[MediaWiki-commits] [Gerrit] Update OpenStackNovaUser to use proper OpenStackNovaProject ... - change (mediawiki...OpenStackManager)

[Andrew Bogott (Code Review)]

Andrew Bogott has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/268835

Change subject: Update OpenStackNovaUser to use proper OpenStackNovaProject 
calls.
......................................................................

Update OpenStackNovaUser to use proper OpenStackNovaProject calls.

Previously it dove right into ldap for project info, which won't
work when projects move out of ldap.

Bug: T115029
Change-Id: Iba88ed3417e84763bd04e3907d3c9d0277530edc
---
M nova/OpenStackNovaUser.php
1 file changed, 17 insertions(+), 41 deletions(-)


  git pull 
ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/OpenStackManager 
refs/changes/35/268835/1

diff --git a/nova/OpenStackNovaUser.php b/nova/OpenStackNovaUser.php
index 7ab064f..09429a4 100644
--- a/nova/OpenStackNovaUser.php
+++ b/nova/OpenStackNovaUser.php
@@ -162,22 +162,13 @@
                global $wgAuth;
                global $wgOpenStackManagerLDAPProjectBaseDN;
 
-               # All projects have a owner attribute, project
-               # roles do not
                $projects = array();
-               $filter = "(&(objectclass=groupofnames)(member=$this->userDN))";
-               $result = LdapAuthenticationPlugin::ldap_list( 
$wgAuth->ldapconn, $wgOpenStackManagerLDAPProjectBaseDN, $filter );
-               if ( $result ) {
-                       $entries = LdapAuthenticationPlugin::ldap_get_entries( 
$wgAuth->ldapconn, $result );
-                       if ( $entries ) {
-                               # First entry is always a count
-                               array_shift( $entries );
-                               foreach ( $entries as $entry ) {
-                                       $projects[] = $entry['cn'][0];
-                               }
+               $allprojects = OpenStackNovaProject::getAllProjects();
+               foreach ( $allprojects as $project ) {
+                       $members = $project->getMembers();
+                       if ( in_array( $this->getUid(), $members ) ) {
+                               $projects[] = $project->getId();
                        }
-               } else {
-                       $wgAuth->printDebug( "No result found when searching 
for user's projects", NONSENSITIVE );
                }
                return $projects;
        }
@@ -197,24 +188,19 @@
                        return $roles;
                }
 
-               # All projects have a owner attribute, project
-               # roles do not
                $roles = array();
-               $filter = 
"(&(objectclass=organizationalrole)(roleoccupant=$this->userDN))";
-               $result = LdapAuthenticationPlugin::ldap_search( 
$wgAuth->ldapconn, $wgOpenStackManagerLDAPProjectBaseDN, $filter );
-               if ( $result ) {
-                       $entries = LdapAuthenticationPlugin::ldap_get_entries( 
$wgAuth->ldapconn, $result );
-                       if ( $entries ) {
-                               # First entry is always a count
-                               array_shift( $entries );
-                               foreach ( $entries as $entry ) {
-                                       $roles[] = $entry['cn'][0];
+               $projects = $this->getProjects();
+               foreach ( $projects as $projectid ) {
+                       $project = OpenStackNovaProject::getProjectById( 
$projectid );
+                       $projectroles = $project->getRoles();
+                       foreach ( $projectroles as $role ) {
+                               if ( in_array( $this->getUid(), 
$role->getMembers() ) ) {
+                                       $roles[] = $role->getRoleName();
                                }
                        }
-                       $roles = array_unique( $roles );
-               } else {
-                       $wgAuth->printDebug( "No result found when searching 
for user's roles", NONSENSITIVE );
                }
+
+               $roles = array_unique( $roles );
                $key = wfMemcKey( 'openstackmanager', 'roles', 
$this->getUsername() );
                $wgMemc->set( $key, $roles, '3600' );
                return $roles;
@@ -236,19 +222,9 @@
                        return (bool)$inProject;
                }
 
-               $filter = 
"(&(cn=$project)(member=$this->userDN)(objectclass=groupofnames))";
-               $result = LdapAuthenticationPlugin::ldap_search( 
$wgAuth->ldapconn, $wgOpenStackManagerLDAPProjectBaseDN, $filter );
-               $ret = false;
-               if ( $result ) {
-                       $entries = LdapAuthenticationPlugin::ldap_get_entries( 
$wgAuth->ldapconn, $result );
-                       if ( $entries ) {
-                               if ( $entries['count'] == "0" ) {
-                                       $wgAuth->printDebug( "Couldn't find the 
user in project: $project", NONSENSITIVE );
-                               } else {
-                                       $ret = true;
-                               }
-                       }
-               }
+               $projects = $this->getProjects();
+               $ret = in_array( $projects, $project );
+
                $wgMemc->set( $key, (int)$ret, $cacheLength );
                return $ret;
        }

-- 
To view, visit https://gerrit.wikimedia.org/r/268835
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Iba88ed3417e84763bd04e3907d3c9d0277530edc
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/OpenStackManager
Gerrit-Branch: master
Gerrit-Owner: Andrew Bogott <abog...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits