mirror of
https://github.com/GAM-team/GAM.git
synced 2026-07-03 20:31:35 +00:00
Fixed bug in gam print|show admins
This commit is contained in:
@@ -1553,6 +1553,9 @@ gam create|add admin <EmailAddress>|<UniqueID> <RoleItem> customer|(org_unit <Or
|
|||||||
[condition securitygroup|nonsecuritygroup]
|
[condition securitygroup|nonsecuritygroup]
|
||||||
gam delete admin <RoleAssignmentId>
|
gam delete admin <RoleAssignmentId>
|
||||||
|
|
||||||
|
<AdminAssigneeType> ::= group|user|serviceaccount|unknown
|
||||||
|
<AdminAssigneeTypeList> ::= "<AdminAssigneeType>(,<AdminAssigneeType>)*"
|
||||||
|
|
||||||
gam print admins [todrive <ToDriveAttribute>*]
|
gam print admins [todrive <ToDriveAttribute>*]
|
||||||
[user|group <EmailAddress>|<UniqueID>] [role <RoleItem>]
|
[user|group <EmailAddress>|<UniqueID>] [role <RoleItem>]
|
||||||
[types <AdminAssigneeTypeList>]
|
[types <AdminAssigneeTypeList>]
|
||||||
|
|||||||
@@ -1,3 +1,8 @@
|
|||||||
|
7.23.07
|
||||||
|
|
||||||
|
Fixed bug in `gam print|show admins` where all admin assignments were not displayed when
|
||||||
|
`types <AdminAssigneeTypeList>` was not specified, i.e., all assignments should be displayed.
|
||||||
|
|
||||||
7.23.06
|
7.23.06
|
||||||
|
|
||||||
Added option `types <AdminAssigneeTypeList>` to `gam print|show admins` that allows filtering
|
Added option `types <AdminAssigneeTypeList>` to `gam print|show admins` that allows filtering
|
||||||
|
|||||||
@@ -25,7 +25,7 @@ https://github.com/GAM-team/GAM/wiki
|
|||||||
"""
|
"""
|
||||||
|
|
||||||
__author__ = 'GAM Team <google-apps-manager@googlegroups.com>'
|
__author__ = 'GAM Team <google-apps-manager@googlegroups.com>'
|
||||||
__version__ = '7.23.06'
|
__version__ = '7.23.07'
|
||||||
__license__ = 'Apache License 2.0 (http://www.apache.org/licenses/LICENSE-2.0)'
|
__license__ = 'Apache License 2.0 (http://www.apache.org/licenses/LICENSE-2.0)'
|
||||||
|
|
||||||
#pylint: disable=wrong-import-position
|
#pylint: disable=wrong-import-position
|
||||||
@@ -16998,22 +16998,11 @@ ADMIN_ASSIGNEE_TYPE_TO_ASSIGNEDTO_FIELD_MAP = {
|
|||||||
}
|
}
|
||||||
ALL_ASSIGNEE_TYPES = ['user', 'group', 'serviceaccount']
|
ALL_ASSIGNEE_TYPES = ['user', 'group', 'serviceaccount']
|
||||||
|
|
||||||
PRINT_ADMIN_FIELDS = ['roleAssignmentId', 'roleId', 'assignedTo', 'scopeType', 'orgUnitId', 'assigneeType']
|
PRINT_ADMIN_FIELDS = ['roleAssignmentId', 'roleId', 'assignedTo', 'scopeType', 'orgUnitId']
|
||||||
PRINT_ADMIN_TITLES = ['roleAssignmentId', 'roleId', 'role',
|
PRINT_ADMIN_TITLES = ['roleAssignmentId', 'roleId', 'role',
|
||||||
'assignedTo', 'assignedToUser', 'assignedToGroup', 'assignedToServiceAccount', 'assignedToUnknown',
|
'assignedTo', 'assignedToUser', 'assignedToGroup', 'assignedToServiceAccount', 'assignedToUnknown',
|
||||||
'scopeType', 'orgUnitId', 'orgUnit']
|
'scopeType', 'orgUnitId', 'orgUnit']
|
