_c:
nccu_ldap_uid: NCCU LDAP 帳號
new_asset: 新增資產 new_asset: 新增資產
new_component: 新增元件 new_component: 新增元件
new_design: 新設計 new_design: 新設計

View File

@ -1,32 +1,73 @@
# encoding: utf-8 # encoding: utf-8
# require 'ruby-debug'
namespace :mid_site do namespace :mid_site do
attr_from_mid = %w{nccu_id psn_nam ut_chi_m eml_adr off_tel_ext sta_num} attr_from_mid = %w{nccu_id psn_nam ut_cod up_ut_cod eml_adr off_tel_ext sta_num}
officer_posgrp_code = %w{02 06 10 05} #from RSS2 officer_posgrp_code = %w{02 06 10 05} #from RSS2
admin_role = nil admin_role = nil
sub_role = nil sub_role = nil
task :sync => :environment do task :sync => :environment do
info_profile = Info.first(conditions: {:key => 'profile'})
def find_or_create_sub_role(role,ut_query=[],key='')
sub_role = role.sub_roles.get_sub_role_from_key(key)
if sub_role.nil?
ut_data = ut_query.find{|ut_data| ut_data["ut_cod"] == key }
# debugger
i18n_for_new_sub_role = I18nVariable.create!( :document_class => 'SubRole', :key => key, :en => (ut_data["ut_eng_m"] rescue ''), :zh_tw => (ut_data["ut_chi_m"] rescue ''), :parent_id => role.i18n_variable.id )
sub_role = role.sub_roles.create!(:key => key)
sub_role.i18n_variable = i18n_for_new_sub_role
sub_role.save!
p "Created SubRole(key: #{key}): EN: #{sub_role.i18n_variable.en}, CH: #{sub_role.i18n_variable.zh_tw} ParentRole(#{role.i18n_variable.key}): #{role.i18n_variable.en}"
end
sub_role
end
users_from_mid = MID_CLIENT.query("SELECT #{attr_from_mid.join(',')} FROM rss_pautlst_ut WHERE posgrp_cod IN (#{officer_posgrp_code.join(',')})") users_from_mid = MID_CLIENT.query("SELECT #{attr_from_mid.join(',')} FROM rss_pautlst_ut WHERE posgrp_cod IN (#{officer_posgrp_code.join(',')})")
ut_data_from_mid = MID_CLIENT.query("SELECT ut_odr, ut_cod, up_ut_cod, ut_chi_m, ut_eng_m FROM rss_paunit WHERE ut_tpe = '1' AND ut_grp != '3' AND up_ut_cod != 'F00' ORDER BY ut_odr, ut_cod")
remote_list = users_from_mid.collect{|t| t["nccu_id"]} remote_list = users_from_mid.collect{|t| t["nccu_id"]}
#remove delete user sho has been deleted at remote first #remove delete user sho has been deleted at remote first
local_need_remove = User.all.collect{|t| t.nccu_id rescue nil}.uniq.delete_if {|x| x == nil} - remote_list local_need_remove = User.all.collect{|t| t.nccu_id rescue nil}.uniq.delete_if {|x| x == nil} - remote_list
desc "Going to delete User with IDs: #{local_need_remove.inspect}"
local_need_remove.each{|user_id| (User.find user_id).destroy} local_need_remove.each{|user_id| (User.find user_id).destroy}
desc "Deletion completed! \n"
#starting update user #starting update user
desc "Updating and Newing Users"
users_from_mid.each do |mid_user| users_from_mid.each do |mid_user|
local_user = User.find_or_initialize_by(:nccu_id => mid_user["nccu_id"]) ut_item = ut_data_from_mid.find{|ut_data| ut_data["ut_cod"] == mid_user["ut_cod"]}
local_user.update_attributes(mid_user) up_ut_item = ut_data_from_mid.find{|ut_data| ut_data["ut_cod"] == mid_user["up_ut_cod"] }
local_user = User.find_or_initialize_by(:nccu_ldap_uid => mid_user["nccu_id"])
AttributeValue.find_or_create_by( :user_id => local_user.id, :attribute_field_id => info_profile.attribute_fields[0].id, :key => 'first_name', :en => '', :zh_tw => (mid_user["psn_nam"].size <= 3? mid_user["psn_nam"][1..2]:mid_user["psn_nam"][2..-1]) )
AttributeValue.find_or_create_by( :user_id => local_user.id, :attribute_field_id => info_profile.attribute_fields[1].id, :key => 'last_name', :en => '', :zh_tw => (mid_user["psn_nam"].size <= 3? mid_user["psn_nam"][0]:mid_user["psn_nam"][0..1]) )
