Pass AD List to Shared Script

LandrethEdward · February 11, 2020, 9:19pm

Hello,
I am attempting to convert a security login project script that we have to be utilized as a global script with a parameter passed in so it can be shared more easily across projects. It seems like the list of AD groups that I’m trying to pass into the script may not be getting received properly so I’d appreciate any thoughts on this.

Here is a layout of what the shared script definition looks like:

def rolesCheck(groupRoles):
	userRoles = system.security.getRoles()
	userRoles = list(userRoles)
	for i in range(len(groupRoles)-1,-1,-1):
		if any(s.upper() in userRoles for s in groupRoles[i]):
			system.gui.messageBox(groupRoles[i])
			return i

On a button press we run the script below to switch the system user and pass the AD groups to be checked for:

user = event.source.parent.getComponent('Username').text
password = event.source.parent.getComponent('Password').text
groupRoles = [['AD_GROUP_1'] 
,['AD_GROUP_2'] 
,['AD_GROUP_3A','AD_GROUP_3B'] 
,['AD_GROUP_4'] 
,['AD_GROUP_5A','AD_GROUP_5B'] 
]
system.security.switchUser(user,password,event)
system.tag.write("[Client]SecurityLevel",shared.Security.rolesCheck(groupRoles))

pturmel · February 11, 2020, 9:41pm

Please edit your post to place the code in a code block. (: Just put triple back-quotes (these: ```) above and below the pasted code (on lines of their own).

LandrethEdward · February 19, 2020, 5:47pm

Wow that is awesome didn’t realize you could do that! Thanks please let me know if you need anything else to look at this I appreciate it.

Tim · February 19, 2020, 9:15pm

I think you’re after something like this.

userSource = 'usersource'
user = 'user'
password = 'password'
groupRoles = [
'AD_GROUP_1'
,'AD_GROUP_2'
,'AD_GROUP_3A'
,'AD_GROUP_3B' 
,'AD_GROUP_4'
,'AD_GROUP_5A'
,'AD_GROUP_5B' 
]

userRoles = system.security.getUserRoles(user, password, userSource)

i = 0	
for item in groupRoles:
	i += 1
	if item in userRoles: 
		securityLevel = i

print i
print securityLevel
print userRoles
print groupRoles

system.security.switchUser(user,password)
system.tag.write("[Client]SecurityLevel",securityLevel)

PGriffith · February 19, 2020, 9:27pm

Your code is pretty much working. I made a few minor changes to make it easier to test, but the logic is basically fine. The main changes I made were to make it a bit more “Pythonic”, ie for i, roles in enumerate(reversed(groupRoles)):

def rolesCheck(groupRoles, userRoles=None):
	if userRoles is None:
		userRoles = list(system.security.getRoles())
	for i, roles in enumerate(reversed(groupRoles)):
		if any(s.upper() in userRoles for s in roles):
#			system.gui.messageBox(str(roles))
			return i
	return -1

# On a button press we run the script below to switch the system user and pass the AD groups to be checked for:

#user = event.source.parent.getComponent('Username').text
#password = event.source.parent.getComponent('Password').text
groupRoles = [['AD_GROUP_1'] 
,['AD_GROUP_2'] 
,['AD_GROUP_3A','AD_GROUP_3B'] 
,['AD_GROUP_4'] 
,['AD_GROUP_5A','AD_GROUP_5B'] 
]
#system.security.switchUser(user,password,event)
#system.tag.write("[Client]SecurityLevel",shared.Security.rolesCheck(groupRoles))

print rolesCheck(groupRoles, userRoles=['AD_GROUP_4', 'AD_GROUP_1'])

LandrethEdward · February 20, 2020, 8:38pm

Thanks very much for your help. While trying out the code from PGriffith I was still having a problem so I tried putting in another AD group and that one worked. Upon further inspection from printing the returned user roles I noticed that the one I had been testing with has some under case letters and the code was looking for the uppercase version. So I upper cased the user roles and it worked. Thanks again for your help with this!