||||||
|
|
||||||
def getAssigneeTypes(myarg, typesSet):
|
|
||||||
if myarg in {'type', 'types'}:
|
|
||||||
for gtype in getString(Cmd.OB_ADMIN_ASSIGNEE_TYPE_LIST).lower().replace(',', ' ').split():
|
|
||||||
if gtype in ADMIN_ASSIGNEE_TYPE_TO_ASSIGNEDTO_FIELD_MAP:
|
|
||||||
typesSet.add(ADMIN_ASSIGNEE_TYPE_TO_ASSIGNEDTO_FIELD_MAP[gtype])
|
|
||||||
else:
|
|
||||||
invalidChoiceExit(gtype, ADMIN_ASSIGNEE_TYPE_TO_ASSIGNEDTO_FIELD_MAP, True)
|
|
||||||
else:
|
|
||||||
return False
|
|
||||||
return True
|
|
||||||
|
|
||||||
# gam print admins [todrive <ToDriveAttribute>*]
|
# gam print admins [todrive <ToDriveAttribute>*]
|
||||||
# [user|group <EmailAddress>|<UniqueID>] [role <RoleItem>]
|
# [user|group <EmailAddress>|<UniqueID>] [role <RoleItem>]
|
||||||
# [types <AdminAssigneeTypeList>]
|
# [types <AdminAssigneeTypeList>]
|
||||||
@@ -17023,6 +17012,17 @@ def getAssigneeTypes(myarg, typesSet):
|
|||||||
# [types <AdminAssigneeTypeList>]
|
# [types <AdminAssigneeTypeList>]
|
||||||
# [recursive] [condition] [privileges]
|
# [recursive] [condition] [privileges]
|
||||||
def doPrintShowAdmins():
|
def doPrintShowAdmins():
|
||||||
|
def _getAssigneeTypes(myarg):
|
||||||
|
if myarg in {'type', 'types'}:
|
||||||
|
for gtype in getString(Cmd.OB_ADMIN_ASSIGNEE_TYPE_LIST).lower().replace(',', ' ').split():
|
||||||
|
if gtype in ADMIN_ASSIGNEE_TYPE_TO_ASSIGNEDTO_FIELD_MAP:
|
||||||
|
typesSet.add(ADMIN_ASSIGNEE_TYPE_TO_ASSIGNEDTO_FIELD_MAP[gtype])
|
||||||
|
else:
|
||||||
|
invalidChoiceExit(gtype, ADMIN_ASSIGNEE_TYPE_TO_ASSIGNEDTO_FIELD_MAP, True)
|
||||||
|
else:
|
||||||
|
return False
|
||||||
|
return True
|
||||||
|
|
||||||
def _getPrivileges(admin):
|
def _getPrivileges(admin):
|
||||||
if showPrivileges:
|
if showPrivileges:
|
||||||
roleId = admin['roleId']
|
roleId = admin['roleId']
|
||||||
@@ -17048,9 +17048,10 @@ def doPrintShowAdmins():
|
|||||||
def _setNamesFromIds(admin, privileges):
|
def _setNamesFromIds(admin, privileges):
|
||||||
admin['role'] = role_from_roleid(admin['roleId'])
|
admin['role'] = role_from_roleid(admin['roleId'])
|
||||||
assignedTo = admin['assignedTo']
|
assignedTo = admin['assignedTo']
|
||||||
|
admin['assignedToUnknown'] = False
|
||||||
if assignedTo not in assignedToIdEmailMap:
|
if assignedTo not in assignedToIdEmailMap:
|
||||||
assigneeEmail, assigneeType = convertUIDtoEmailAddressWithType(f'uid:{assignedTo}', cd, sal,
|
emailTypes = ALL_ASSIGNEE_TYPES if admin.get('assigneeType', '') != 'group' else ['group']
|
||||||
emailTypes=ALL_ASSIGNEE_TYPES if admin.get('assigneeType') != 'group' else ['group'])
|
assigneeEmail, assigneeType = convertUIDtoEmailAddressWithType(f'uid:{assignedTo}', cd, sal, emailTypes=emailTypes)
|
||||||
if assigneeType in ADMIN_ASSIGNEE_TYPE_TO_ASSIGNEDTO_FIELD_MAP:
|
if assigneeType in ADMIN_ASSIGNEE_TYPE_TO_ASSIGNEDTO_FIELD_MAP:
|
||||||