user_model_mapper = Hash[:ut_cod => mid_user["ut_cod"] ,:up_ut_cod => mid_user["up_ut_cod"],:email => mid_user["eml_adr"],:off_tel_ext => mid_user["off_tel_ext"],:sta_num => mid_user["sta_num"]]
user_model_mapper[:admin] = false
local_user.update_attributes(user_model_mapper)
i18n_department_admin = I18nVariable.find_or_create_by( :document_class => 'Role', :key => 'department_admin', :en => 'Department Admin', :zh_tw => '系所使用者' )
local_user.role = Role.find_or_create_by( :key => "department_admin",:build_in => true)
local_user.role.i18n_variable = i18n_department_admin
unless local_user.ut_cod == local_user.up_ut_cod #if the ut_cod has additions info for up ut
local_user.sub_roles << find_or_create_sub_role(local_user.role,ut_data_from_mid,local_user.up_ut_cod)
end
local_user.sub_roles << find_or_create_sub_role(local_user.role,ut_data_from_mid,local_user.ut_cod)
local_user.save! local_user.save!
end end
end end
task :install_admin => :before_instll_admin do task :install_admin => :before_instll_admin do
admins_nccu_id = '2772' admins_nccu_id = '2772'
info_profile = Info.first(conditions: {:key => 'profile'})
# admin_role = Role.find_or_create_by( key: 'administrator') # admin_role = Role.find_or_create_by( key: 'administrator')
# sub_role = admin_role.sub_roles.find_or_create_by(:key => 'computer_center') # sub_role = admin_role.sub_roles.find_or_create_by(:key => 'computer_center')
info_profile = Info.first(conditions: {:key => 'profile'})
user_from_mid = MID_CLIENT.query("SELECT #{attr_from_mid.join(',')} FROM rss_pautlst_ut WHERE posgrp_cod IN (#{officer_posgrp_code.join(',')}) AND nccu_id = '#{admins_nccu_id}' limit 1") user_from_mid = MID_CLIENT.query("SELECT #{attr_from_mid.join(',')} FROM rss_pautlst_ut WHERE posgrp_cod IN (#{officer_posgrp_code.join(',')}) AND nccu_id = '#{admins_nccu_id}' limit 1")
admin_at_mid = user_from_mid.first admin_at_mid = user_from_mid.first
@ -58,7 +99,7 @@ namespace :mid_site do
local_user = User.find_or_initialize_by(:nccu_id => admin_at_mid["nccu_id"]) local_user = User.find_or_initialize_by(:nccu_id => admin_at_mid["nccu_id"])
local_user.update_attributes(:email => admin_at_mid["eml_adr"], :admin => true, :role_id => admin_role.id, :sub_role_ids => [sub_role.id]) local_user.update_attributes(:email => admin_at_mid["eml_adr"], :admin => true, :role_id => admin_role.id, :sub_role_ids => [sub_role.id])
AttributeValue.create( :user => local_user, :attribute_field => info_profile.attribute_fields[0], :key => 'first_name', :en => user_first_name, :zh_tw => user_first_name ) AttributeValue.create( :user_id => local_user.id, :attribute_field_id => info_profile.attribute_fields[0].id, :key => 'first_name', :en => user_first_name, :zh_tw => user_first_name )
AttributeValue.create( :user_id => local_user.id, :attribute_field_id => info_profile.attribute_fields[1].id, :key => 'last_name', :en => user_last_name, :zh_tw => user_last_name ) AttributeValue.create( :user_id => local_user.id, :attribute_field_id => info_profile.attribute_fields[1].id, :key => 'last_name', :en => user_last_name, :zh_tw => user_last_name )
end end
@ -95,6 +136,10 @@ namespace :mid_site do
i18ns.each { |var| var.destroy } i18ns.each { |var| var.destroy }
end end
task :clean_ldap_users => :environment do
User.where(:nccu_ldap_id.ne => nil ).each {|t| t.destroy}
end
task :clean_admin_role_and_sub_role => :environment do task :clean_admin_role_and_sub_role => :environment do
data = Role.any_in( key: ['administrator','computer_center']) data = Role.any_in( key: ['administrator','computer_center'])
data.each { |var| var.destroy } data.each { |var| var.destroy }

