I have an Active Directory set up with a number of groups, levels of sub-groups, and then users within those sub groups.
I want to specify a group name and retrieve all groups that the group belongs to (either immediately or further up the hierarchy, not important which).
I have code which finds groups that a user belongs to and iterates through them to see if they match with a specified group name, but I can't figure out how to specify a group and search for those groups.
IADsUser *user_object = NULL;
IADsMembers *members;
// ...
// Get object via ADsGetObject
// ...
// Provides me with a list of groups that the user belongs to
user_object->Groups(&members);
The IADsGroup class does not contain a Groups() function so I cannot see how I can retrieve a list of groups that a group belongs to.
You can read the memberOf attribute of the group, using IADs::GetEx.
If you have an IADsGroup group_object:
HRESULT hr;
VARIANT groups;
VariantInit(&groups);
hr = group_object->GetEx(CComBSTR("memberOf"), &groups);
The groups variable will now be a VARIANT array containing the distinguishedName of all the groups. If you want to get the friendly name of each one, then you'll need to bind to each group (using ADsGetObject) to get an IADsGroup object for that group.
The memberOf attribute does have some caveats that you should be aware of, which I wrote about here, but if you're on a single-domain environment with no external, trusted domains, then it shouldn't matter to you.
Note that the return value hr might be E_ADS_PROPERTY_NOT_FOUND if it is not a member of any other groups. Active Directory in general treats empty attributes as non-existent.
Related
For instance, I have two model Group and OrganizationUser. members is a field in Group model which defines as
members=models.ManyToManyField('organizations.OrganizationUser', related_name="member_in_groups", blank=True)
that means a Group instance can have zero or multiple member and an OrganizationUser instance can be a member of zero or multiple Group
For an instance of OrganizationUser user1 I can do user1.member_in_groups.all() to access all the groups user1 is a member of. I want to remove user1 from all the groups user1 is a member of. I'm feeling iterating over the groups one by one and remove user1 isn't a right approach. What is the right way of doing so?
I have got the solution
clear method should work in the scenario. user1.member_in_groups.clear() will clear the record of groups user1 member of also it will reflect on the other end of the relation, that means user1 will be removed from the groups user1 was a member of.
Suppose you have a database with User objects running behind a Djano app
and you want to use django-taggit to tag User objects so you can retrieve subgroups using some convenient filtering.
Additionally you have a Dashboard where you want to display interesting statistics about used tags to glean some information about the subgroups that exists within your Users.
How would you access and display information about the top X tags
used within the Django app?
How would you access only the top X tags of an already filtered
subgroup of the User object?
While there are already a number of posts on SO that describe similar problems most of these describe workarounds or contain scattered information.
In order to make this information easier to find I will post a simple rundown of how to achieve some basic stuff using features of django-taggit that are officially supported but are not present in the official documentation.
How would you access and display information about the top X tags
used within the Django app?
In order to access and display information about the top tags used within the Django app you can use the built in function most_common like so:
top_tags = User.tag.most_common()
This returns a queryset containing all of the tags placed on a User instance ordered from most used descending order.
So say we have 3 tags: ["vegetables", "fruits", "candy"] and 10 users have a fruits tag, 4 users have a vegetables tag and only 1 user has the candy tag the returned order would be: ["fruits", "vegetables", "candy"]
Accessing more information about the tags returned can be done like so:
for tag in top_tags:
print(tag.name) #the name of the tag
print(tag.num_times) # the number of User objects tagged
Additionally if you are only interested in the top 3 tags then you can
access them like this:
top_tags = User.tag.most_common()[:3]
Where you can replace 3 with X where X is the number of items you want returned.
How would you access only the top X tags of an already filtered
subgroup of the User object?
Since Jul 12, 2016 the most_common() function actually has some additional arguments that you can specify. First of all you can specify a min_count which filters out the top tags that fall below a certain threshold. As an illustration using the tags from the previous example:
top_tags = User.tag.most_common()[:3]
returns all three tags as specified earlier but using
top_tags = User.tag.most_common(min_count=2)[:3]
only returns ["fruits", "vegetables"] this is because only 1 User object was tagged with candy meaning that it falls below the min_count of 2
An additional argument that you can provide to most_common is extra_filters this enables you to provide an object containing additional filter values that you want to filter the tags by.