assignedToField = ADMIN_ASSIGNEE_TYPE_TO_ASSIGNEDTO_FIELD_MAP[assigneeType]
|
assignedToField = ADMIN_ASSIGNEE_TYPE_TO_ASSIGNEDTO_FIELD_MAP[assigneeType]
|
||||||
else:
|
else:
|
||||||
@@ -17069,17 +17070,21 @@ def doPrintShowAdmins():
|
|||||||
admin['condition'] = 'securitygroup'
|
admin['condition'] = 'securitygroup'
|
||||||
elif admin['condition'] == NONSECURITY_GROUP_CONDITION:
|
elif admin['condition'] == NONSECURITY_GROUP_CONDITION:
|
||||||
admin['condition'] = 'nonsecuritygroup'
|
admin['condition'] = 'nonsecuritygroup'
|
||||||
|
if debug:
|
||||||
|
print('******', admin['assignedTo'], admin.get('assigneeType', 'no type'),
|
||||||
|
admin['assignedToField'], not typesSet or admin['assignedToField'] in typesSet)
|
||||||
|
return not typesSet or admin['assignedToField'] in typesSet
|
||||||
|
|
||||||
cd = buildGAPIObject(API.DIRECTORY)
|
cd = buildGAPIObject(API.DIRECTORY)
|
||||||
sal = buildGAPIObject(API.SERVICEACCOUNTLOOKUP)
|
sal = buildGAPIObject(API.SERVICEACCOUNTLOOKUP)
|
||||||
csvPF = CSVPrintFile(PRINT_ADMIN_TITLES) if Act.csvFormat() else None
|
csvPF = CSVPrintFile(PRINT_ADMIN_TITLES) if Act.csvFormat() else None
|
||||||
roleId = None
|
roleId = None
|
||||||
userKey = None
|
userKey = None
|
||||||
oneItemPerRow = recursive = showPrivileges = False
|
debug = oneItemPerRow = recursive = showPrivileges = False
|
||||||
typesSet = set()
|
typesSet = set()
|
||||||
kwargs = {}
|
kwargs = {}
|
||||||
rolePrivileges = {}
|
rolePrivileges = {}
|
||||||
fieldsList = PRINT_ADMIN_FIELDS
|
fieldsList = PRINT_ADMIN_FIELDS+['assigneeType']
|
||||||
assignedToIdEmailMap = {}
|
assignedToIdEmailMap = {}
|
||||||
while Cmd.ArgumentsRemaining():
|
while Cmd.ArgumentsRemaining():
|
||||||
myarg = getArgument()
|
myarg = getArgument()
|
||||||
@@ -17089,7 +17094,7 @@ def doPrintShowAdmins():
|
|||||||
userKey = kwargs['userKey'] = getEmailAddress()
|
userKey = kwargs['userKey'] = getEmailAddress()
|
||||||
elif myarg == 'role':
|
elif myarg == 'role':
|
||||||
_, roleId = getRoleId()
|
_, roleId = getRoleId()
|
||||||
elif getAssigneeTypes(myarg, typesSet):
|
elif _getAssigneeTypes(myarg):
|
||||||
pass
|
pass
|
||||||
elif myarg == 'recursive':
|
elif myarg == 'recursive':
|
||||||
recursive = True
|
recursive = True
|
||||||
@@ -17108,13 +17113,13 @@ def doPrintShowAdmins():
|
|||||||
showPrivileges = True
|
showPrivileges = True
|
||||||
elif myarg == 'oneitemperrow':
|
elif myarg == 'oneitemperrow':
|
||||||
oneItemPerRow = True
|
oneItemPerRow = True
|
||||||
|
elif myarg == 'debug':
|
||||||
|
debug = True
|
||||||
else:
|
else:
|
||||||
unknownArgumentExit()
|
unknownArgumentExit()
|
||||||
if roleId and not kwargs:
|
if roleId and not kwargs:
|
||||||
kwargs['roleId'] = roleId
|
kwargs['roleId'] = roleId
|
||||||
roleId = None
|
roleId = None
|
||||||
if not typesSet:
|
|
||||||
typesSet = set(ADMIN_ASSIGNEE_TYPE_TO_ASSIGNEDTO_FIELD_MAP.values())
