public
/
pyceo
27
1
Fork 3
Code Issues 25 Pull Requests 5 Projects Releases 1 Wiki Activity

Create endpoint to expire members #23

New Issue
Closed
opened 2021-10-10 16:56:31 -04:00 by merenber · 0 comments
merenber commented 2021-10-10 16:56:31 -04:00
Owner
Copy Link

We should set a flag in LDAP when someone's membership has expired so that they no longer have access to our various web-based services (which use LDAP for authentication).
I propose setting ShadowExpire (an attribute of ShadowAccount) to 1. We can then use LDAP filters in our web services to filter out users who have this flag set.

Implementation

  • Create a POST endpoint called /api/members/expire (or similar) which sets the LDAP flag on users' records if their membership has expired for over a month. This endpoint should accept a dry_run URL parameter which, when set to true, returns the list of members who would be updated. When the flag is set to false (the default), a list of members who were updated should be returned.
    There is a helper class in ceo_common called Term; this may be helpful.
  • When someone's membership is renewed, we should delete this attribute from their LDAP record if it exists. You will need to modify /api/members/<username/renew.
  • Create a new CLI command for this endpoint, e.g. ceo members expire [--dry-run]. In production, this will be called on a cron job, e.g. once a day.
  • Write unit tests for all of the changes above.
We should set a flag in LDAP when someone's membership has expired so that they no longer have access to our various web-based services (which use LDAP for authentication). I propose setting ShadowExpire (an attribute of ShadowAccount) to 1. We can then use LDAP filters in our web services to filter out users who have this flag set. ## Implementation - [ ] Create a POST endpoint called `/api/members/expire` (or similar) which sets the LDAP flag on users' records if their membership has expired for over a month. This endpoint should accept a `dry_run` URL parameter which, when set to true, returns the list of members who *would* be updated. When the flag is set to false (the default), a list of members who were updated should be returned. There is a helper class in ceo_common called Term; this may be helpful. - [ ] When someone's membership is renewed, we should delete this attribute from their LDAP record if it exists. You will need to modify `/api/members/<username/renew`. - [ ] Create a new CLI command for this endpoint, e.g. `ceo members expire [--dry-run]`. In production, this will be called on a cron job, e.g. once a day. - [ ] Write unit tests for all of the changes above.
r345liu was assigned by merenber 2021-10-11 23:07:16 -04:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
master
124-fix-regression
new-positions
54-newsletter
WIP-66
65-isClubRep-fix
83-sqlfstrings
60-group-lookup
63-fix-ci
1.0.22
v0.5.1
v0.4.11
v0.4.10
v0.4.9
v0.4.8
v0.4.7
v0.4.6
v0.4.5
Labels
Clear labels   
priority
high
High priority

  
priority
low
Low priority

  
priority
medium
Medium priority

  
priority
very high
Very high priority

  
BUG

   
Feature

   
High Priority

   
Low Priority

   
Medium Priority
No Label
priority
high
priority
low
priority
medium
priority
very high
BUG
Feature
High Priority
Low Priority
Medium Priority
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: public/pyceo#23
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?