gam7 7.23.4__py3-none-any.whl → 7.23.5__py3-none-any.whl

gam/__init__.py

@@ -25,7 +25,7 @@ https://github.com/GAM-team/GAM/wiki
 """
 
 __author__ = 'GAM Team <google-apps-manager@googlegroups.com>'
-__version__ = '7.23.04'
+__version__ = '7.23.05'
 __license__ = 'Apache License 2.0 (http://www.apache.org/licenses/LICENSE-2.0)'
 
 #pylint: disable=wrong-import-position
@@ -16995,16 +16995,17 @@ ASSIGNEE_EMAILTYPE_TOFIELD_MAP = {
   'group': 'assignedToGroup',
   'serviceaccount': 'assignedToServiceAccount',
   }
-PRINT_ADMIN_FIELDS = ['roleAssignmentId', 'roleId', 'assignedTo', 'scopeType', 'orgUnitId']
+PRINT_ADMIN_FIELDS = ['roleAssignmentId', 'roleId', 'assignedTo', 'scopeType', 'orgUnitId', 'assigneeType']
 PRINT_ADMIN_TITLES = ['roleAssignmentId', 'roleId', 'role',
                       'assignedTo', 'assignedToUser', 'assignedToGroup', 'assignedToServiceAccount', 'assignedToUnknown',
                       'scopeType', 'orgUnitId', 'orgUnit']
 
