deepblue/GoogleDriveManagement
1
0
Fork 0
mirror of https://github.com/GAM-team/GAM.git synced 2025-07-09 14:13:35 +00:00
Code Issues Actions 19 Packages Projects Releases Wiki Activity

More expireTime updates (#1299)

Browse Source
This commit is contained in:
Ross Scroggs
2020-12-31 08:38:14 -08:00
committed by GitHub
parent 4f8980184f
commit 0cda3fca31
3 changed files with 44 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/GamCommands.txt
View File

@ -1243,10 +1243,10 @@ gam print mobile [todrive] [(query <QueryMobile>)|(queries <QueryMobileList>)] [
gam create cigroup <EmailAddress> <CIGroupAttribute>* gam create cigroup <EmailAddress> <CIGroupAttribute>*
[makeowner] [alias|aliases <AliasList>] [dynamic <QueryDynamicGroup>] [makeowner] [alias|aliases <AliasList>] [dynamic <QueryDynamicGroup>]
gam update cigroup <GroupItem> [email <EmailAddress>] <CIGroupAttribute>* [security] gam update cigroup <GroupItem> [email <EmailAddress>] <CIGroupAttribute>* [security]
gam update cigroup <GroupItem> add [owner|manager|member] [notsuspended|suspended] [expiretime <Time>] <UserTypeEntity> gam update cigroup <GroupItem> add [owner|manager|member] [notsuspended|suspended] [expires never|<Time>] <UserTypeEntity>
gam update cigroup <GroupItem> delete|remove [owner|manager|member] [notsuspended|suspended] <UserTypeEntity> gam update cigroup <GroupItem> delete|remove [owner|manager|member] [notsuspended|suspended] <UserTypeEntity>
gam update cigroup <GroupItem> sync [owner|manager|member] [notsuspended|suspended] [expiretime <Time>] <UserTypeEntity> gam update cigroup <GroupItem> sync [owner|manager|member] [notsuspended|suspended] [expires never|<Time>] <UserTypeEntity>
gam update cigroup <GroupItem> update [owner|manager|member] [notsuspended|suspended] [expiretime <Time>] <UserTypeEntity> gam update cigroup <GroupItem> update [owner|manager|member] [notsuspended|suspended] [expires never|<Time>] <UserTypeEntity>
gam update cigroup <GroupItem> clear [member] [manager] [owner] [notsuspended|suspended] gam update cigroup <GroupItem> clear [member] [manager] [owner] [notsuspended|suspended]
gam delete cigroup <GroupItem> gam delete cigroup <GroupItem>
gam info cigroup <GroupItem> [nousers] [nojoindate] [showupdatedate] gam info cigroup <GroupItem> [nousers] [nojoindate] [showupdatedate]

