From 0b644ebc96215456f0d10cbe94dcd78a9e9f2598 Mon Sep 17 00:00:00 2001
From: Thierry Bordaz <tbordaz@redhat.com>
Date: Fri, 8 May 2015 18:58:57 +0200
Subject: User life cycle: support of user-undel

add user plugin commands : user-undel
user-undel: moves a user from delete container to the active container

https://fedorahosted.org/freeipa/ticket/3813

Reviewed-By: David Kupka <dkupka@redhat.com>
---
 API.txt                |  7 +++++++
 ipalib/plugins/user.py | 47 ++++++++++++++++++++++++++++++++++++++++++++++-
 2 files changed, 53 insertions(+), 1 deletion(-)

diff --git a/API.txt b/API.txt
index 776c94745..e6b63428a 100644
--- a/API.txt
+++ b/API.txt
@@ -4697,6 +4697,13 @@ output: Output('count', <type 'int'>, None)
 output: ListOfEntries('result', (<type 'list'>, <type 'tuple'>), Gettext('A list of LDAP entries', domain='ipa', localedir=None))
 output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
 output: Output('truncated', <type 'bool'>, None)
+command: user_undel
+args: 1,1,3
+arg: Str('uid', attribute=True, cli_name='login', maxlength=255, multivalue=False, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,252}[a-zA-Z0-9_.$-]?$', primary_key=True, query=True, required=True)
+option: Str('version?', exclude='webui')
+output: Output('result', <type 'bool'>, None)
+output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
+output: PrimaryKey('value', None, None)
 command: user_unlock
 args: 1,1,3
 arg: Str('uid', attribute=True, cli_name='login', maxlength=255, multivalue=False, pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,252}[a-zA-Z0-9_.$-]?$', primary_key=True, query=True, required=True)
diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py
index fd64a1cb0..54d47bb01 100644
--- a/ipalib/plugins/user.py
+++ b/ipalib/plugins/user.py
@@ -614,7 +614,7 @@ class user_del(baseuser_del):
                 raise
 
             # start to move the entry to Delete container
-            self._exc_wrapper(keys, options, ldap.update_entry_rdn)(active_dn, new_rdn=active_dn[0], new_superior=superior_dn, del_old=True)
+            self._exc_wrapper(keys, options, ldap.move_entry)(active_dn, delete_dn, del_old=True)
 
             # Then clear the credential attributes
             attrs_to_clear = ['krbPrincipalKey', 'krbLastPwdChange', 'krbPasswordExpiration', 'userPassword']
@@ -738,6 +738,51 @@ class user_show(baseuser_show):
         self.post_common_callback(ldap, dn, entry_attrs, **options)
         return dn
 
+@register()
+class user_undel(LDAPQuery):
+    __doc__ = _('Undelete a delete user account.')
+
+    has_output = output.standard_value
+    msg_summary = _('Undeleted user account "%(value)s"')
+
+    def execute(self, *keys, **options):
+        ldap = self.obj.backend
+
+        # First check that the user exists and is a delete one
+        delete_dn = self.obj.get_dn(*keys, **options)
+        if delete_dn.endswith(DN(self.obj.active_container_dn, api.env.basedn)):
+            raise errors.ValidationError(
+                        name=self.obj.primary_key.cli_name,
+                        error=_('User %r is already active') % keys[-1][0])
+        try:
+            entry_attrs = self._exc_wrapper(keys, options, ldap.get_entry)(delete_dn)
+        except errors.NotFound:
+            raise errors.ValidationError(
+                        name=self.obj.primary_key.cli_name,
+                        error=_('User %r not found') % keys[-1][0])
+
+        active_dn = DN(delete_dn[0], self.obj.active_container_dn, api.env.basedn)
+
+        # start to move the entry to the Active container
+        self._exc_wrapper(keys, options, ldap.move_entry)(delete_dn, active_dn, del_old=True)
+
+        # add the user we just undelete into the default primary group
+        config = ldap.get_ipa_config()
+        def_primary_group = config.get('ipadefaultprimarygroup')
+        group_dn = self.api.Object['group'].get_dn(def_primary_group)
+
+        # if the user is already a member of default primary group,
+        # do not raise error
+        # this can happen if automember rule or default group is set
+        try:
+            ldap.add_entry_to_group(active_dn, group_dn)
+        except errors.AlreadyGroupMember:
+            pass
+
+        return dict(
+            result=True,
+            value=pkey_to_value(keys[0], options),
+        )
 
 @register()
 class user_disable(LDAPQuery):
-- 
cgit