View File

@ -8,5 +8,6 @@
"create_date": "11-11-2011", "create_date": "11-11-2011",
"app_pages": ["bulletins"], "app_pages": ["bulletins"],
"widgets": ["bulletins", "bulletins_and_web_links"], "widgets": ["bulletins", "bulletins_and_web_links"],
"category": ["BulletinCategory"],
"enable_frontend": true "enable_frontend": true
} }

View File

@ -1,5 +1,4 @@
class Panel::Announcement::BackEnd::BulletinCategorysController < ApplicationController class Panel::Announcement::BackEnd::BulletinCategorysController < OrbitBackendController
layout 'new_admin' layout 'new_admin'
def index def index

View File

@ -1,5 +1,5 @@
class Panel::Announcement::BackEnd::BulletinsController < ApplicationController class Panel::Announcement::BackEnd::BulletinsController < OrbitBackendController
include AdminHelper
layout 'new_admin' layout 'new_admin'
before_filter :authenticate_user! before_filter :authenticate_user!
@ -151,7 +151,6 @@ class Panel::Announcement::BackEnd::BulletinsController < ApplicationController
elsif is_sub_manager? elsif is_sub_manager?
@bulletin_categorys = BulletinCategory.authed_for_user(current_user,'submit_new') @bulletin_categorys = BulletinCategory.authed_for_user(current_user,'submit_new')
end end
<<<<<<< HEAD
end end
def get_sorted_bulletins def get_sorted_bulletins
@ -196,8 +195,7 @@ class Panel::Announcement::BackEnd::BulletinsController < ApplicationController
a.flatten! a.flatten!
a.uniq a.uniq
end end
=======
>>>>>>> 26cd6951dba43b1f6eaf5056160309c5c77a8716
end end

View File

@ -1,4 +1,4 @@
class Panel::Announcement::FrontEnd::BulletinsController < ObitWidgetController class Panel::Announcement::FrontEnd::BulletinsController < OrbitWidgetController
def initialize def initialize
super super

View File

@ -1,4 +1,4 @@
class Panel::Announcement::Widget::BulletinsController < ObitWidgetController class Panel::Announcement::Widget::BulletinsController < OrbitWidgetController
def initialize def initialize
super super

View File

@ -1,4 +1,4 @@
class Panel::NewBlog::Widget::PostsController < ObitWidgetController class Panel::NewBlog::Widget::PostsController < \"
# GET /posts # GET /posts
# GET /posts.xml # GET /posts.xml
def index def index

View File

@ -1,4 +1,4 @@
class Panel::PageContent::FrontEnd::PageContextsController < ObitWidgetController class Panel::PageContent::FrontEnd::PageContextsController < \"
def initialize def initialize
super super

View File

@ -1,4 +1,4 @@
class Panel::WebResource::FrontEnd::WebLinksController < ObitWidgetController class Panel::WebResource::FrontEnd::WebLinksController < \"
def initialize def initialize
super super

View File

@ -1,4 +1,4 @@
class Panel::WebResource::Widget::WebLinksController < ObitWidgetController class Panel::WebResource::Widget::WebLinksController < \"
def initialize def initialize
super super

View File

@ -8,5 +8,6 @@
"create_date": "11-11-2011", "create_date": "11-11-2011",
"app_pages": ["web_links"], "app_pages": ["web_links"],
"widgets": ["web_links"], "widgets": ["web_links"],
"category": ["WebLinkCategory"],
"enable_frontend": true "enable_frontend": true
} }