67
src/gam/gapi/cloudidentity/groups.py
View File

@ -475,7 +475,7 @@ def update():
if role != ROLE_MEMBER: if role != ROLE_MEMBER:
controlflow.invalid_argument_exit( controlflow.invalid_argument_exit(
sys.argv[i], f'role {role}') sys.argv[i], f'role {role}')
expireTime = sys.argv[i+1] expireTime = utils.get_time_or_delta_from_now(sys.argv[i+1])
i += 2 i += 2
if sys.argv[i].lower() in usergroup_types: if sys.argv[i].lower() in usergroup_types:
users_email = gam.getUsersToModify(entity_type=sys.argv[i].lower(), users_email = gam.getUsersToModify(entity_type=sys.argv[i].lower(),
@ -525,7 +525,7 @@ def update():
} }
if role != ROLE_MEMBER: if role != ROLE_MEMBER:
body['roles'].append({'name': role}) body['roles'].append({'name': role})
if expireTime: elif expireTime not in {None, NEVER_TIME}:
for role in body['roles']: for role in body['roles']:
if role['name'] == ROLE_MEMBER: if role['name'] == ROLE_MEMBER:
role['expiryDetail'] = {'expireTime': expireTime} role['expiryDetail'] = {'expireTime': expireTime}
@ -596,7 +596,7 @@ def update():
for user in to_add: for user in to_add:
item = ['gam', 'update', 'cigroup', f'id:{parent}', 'add', item = ['gam', 'update', 'cigroup', f'id:{parent}', 'add',
role,] role,]
if expireTime: if role == ROLE_MEMBER and expireTime not in {None, NEVER_TIME}:
item.extend(['expires', expireTime]) item.extend(['expires', expireTime])
item.append(user) item.append(user)
items.append(item) items.append(item)
@ -646,39 +646,48 @@ def update():
items.append(item) items.append(item)
elif len(users_email) > 0: elif len(users_email) > 0:
name = membership_email_to_id(ci, parent, users_email[0]) name = membership_email_to_id(ci, parent, users_email[0])
preUpdateRoles = []
addRoles = [] addRoles = []
removeRoles = [] removeRoles = []
updateRoles = [] postUpdateRoles = []
current_roles = gapi.call(ci.groups().memberships(), member_roles = gapi.call(ci.groups().memberships(),
'get', 'get',
name=name, name=name,
fields='roles').get('roles', []) fields='roles').get('roles', [{'name': ROLE_MEMBER}])
current_roles = [crole['name'] for crole in current_roles] current_roles = [crole['name'] for crole in member_roles]
if expireTime: # When upgrading role, strip any expiryDetail from member before role changes
if ROLE_MEMBER in current_roles: if role != ROLE_MEMBER:
updateRoles.append( for crole in member_roles:
{'fieldMask': 'expiryDetail.expireTime', if 'expiryDetail' in crole:
'membershipRole': {'name': role, preUpdateRoles.append(
'expiryDetail': {'expireTime': expireTime}}}) {'fieldMask': 'expiryDetail.expireTime',
else: 'membershipRole': {'name': ROLE_MEMBER,
addRoles.append( 'expiryDetail': {'expireTime': None}}})
{'name': role, 'expiryDetail': {'expireTime': expireTime}}) break
else: # When downgrading role or simply updating member expireTime, update expiryDetail after role changes
for crole in current_roles: elif expireTime:
if crole not in {ROLE_MEMBER, role}: postUpdateRoles.append(
removeRoles.append(crole) {'fieldMask': 'expiryDetail.expireTime',
if role not in current_roles: 'membershipRole': {'name': role,
new_role = {'name': role} 'expiryDetail': {'expireTime': expireTime if expireTime != NEVER_TIME else None}}})
if role == ROLE_MEMBER and expireTime: for crole in current_roles:
new_role['expiryDetail'] = {'expireTime': expireTime} if crole not in {ROLE_MEMBER, role}:
addRoles.append(new_role) removeRoles.append(crole)
if role not in current_roles:
new_role = {'name': role}
if role == ROLE_MEMBER and expireTime not in {None, NEVER_TIME}:
new_role['expiryDetail'] = {'expireTime': expireTime}
postUpdateRoles = []
addRoles.append(new_role)
bodys = [] bodys = []
if preUpdateRoles:
bodys.append({'updateRolesParams': preUpdateRoles})
if addRoles: if addRoles:
bodys.append({'addRoles': addRoles}) bodys.append({'addRoles': addRoles})
if removeRoles: if removeRoles:
bodys.append({'removeRoles': removeRoles}) bodys.append({'removeRoles': removeRoles})
if updateRoles: if postUpdateRoles:
bodys.append({'updateRolesParams': updateRoles}) bodys.append({'updateRolesParams': postUpdateRoles})
for body in bodys: for body in bodys:
try: try:
gapi.call(ci.groups().memberships(), gapi.call(ci.groups().memberships(),

4
src/gam/utils.py
View File

@ -228,12 +228,14 @@ def get_yyyymmdd(argstr, minLen=1, returnTimeStamp=False, returnDateTime=False):
def get_time_or_delta_from_now(time_string): def get_time_or_delta_from_now(time_string):
"""Get an ISO 8601 time or a positive/negative delta applied to now. """Get an ISO 8601 time or a positive/negative delta applied to now.
Args: Args:
time_string (string): The time or delta (e.g. '2017-09-01T12:34:56Z' or '-4h') time_string (string): The time or delta (e.g. '2017-09-01T12:34:56Z' or '-4h') or never
Returns: Returns:
string: iso8601 formatted datetime in UTC. string: iso8601 formatted datetime in UTC.
""" """
time_string = time_string.strip().upper() time_string = time_string.strip().upper()
if time_string: if time_string:
if time_string == 'NEVER':
return NEVER_TIME
if time_string[0] not in ['+', '-']: if time_string[0] not in ['+', '-']:
return time_string return time_string
return (datetime.datetime.utcnow() + return (datetime.datetime.utcnow() +