From dcdfbfa953a52811079763d6cae3cb6264d82202 Mon Sep 17 00:00:00 2001
From: Tanner Collin <git@tannercollin.com>
Date: Tue, 15 Sep 2020 19:17:54 +0000
Subject: [PATCH] Change LDAP group membership based on certification

---
 apiserver/apiserver/api/serializers.py | 15 +++++++++++
 apiserver/apiserver/api/utils_ldap.py  | 35 ++++++++++++++++++++++++++
 apiserver/apiserver/api/views.py       | 30 +++++++++++++++++++++-
 3 files changed, 79 insertions(+), 1 deletion(-)

diff --git a/apiserver/apiserver/api/serializers.py b/apiserver/apiserver/api/serializers.py
index b1024e2..54d9f52 100644
--- a/apiserver/apiserver/api/serializers.py
+++ b/apiserver/apiserver/api/serializers.py
@@ -195,6 +195,21 @@ class AdminMemberSerializer(MemberSerializer):
             'is_staff',
         ]
 
+    def update(self, instance, validated_data):
+        if 'rabbit_cert_date' in validated_data:
+            if validated_data['rabbit_cert_date']:
+                utils_ldap.add_to_group(instance, 'Laser Users')
+            else:
+                utils_ldap.remove_from_group(instance, 'Laser Users')
+
+        if 'trotec_cert_date' in validated_data:
+            if validated_data['trotec_cert_date']:
+                utils_ldap.add_to_group(instance, 'Trotec Users')
+            else:
+                utils_ldap.remove_from_group(instance, 'Trotec Users')
+
+        return super().update(instance, validated_data)
+
 
 # member viewing member list or search result
 class SearchSerializer(serializers.Serializer):
diff --git a/apiserver/apiserver/api/utils_ldap.py b/apiserver/apiserver/api/utils_ldap.py
index cd076f4..ac8f1d4 100644
--- a/apiserver/apiserver/api/utils_ldap.py
+++ b/apiserver/apiserver/api/utils_ldap.py
@@ -4,6 +4,7 @@ logger = logging.getLogger(__name__)
 import requests
 
 from apiserver import secrets
+from apiserver.api import utils
 
 def is_configured():
     return bool(secrets.LDAP_API_URL and secrets.LDAP_API_KEY)
@@ -39,3 +40,37 @@ def set_password(data):
         password=data['password1'],
     )
     return ldap_api('set-password', ldap_data)
+
+def add_to_group(member, group):
+    try:
+        ldap_data = dict(group=group)
+
+        if member.user:
+            ldap_data['username'] = member.user.username
+        else:
+            ldap_data['email'] = member.old_email
+
+        if ldap_api('add-to-group', ldap_data) != 200: raise
+    except BaseException as e:
+        logger.error('LDAP Group - {} - {}'.format(e.__class__.__name__, str(e)))
+        m = '{} {} ({})'.format(member.first_name, member.last_name, member.id)
+        msg = 'Problem adding {} to group {}!'.format(m, group)
+        utils.alert_tanner(msg)
+        logger.info(msg)
+
+def remove_from_group(member, group):
+    try:
+        ldap_data = dict(group=group)
+
+        if member.user:
+            ldap_data['username'] = member.user.username
+        else:
+            ldap_data['email'] = member.old_email
+
+        if ldap_api('remove-from-group', ldap_data) != 200: raise
+    except BaseException as e:
+        logger.error('LDAP Group - {} - {}'.format(e.__class__.__name__, str(e)))
+        m = '{} {} ({})'.format(member.first_name, member.last_name, member.id)
+        msg = 'Problem adding {} to group {}!'.format(m, group)
+        utils.alert_tanner(msg)
+        logger.info(msg)
diff --git a/apiserver/apiserver/api/views.py b/apiserver/apiserver/api/views.py
index 1e5f20b..cdb88f1 100644
--- a/apiserver/apiserver/api/views.py
+++ b/apiserver/apiserver/api/views.py
@@ -20,7 +20,7 @@ import datetime, time
 
 import requests
 
-from . import models, serializers, utils, utils_paypal, utils_stats
+from . import models, serializers, utils, utils_paypal, utils_stats, utils_ldap
 from .permissions import (
     is_admin_director,
     AllowMetadata,
@@ -234,6 +234,20 @@ class TrainingViewSet(Base, Retrieve, Create, Update):
                 member.mill_cert_date = utils.today_alberta_tz() if status == 'Attended' else None
             elif session.course.id == 259:
                 member.cnc_cert_date = utils.today_alberta_tz() if status == 'Attended' else None
+            elif session.course.id == 247:
+                member.rabbit_cert_date = utils.today_alberta_tz() if status == 'Attended' else None
+
+                if status == 'Attended':
+                    utils_ldap.add_to_group(member, 'Laser Users')
+                else:
+                    utils_ldap.remove_from_group(member, 'Laser Users')
+            elif session.course.id == 321:
+                member.trotec_cert_date = utils.today_alberta_tz() if status == 'Attended' else None
+
+                if status == 'Attended':
+                    utils_ldap.add_to_group(member, 'Trotec Users')
+                else:
+                    utils_ldap.remove_from_group(member, 'Trotec Users')
             member.save()
 
             serializer.save(user=user, member_id=member.id, attendance_status=status)
@@ -273,6 +287,20 @@ class TrainingViewSet(Base, Retrieve, Create, Update):
             member.mill_cert_date = utils.today_alberta_tz() if status == 'Attended' else None
         elif session.course.id == 259:
             member.cnc_cert_date = utils.today_alberta_tz() if status == 'Attended' else None
+        elif session.course.id == 247:
+            member.rabbit_cert_date = utils.today_alberta_tz() if status == 'Attended' else None
+
+            if status == 'Attended':
+                utils_ldap.add_to_group(member, 'Laser Users')
+            else:
+                utils_ldap.remove_from_group(member, 'Laser Users')
+        elif session.course.id == 321:
+            member.trotec_cert_date = utils.today_alberta_tz() if status == 'Attended' else None
+
+            if status == 'Attended':
+                utils_ldap.add_to_group(member, 'Trotec Users')
+            else:
+                utils_ldap.remove_from_group(member, 'Trotec Users')
         member.save()