One usage example would be:
filtered_users = User.objects.filter(age=20, is_delete=False)
top_tags = User.tag.most_common(
min_count=1, extra_filters={
'user__in': filtered_users
}
)
Here we create a filtered queryset of User objects that we then provide to the extra_filters argument to limit the tag search to a specific subgroup
I was wondering if there is a variable like :APP_USER, but instead of the username it should return the user group, so I can check if the current user is administrator.
The APEX_UTIL package contains some functions that can be useful for this too:
CURRENT_USER_IN_GROUP This function returns a Boolean result based on
whether the current user is a member of the specified group. You can
use the group name or group ID to identify the group.
GET_GROUPS_USER_BELONGS_TO This function returns a comma then a space
separated list of group names to which the named user is a member.
I found the solution myself:
SELECT group_name
FROM wwv_flow_group_users
WHERE user_id = (SELECT user_id
FROM wwv_flow_users
WHERE user_name ='MRITTMAN')
This lists all group names the user "MRITTMAN" is assigned to.
I'm currently creating a structure where I have employees which belong to a company.
Within this company I need to be able to create several groups. Ranks if you will. You could assign less permissions to lower ranks and more permissions to higher ranks.
I want to go for object level permissions and I noticed the django-guardian project gave me exactly what I needed. It works with the native User and Group objects so I'm now trying to find a way to implement the native group object in a company object.
Problems I face is that name in group is unique. So if 2 companies add the same group, errors will occur.
I found an implementation that works in a way but seems quite 'hacky' to me. In my company I declared a group variable that references Group:
class Company(models.Model):
...
groups = models.ManyToManyField(Group, through='CompanyRole')
CompanyRole basically houses the group name and a reference to company and group
class CompanyRole(models.Model):
group = models.ForeignKey(Group)
company = models.ForeignKey(Company)
real_name = models.CharField(max_length=60, verbose_name=_('Real name'))
objects = CompanyGroupManager()
I created a custom manager with a convenient method to add a new 'company group'
class CompanyGroupManager(models.Manager):
def create_group(self, company, group_name):
un_group_name = str(company.id) + '#' + group_name
group = Group.objects.create(name=un_group_name)
company_group = self.model(
real_name=group_name,
company=company,
group=group
)
company_group.save(using=self._db)
return company_group
Here's the part I don't really feel confortable about. In order to change the problem with the unique name on the Group model I used a combination of the company id, a hash sign and the actual group name to avoid clashes.
Now my question is: are there better methods in my scenario, am I missing something or is this a good way of accomplishing what I need?
Unfortunately there is no way of getting around the unique requirement, that is because this field is used as the id:
https://docs.djangoproject.com/en/dev/ref/models/fields/#django.db.models.Field.unique
Your options are the following:
1) Mocking the model.
You would basically just create a new Group model that doesn't have the unique requirement. The downside here is that you'd need to use it everywhere, so if this requires updating 3rd party apps, it might not be worth it.
2) make the name you unique. (As you did)
Make sure that you document your convention well, so that all future coders will know what they are looking at.Something like "company name"#"group name" could make more intuitive sense than an id. If the a hash might appear in either then use a more certain delimiter ("__" is a relatively common way of connecting related concepts in django, I might go for this).
I would recommend that you add the following to make it easy for you to access the name.
def get_name(self):
# Explain how you get the group name from your uniqueified name
return self.name.split('#')[1]
Group.add_to_class('get_name', get_name)
When you access your group's name in your app, just do:
my_group.get_name()
You might also want to put the generating the uniqueified name into an overridden version of the save(). This would give you nicer split between model and view...
What kind of relations is required to store user's membership in multiple groups to be able to recover:
history of user participation in some groups (date joined, date quit)
list of current user groups (in join order) to determine his current status
list of users, who were participating in that group at a given period of time
I guess it is ManyToMany (or an ugly kind of OneToMany), but can't figure out how to use it; need a minimal example, preferably - for Django's models.
Also, which consistency problems are expected when some group/user needs to be deleted?
members
groups
groupmembers
Groupmembers is your join table and has such things as:
member (one member has many groupmember records)
group (one group has many groupmember records)
create date
remove date (leave null until applicable)
So for your requirements:
query groupmembers with a group and sort by date
query groupmembers with a member (sort by create date)
query groupmembers with a group and remove is null (or inside a date range)