diff --git a/bin/lib/ail_orgs.py b/bin/lib/ail_orgs.py index e3ba4ea4..11e3ab2a 100755 --- a/bin/lib/ail_orgs.py +++ b/bin/lib/ail_orgs.py @@ -76,7 +76,7 @@ def get_orgs_selector(): for org_uuid in get_orgs(): org = Organisation(org_uuid) name = org.get_name() - orgs.append({'uuid': org_uuid, 'name': name}) + orgs.append(f'{org_uuid}: {name}') return orgs def create_default_org(): diff --git a/bin/lib/ail_users.py b/bin/lib/ail_users.py index e000444e..e60aec64 100755 --- a/bin/lib/ail_users.py +++ b/bin/lib/ail_users.py @@ -333,6 +333,11 @@ def create_user(user_id, password=None, admin_id=None, chg_passwd=True, org_uuid # CREATE USER if admin_id: + # ORG + org = ail_orgs.Organisation(org_uuid) + if not org.exists(): + raise Exception('Organisation does not exist') + r_serv_db.hset(f'ail:user:metadata:{user_id}', 'creator', admin_id) date = datetime.utcnow().strftime('%Y-%m-%d %H:%M:%S') r_serv_db.hset(f'ail:user:metadata:{user_id}', 'created_at', date) @@ -344,9 +349,6 @@ def create_user(user_id, password=None, admin_id=None, chg_passwd=True, org_uuid set_user_role(user_id, role) # ORG - org = ail_orgs.Organisation(org_uuid) - if not org.exists(): - raise Exception('Organisation does not exist') org.add_user(user_id) r_serv_db.hset('ail:users:all', user_id, password_hash) @@ -699,13 +701,19 @@ def api_create_user_api_key(user_id, admin_id, ip_address, user_agent): def api_create_user(admin_id, ip_address, user_agent, user_id, password, org_uuid, role, otp): user = AILUser(user_id) + if not ail_orgs.exists_org(org_uuid): + return {'status': 'error', 'reason': 'Unknown Organisation'}, 400 + if not exists_role(role): + return {'status': 'error', 'reason': 'Unknown User Role'}, 400 if not user.exists(): create_user(user_id, password=password, admin_id=admin_id, org_uuid=org_uuid, role=role, otp=otp) access_logger.info(f'Create user {user_id}', extra={'user_id': admin_id, 'ip_address': ip_address, 'user_agent': user_agent}) + return user_id, 200 # Edit else: edit_user(admin_id, user_id, password, chg_passwd=True, org_uuid=org_uuid, edit_otp=True, otp=otp, role=role) access_logger.info(f'Edit user {user_id}', extra={'user_id': admin_id, 'ip_address': ip_address, 'user_agent': user_agent}) + return user_id, 200 def api_change_user_self_password(user_id, password): if not check_password_strength(password): @@ -755,6 +763,9 @@ def _get_users_roles_dict(): 'admin': ['read_only', 'user_no_api', 'user', 'org_admin', 'admin'], } +def exists_role(role): + return role in _get_users_roles_list() + def set_user_role(user_id, role): roles = _get_users_roles_dict() # set role diff --git a/var/www/blueprints/settings_b.py b/var/www/blueprints/settings_b.py index 5f1b6d2c..79ad9dbe 100644 --- a/var/www/blueprints/settings_b.py +++ b/var/www/blueprints/settings_b.py @@ -221,8 +221,12 @@ def create_user(): meta = r[0] all_roles = ail_users.get_roles() orgs = ail_orgs.get_orgs_selector() + if meta: + selector_val = f"{meta['org']}: {meta['org_name']}" + else: + selector_val = None return render_template("create_user.html", all_roles=all_roles, orgs=orgs, meta=meta, - error=error, error_mail=error_mail, + error=error, error_mail=error_mail, selector_val=selector_val, acl_admin=True) @settings_b.route("/settings/edit_user", methods=['GET']) @@ -251,6 +255,9 @@ def create_user_post(): else: enable_2_fa = False + if org_uuid: + org_uuid = org_uuid[2:].split(':', 1)[0] + all_roles = ail_users.get_roles() if email and len(email) < 300 and ail_users.check_email(email) and role: @@ -277,7 +284,10 @@ def create_user_post(): edit = True else: edit = False - ail_users.api_create_user(admin_id, request.access_route[0], request.user_agent, email, password, org_uuid, role, enable_2_fa) + r = ail_users.api_create_user(admin_id, request.access_route[0], request.user_agent, email, password, org_uuid, role, enable_2_fa) + if r[1] != 200: + return create_json_response(r[0], r[1]) + new_user = {'email': email, 'password': str_password, 'org': org_uuid, 'otp': enable_2_fa, 'edited': edit} # qr_code = ail_users.create_qr_code(f'{email} - {password}') return render_template("create_user.html", new_user=new_user, meta={}, diff --git a/var/www/templates/settings/create_user.html b/var/www/templates/settings/create_user.html index 96ceea7b..e779874d 100644 --- a/var/www/templates/settings/create_user.html +++ b/var/www/templates/settings/create_user.html @@ -9,6 +9,7 @@ + @@ -16,6 +17,7 @@ + @@ -60,15 +62,8 @@ {% endif %} - + +