wrapper.fhtml: Add `license' relationship to the AGPL link.

[chopwood] / cmd-admin.py

### -*-python-*-
###
### Administrative commands
###
### (c) 2013 Mark Wooding
###

###----- Licensing notice ---------------------------------------------------
###
### This file is part of Chopwood: a password-changing service.
###
### Chopwood is free software; you can redistribute it and/or modify
### it under the terms of the GNU Affero General Public License as
### published by the Free Software Foundation; either version 3 of the
### License, or (at your option) any later version.
###
### Chopwood is distributed in the hope that it will be useful,
### but WITHOUT ANY WARRANTY; without even the implied warranty of
### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
### GNU Affero General Public License for more details.
###
### You should have received a copy of the GNU Affero General Public
### License along with Chopwood; if not, see
### <http://www.gnu.org/licenses/>.

from __future__ import with_statement

import agpl as AGPL
import backend as BE
import cmdutil as CU
import config as CONF; CFG = CONF.CFG
import dbmaint as D
import operation as OP
from output import OUT, PRINT
import service as S
import subcommand as SC
import util as U

@SC.subcommand(
  'listusers', ['admin'], 'List the existing users.',
  opts = [SC.Opt('service', '-s', '--service',
              'list users with SERVICE accounts',
              argname = 'SERVICE')],
  oparams = [SC.Arg('pat')])
def cmd_listuser(service = None, pat = None):
  CU.format_list(CU.list_users(service, pat),
                 [CU.column('USER', "~={0.user}A", 3),
                  CU.column('EMAIL', "~={0.email}:[---~;~={0.email}A~]")])

@SC.subcommand(
  'adduser', ['admin'], 'Add a user to the master database.',
  opts = [SC.Opt('email', '-e', '--email',
                 "email address for the new user",
                 argname = 'EMAIL')],
  params = [SC.Arg('user')])
def cmd_adduser(user, email = None):
  with D.DB:
    CU.check_user(user, False)
    D.DB.execute("INSERT INTO users (user, email) VALUES ($user, $email)",
                 user = user, email = email)
    D.DB.execute("""INSERT INTO services (user, service)
                    VALUES ($user, $service)""",
                 user = user, service = 'master')

@SC.subcommand(
  'deluser', ['admin'], 'Remove USER from the master database.',
  params = [SC.Arg('user')])
def cmd_deluser(user, email = None):
  with D.DB:
    CU.check_user(user)
    for service, alias in D.DB.execute(
      "SELECT service, alias FROM services WHERE user = $user",
      user = user):
      if service == 'master': continue
      try:
        svc = S.SERVICES[service]
      except KeyError:
        OUT.warn("User `%s' has account for unknown service `%s'" %
                 (user, service))
      else:
        if svc.manage_pwent_p:
          if alias is None: alias = user
          svc.rmpwent(alias)
    D.DB.execute("DELETE FROM users WHERE user = $user", user = user)

@SC.subcommand(
  'edituser', ['admin'], 'Modify a user record.',
  opts = [SC.Opt('email', '-e', '--email',
                 "change USER's email address",
                 argname = 'EMAIL'),
          SC.Opt('noemail', '-E', '--no-email',
                 "forget USER's email address"),
          SC.Opt('rename', '-r', '--rename',
                 "rename USER",
                 argname = 'NEW-NAME')],
  params = [SC.Arg('user')])
def cmd_edituser(user, email = None, noemail = False, rename = None):
  with D.DB:
    CU.check_user(user)
    if rename is not None: check_user(rename, False)
    CU.edit_records('users', 'user = $user',
                    [('email', email, noemail),
                     ('user', rename, False)],
                    user = user)

@SC.subcommand(
  'delsvc', ['admin'], "Remove all records for SERVICE.",
  params = [SC.Arg('service')])
def cmd_delsvc(service):
  with D.DB:
    CU.check_service(service, must_config_p = False, must_records_p = True)
    D.DB.execute("DELETE FROM services WHERE service = $service",
                 service = service)

@SC.subcommand(
  'editsvc', ['admin'], "Edit a given SERVICE.",
  opts = [SC.Opt('rename', '-r', '--rename', "rename the SERVICE",
                 argname = 'NEW-NAME')],
  params = [SC.Arg('service')])
def cmd_editsvc(service, rename = None):
  with D.DB:
    if service == 'master':
      raise U.ExpectedError, (400, "Can't edit the master service")
    if rename is None:
      CU.check_service(service, must_config_p = True, must_records_p = True)
    else:
      CU.check_service(service, must_config_p = False, must_records_p = True)
      CU.check_service(rename, must_config_p = True, must_records_p = False)
    CU.edit_records('services', 'service = $service',
                    [('service', rename, False)],
                    service = service)

@SC.subcommand(
  'addacct', ['admin'], 'Add an account for a user.',
  opts = [SC.Opt('alias', '-a', '--alias',
                 "alias by which USER is known to SERVICE",
                 argname = 'ALIAS')],
  params = [SC.Arg('user'), SC.Arg('service')],
  rparam = SC.Arg('fields'))
def cmd_addacct(user, service, fields, alias = None):
  with D.DB:
    CU.check_user(user)
    svc = CU.check_service(service)
    D.DB.execute("""SELECT 1 FROM services
                    WHERE user = $user AND service = $service""",
                 user = user, service = service)
    if D.DB.fetchone() is not None:
      raise U.ExpectedError, (
        400, "User `%s' already has a `%s' account" % (user, service))
    D.DB.execute("""INSERT INTO services (service, user, alias)
                    VALUES ($service, $user, $alias)""",
                 service = service, user = user, alias = alias)

    if svc.manage_pwent_p:
      if alias is None: alias = user
      passwd = CFG.RQCLASS.reset([OP.acct(svc, alias)]).pwgen()
      svc.mkpwent(alias, passwd, fields)
    elif fields:
      raise U.ExpectedError, (
        400, "Password entry fields supplied, "
        "but `%s' entries must be created manually" % service)

@SC.subcommand(
  'delacct', ['admin'], "Remove USER's SERVICE account.",
  params = [SC.Arg('user'), SC.Arg('service')])
def cmd_delacct(user, service):
  with D.DB:
    svc, alias = CU.resolve_account(service, user)
    if service == 'master':
      raise U.ExpectedError, \
          (400, "Can't delete master accounts: use `deluser'")
    D.DB.execute("""DELETE FROM services
                    WHERE service = $service AND user = $user""",
                 service = service, user = user)
    if svc.manage_pwent_p:
      svc.rmpwent(alias)
    else:
      OUT.warn("You must remove the `%s' password entry for `%s' by hand" %
               (service, user))

@SC.subcommand(
  'editacct', ['admin'], "Modify USER's SERVICE account record.",
  opts = [SC.Opt('alias', '-a', '--alias',
                 "change USER's login name for SERVICE",
                 argname = 'ALIAS'),
          SC.Opt('noalias', '-A', '--no-alias',
                 "use USER's master login name")],
  params = [SC.Arg('user'), SC.Arg('service')])
def cmd_editacct(user, service, alias = None, noalias = False):
  with D.DB:
    CU.resolve_account(service, user)
    if service == 'master':
      raise U.ExpectedError, (400, "Can't edit master accounts")
    CU.edit_records('services', 'user = $user AND service = $service',
                    [('alias', alias, noalias)],
                    user = user, service = service)

@SC.subcommand(
  'source', ['admin', 'userv', 'remote'], """\
Write source code (in `.tar.gz' format) to standard output.""")
def cmd_source_admin():
  AGPL.source(OUT)

###----- That's all, folks --------------------------------------------------