You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@whimsical.apache.org by Sam Ruby <ru...@apache.org> on 2016/04/01 23:56:08 UTC

[whimsy.git] [1/1] Commit 92897c8: start to factor out ldap authentication

Commit 92897c81b19ca1d55f29e93044342b8031b9aba2:
    start to factor out ldap authentication


Branch: refs/heads/master
Author: Sam Ruby <ru...@intertwingly.net>
Committer: Sam Ruby <ru...@intertwingly.net>
Pusher: rubys <ru...@apache.org>

------------------------------------------------------------
www/roster/models.rb                                         | ++ 
www/roster/models/ldap.rb                                    | +++++++++++++++ 
www/roster/views/actions/sascore.json.rb                     | ++++ ---------
------------------------------------------------------------
56 changes: 39 additions, 17 deletions.
------------------------------------------------------------


diff --git a/www/roster/models.rb b/www/roster/models.rb
index 0cf8bb1..29636bc 100644
--- a/www/roster/models.rb
+++ b/www/roster/models.rb
@@ -3,3 +3,5 @@
 require_relative 'models/committer'
 require_relative 'models/committee'
 require_relative 'models/group'
+
+require_relative 'models/ldap'
diff --git a/www/roster/models/ldap.rb b/www/roster/models/ldap.rb
new file mode 100644
index 0000000..906f63b
--- /dev/null
+++ b/www/roster/models/ldap.rb
@@ -0,0 +1,30 @@
+#
+# Implement an _ldap command for json actions.
+#
+# Once tested, this code could migrate into whimsy/asf, and be available
+# for all Rack application (e.g., secmail, board/agenda, roster)
+#
+
+# provide methods to encapsulate updates update LDAP
+module ASF
+  module LDAP
+    class JsonBuilder
+      def initialize(env)
+        @env = env
+      end
+
+      def update(&block)
+        ASF::LDAP.bind(@env.user, @env.password, &block)
+      end
+    end
+  end
+end
+
+# provide _ldap command which forwards requests to the ASF::LDAP::JsonBuilder
+module Wunderbar
+  class JsonBuilder
+    def _ldap
+      ASF::LDAP::JsonBuilder.new(env)
+    end
+  end
+end
diff --git a/www/roster/views/actions/sascore.json.rb b/www/roster/views/actions/sascore.json.rb
index 0ae46fd..afee769 100644
--- a/www/roster/views/actions/sascore.json.rb
+++ b/www/roster/views/actions/sascore.json.rb
@@ -2,26 +2,16 @@
 # Update LDAP SpamAssassin score attribute for a committer
 #
 
-# probably not needed as LDAP will fail anyway, but ensure that the user
-# has authority to update fields
-unless 
-  env.user == @userid or 
-  ASF::Service.find('asf-secretary').members.include? ASF::Person.find(env.user)
-then
-  raise Error.new('unauthorized')
-end
-
 # update LDAP
-if env.password
-  ASF::LDAP.bind(env.user, env.password) do
-    person = ASF::Person.find(@userid)
+_ldap.update do
+  person = ASF::Person.find(@userid)
+
+  # report the previous value in the response
+  _previous sascore: person.attrs['asf-sascore']
 
-    if @sascore
-      person.modify 'asf-sascore', @sascore
-    end
+  if @sascore and not @dryrun
+    person.modify 'asf-sascore', @sascore
   end
-else
-  STDERR.puts 'unable to access password'
 end
 
 # return updated committer info