|
|
||||||
fields = getItemFieldsFromFieldsList('items', fieldsList)
|
fields = getItemFieldsFromFieldsList('items', fieldsList)
|
||||||
printGettingAllAccountEntities(Ent.ADMIN_ROLE_ASSIGNMENT)
|
printGettingAllAccountEntities(Ent.ADMIN_ROLE_ASSIGNMENT)
|
||||||
try:
|
try:
|
||||||
@@ -17147,8 +17152,7 @@ def doPrintShowAdmins():
|
|||||||
continue
|
continue
|
||||||
assignedTo = admin['assignedTo']
|
assignedTo = admin['assignedTo']
|
||||||
if admin['assigneeType'] != 'group' or not recursive:
|
if admin['assigneeType'] != 'group' or not recursive:
|
||||||
_setNamesFromIds(admin, _getPrivileges(admin))
|
if _setNamesFromIds(admin, _getPrivileges(admin)):
|
||||||
if admin['assignedToField'] in typesSet:
|
|
||||||
expandedAdmins.append(admin)
|
expandedAdmins.append(admin)
|
||||||
continue
|
continue
|
||||||
if assignedTo not in groupMembers:
|
if assignedTo not in groupMembers:
|
||||||
@@ -17158,8 +17162,7 @@ def doPrintShowAdmins():
|
|||||||
getGroupMembers(cd, assignedTo, allGroupRoles, membersList, membersSet, i, count,
|
getGroupMembers(cd, assignedTo, allGroupRoles, membersList, membersSet, i, count,
|
||||||
memberOptions, memberDisplayOptions, level, {Ent.TYPE_USER})
|
memberOptions, memberDisplayOptions, level, {Ent.TYPE_USER})
|
||||||
groupMembers[assignedTo] = membersList[:]
|
groupMembers[assignedTo] = membersList[:]
|
||||||
_setNamesFromIds(admin, _getPrivileges(admin))
|
if not _setNamesFromIds(admin, _getPrivileges(admin)):
|
||||||
if admin[assignedToIdEmailMap[assignedTo]['assignedToField']] not in typesSet:
|
|
||||||
continue
|
continue
|
||||||
expandedAdmins.append(admin)
|
expandedAdmins.append(admin)
|
||||||
if not groupMembers[assignedTo]:
|
if not groupMembers[assignedTo]:
|
||||||
@@ -17184,7 +17187,7 @@ def doPrintShowAdmins():
|
|||||||
Ind.Increment()
|
Ind.Increment()
|
||||||
for field in PRINT_ADMIN_TITLES:
|
for field in PRINT_ADMIN_TITLES:
|
||||||
if field in admin:
|
if field in admin:
|
||||||
if field == 'roleAssignmentId':
|
if (field == 'roleAssignmentId') or (field == 'assignedToUnknown' and not admin[field]):
|
||||||
continue
|
continue
|
||||||
printKeyValueList([field, admin[field]])
|
printKeyValueList([field, admin[field]])
|
||||||
if showPrivileges:
|
if showPrivileges:
|
||||||
@@ -17199,6 +17202,7 @@ def doPrintShowAdmins():
|
|||||||
Ind.Decrement()
|
Ind.Decrement()
|
||||||
else:
|
else:
|
||||||
for admin in expandedAdmins:
|
for admin in expandedAdmins:
|
||||||
|
admin.pop('assigneeType', None)
|
||||||
admin.pop('assignedToField')
|
admin.pop('assignedToField')
|
||||||
if not oneItemPerRow or 'rolePrivileges' not in admin:
|
if not oneItemPerRow or 'rolePrivileges' not in admin:
|
||||||
csvPF.WriteRowTitles(flattenJSON(admin))
|
csvPF.WriteRowTitles(flattenJSON(admin))
|
||||||
|
|||||||
Reference in New Issue
Block a user