Show the list of groups a user belongs to.

6 files changed, 63 insertions, 3 deletions

diff --git a/ipa-python/ipaclient.py b/ipa-python/ipaclient.py
index 880b47852..6fbd41d58 100644
--- a/ipa-python/ipaclient.py
+++ b/ipa-python/ipaclient.py
@@ -160,6 +160,15 @@ class IPAClient:
         result = self.transport.get_group_by_dn(dn,sattrs)
         return group.Group(result)
 
+    def get_groups_by_member(self,member_dn,sattrs=None):
+        """Gets the groups that member_dn belongs to.
+           If sattrs is not None then only those
+           attributes will be returned, otherwise all available
+           attributes are returned. The result is a list of groups."""
+        results = self.transport.get_groups_by_member(member_dn,sattrs)
+
+        return map(lambda result: group.Group(result), results)
+
     def add_group(self,group,group_container=None):
         """Add a group. group is a ipa.group.Group object"""
 
diff --git a/ipa-python/rpcclient.py b/ipa-python/rpcclient.py
index 21ea68bc6..c662761cf 100644
--- a/ipa-python/rpcclient.py
+++ b/ipa-python/rpcclient.py
@@ -258,6 +258,23 @@ class RPCClient:
 
         return ipautil.unwrap_binary_data(result)
 
+    def get_groups_by_member(self,member_dn,sattrs=None):
+        """Gets the groups that member_dn belongs to.
+           If sattrs is not None then only those
+           attributes will be returned, otherwise all available
+           attributes are returned. The result is a list of dicts."""
+        server = self.setup_server()
+        if sattrs is None:
+            sattrs = "__NONE__"
+        try:
+            result = server.get_groups_by_member(member_dn, sattrs)
+        except xmlrpclib.Fault, fault:
+            raise ipaerror.gen_exception(fault.faultCode, fault.faultString)
+        except socket.error, (value, msg):
+            raise xmlrpclib.Fault(value, msg)
+
+        return ipautil.unwrap_binary_data(result)
+
     def add_group(self,group,group_container=None):
         """Add a new group. Takes as input a dict where the key is the
            attribute name and the value is either a string or in the case
diff --git a/ipa-server/ipa-gui/ipagui/controllers.py b/ipa-server/ipa-gui/ipagui/controllers.py
index c1aa5e860..11ce48a73 100644
--- a/ipa-server/ipa-gui/ipagui/controllers.py
+++ b/ipa-server/ipa-gui/ipagui/controllers.py
@@ -251,7 +251,9 @@ class Root(controllers.RootController):
         client.set_krbccache(os.environ["KRB5CCNAME"])
         try:
             user = client.get_user_by_uid(uid, user_fields)
-            return dict(user=user.toDict(), fields=forms.user.UserFields())
+            user_groups = client.get_groups_by_member(user.dn, ['cn'])
+            return dict(user=user.toDict(), fields=forms.user.UserFields(),
+                        user_groups=user_groups)
         except ipaerror.IPAError, e:
             turbogears.flash("User show failed: " + str(e))
             raise turbogears.redirect("/")
diff --git a/ipa-server/ipa-gui/ipagui/templates/usershow.kid b/ipa-server/ipa-gui/ipagui/templates/usershow.kid
index aff400c54..5092a427f 100644
--- a/ipa-server/ipa-gui/ipagui/templates/usershow.kid
+++ b/ipa-server/ipa-gui/ipagui/templates/usershow.kid
@@ -90,6 +90,14 @@ else:
       </tr>
     </table>
 
+    <div class="formsection">Groups</div>
+    <div py:for="group in user_groups">
+      <a href="${tg.url('/groupshow', cn=group.cn)}">${group.cn}</a>
+    </div>
+
+    <br/>
+    <br/>
+
     <a href="${tg.url('/useredit', uid=user.get('uid'))}">edit</a>
 
 </body>
diff --git a/ipa-server/xmlrpc-server/funcs.py b/ipa-server/xmlrpc-server/funcs.py
index b34c5d060..2f9606d0f 100644
--- a/ipa-server/xmlrpc-server/funcs.py
+++ b/ipa-server/xmlrpc-server/funcs.py
@@ -204,6 +204,20 @@ class IPAServer:
     
         return self.convert_entry(ent)
 
+    def __get_list (self, base, filter, sattrs=None, opts=None):
+        """Gets a list of entries. Each is converted to a dict of values.
+           Multi-valued fields are represented as lists.
+        """
+        entries = []
+
+        conn = self.getConnection(opts)
+        try:
+            entries = conn.getList(base, self.scope, filter, sattrs)
+        finally:
+            self.releaseConnection(conn)
+
+        return map(self.convert_entry, entries)
+
     def __update_entry (self, oldentry, newentry, opts=None):
         """Update an LDAP entry
 
@@ -571,7 +585,7 @@ class IPAServer:
         cn = self.__safe_filter(cn)
         filter = "(cn=" + cn + ")"
         return self.__get_entry(self.basedn, filter, sattrs, opts)
-    
+
     def get_group_by_dn (self, dn, sattrs=None, opts=None):
         """Get a specific group's entry. Return as a dict of values.
            Multi-valued fields are represented as lists.
@@ -579,7 +593,16 @@ class IPAServer:
 
         filter = "(objectClass=*)"
         return self.__get_entry(dn, filter, sattrs, opts)
-    
+
+    def get_groups_by_member (self, member_dn, sattrs=None, opts=None):
+        """Get a specific group's entry. Return as a dict of values.
+           Multi-valued fields are represented as lists.
+        """
+
+        filter = "(&(objectClass=posixGroup)(uniqueMember=%s))" % member_dn
+
+        return self.__get_list(self.basedn, filter, sattrs, opts)
+
     def add_group (self, group, group_container=None, opts=None):
         """Add a group in LDAP. Takes as input a dict where the key is the
            attribute name and the value is either a string or in the case
diff --git a/ipa-server/xmlrpc-server/ipaxmlrpc.py b/ipa-server/xmlrpc-server/ipaxmlrpc.py
index 6e0750b49..baeb50707 100644
--- a/ipa-server/xmlrpc-server/ipaxmlrpc.py
+++ b/ipa-server/xmlrpc-server/ipaxmlrpc.py
@@ -326,6 +326,7 @@ def handler(req, profiling=False):
             h.register_function(f.modifyPassword)
             h.register_function(f.get_group_by_cn)
             h.register_function(f.get_group_by_dn)
+            h.register_function(f.get_groups_by_member)
             h.register_function(f.add_group)
             h.register_function(f.find_groups)
             h.register_function(f.add_user_to_group)