 # gam print admins [todrive <ToDriveAttribute>*]
-#	[user|group <EmailAddress>|<UniqueID>] [role <RoleItem>] [condition]
-#	[privileges] [oneitemperrow]
+#	[user|group <EmailAddress>|<UniqueID>] [role <RoleItem>]
+#	[recursive] [condition] [privileges] [oneitemperrow]
 # gam show admins
-#	[user|group <EmailAddress>|<UniqueID>] [role <RoleItem>] [condition] [privileges]
+#	[user|group <EmailAddress>|<UniqueID>] [role <RoleItem>]
+#	[recursive] [condition] [privileges]
 def doPrintShowAdmins():
   def _getPrivileges(admin):
     if showPrivileges:
@@ -17031,15 +17032,12 @@ def doPrintShowAdmins():
   def _setNamesFromIds(admin, privileges):
     admin['role'] = role_from_roleid(admin['roleId'])
     assignedTo = admin['assignedTo']
-    admin['assignedToUnknown'] = False
     if assignedTo not in assignedToIdEmailMap:
-      assigneeType = admin.get('assigneeType')
-      assignedToField = ASSIGNEE_EMAILTYPE_TOFIELD_MAP.get(assigneeType, None)
       assigneeEmail, assigneeType = convertUIDtoEmailAddressWithType(f'uid:{assignedTo}', cd, sal,
-                                                                     emailTypes=list(ASSIGNEE_EMAILTYPE_TOFIELD_MAP.keys()))
-      if not assignedToField and assigneeType in ASSIGNEE_EMAILTYPE_TOFIELD_MAP:
+                                                                     emailTypes=allAssigneeTypes if admin.get('assigneeType') != 'group' else ['group'])
+      if assigneeType in ASSIGNEE_EMAILTYPE_TOFIELD_MAP:
         assignedToField = ASSIGNEE_EMAILTYPE_TOFIELD_MAP[assigneeType]
-      if assigneeType == 'unknown':
+      else:
         assignedToField = 'assignedToUnknown'
         assigneeEmail = True
       assignedToIdEmailMap[assignedTo] = {'assignedToField': assignedToField, 'assigneeEmail': assigneeEmail}
@@ -17059,11 +17057,12 @@ def doPrintShowAdmins():
   csvPF = CSVPrintFile(PRINT_ADMIN_TITLES) if Act.csvFormat() else None
   roleId = None
   userKey = None
-  oneItemPerRow = showPrivileges = False
+  oneItemPerRow = recursive = showPrivileges = False
   kwargs = {}
   rolePrivileges = {}
   fieldsList = PRINT_ADMIN_FIELDS
   assignedToIdEmailMap = {}
+  allAssigneeTypes = list(ASSIGNEE_EMAILTYPE_TOFIELD_MAP.keys())
   while Cmd.ArgumentsRemaining():
     myarg = getArgument()
     if csvPF and myarg == 'todrive':
@@ -17072,6 +17071,15 @@ def doPrintShowAdmins():
       userKey = kwargs['userKey'] = getEmailAddress()
     elif myarg == 'role':
       _, roleId = getRoleId()
+    elif myarg == 'recursive':
+      recursive = True
+      allGroupRoles = ','.join(sorted(ALL_GROUP_ROLES))
+      memberOptions = initMemberOptions()
+      memberOptions[MEMBEROPTION_INCLUDEDERIVEDMEMBERSHIP] = True
+      memberOptions[MEMBEROPTION_DISPLAYMATCH] = False
+      memberDisplayOptions = initIPSGMGroupMemberDisplayOptions()
+      for role in [Ent.ROLE_MEMBER, Ent.ROLE_MANAGER, Ent.ROLE_OWNER]:
+        memberDisplayOptions[role]['show'] = True
     elif myarg == 'condition':
       fieldsList.append('condition')
       if csvPF:
@@ -17091,7 +17099,7 @@ def doPrintShowAdmins():
     admins = callGAPIpages(cd.roleAssignments(), 'list', 'items',
                            pageMessage=getPageMessage(),
                            throwReasons=[GAPI.INVALID, GAPI.USER_NOT_FOUND,
-                                         GAPI.FORBIDDEN, GAPI.SERVICE_NOT_AVAILABLE,
+                                         GAPI.NOT_FOUND, GAPI.FORBIDDEN, GAPI.SERVICE_NOT_AVAILABLE,
                                          GAPI.BAD_REQUEST, GAPI.CUSTOMER_NOT_FOUND,
                                          GAPI.FORBIDDEN, GAPI.PERMISSION_DENIED],
                            retryReasons=GAPI.SERVICE_NOT_AVAILABLE_RETRY_REASONS,
@@ -17099,39 +17107,72 @@ def doPrintShowAdmins():
   except (GAPI.invalid, GAPI.userNotFound):
     entityUnknownWarning(Ent.ADMINISTRATOR, userKey)
     return
-  except (GAPI.serviceNotAvailable) as e:
-    entityActionFailedExit([Ent.ADMINISTRATOR, userKey, Ent.ADMIN_ROLE, roleId], str(e))
+  except GAPI.notFound as e:
+    entityActionFailedExit([Ent.ADMIN_ROLE, kwargs['roleId']], str(e))
+  except (GAPI.forbidden, GAPI.serviceNotAvailable) as e:
+    entityActionFailedExit([Ent.ADMINISTRATOR, userKey], str(e))
   except (GAPI.badRequest, GAPI.customerNotFound):
     accessErrorExit(cd)
   except (GAPI.forbidden, GAPI.permissionDenied) as e:
     ClientAPIAccessDeniedExit(str(e))
+  count = len(admins)
+  groupMembers = {}
+  expandedAdmins = []
+  i = 0
+  for admin in admins:
+    i += 1
+    if roleId and roleId != admin['roleId']:
+      continue
+    if admin['assigneeType'] != 'group' or not recursive:
+      _setNamesFromIds(admin, _getPrivileges(admin))
+      expandedAdmins.append(admin)
+      continue
+    assignedTo = admin['assignedTo']
+    if assignedTo not in groupMembers:
+      membersList = []
+      membersSet = set()
+      level = 0
+      getGroupMembers(cd, assignedTo, allGroupRoles, membersList, membersSet, i, count,
+                      memberOptions, memberDisplayOptions, level, {Ent.TYPE_USER})
+      groupMembers[assignedTo] = membersList[:]
+    _setNamesFromIds(admin, _getPrivileges(admin))
+    if not groupMembers[assignedTo]:
+      expandedAdmins.append(admin)
+      continue
+    admin['assigneeType'] = 'user'
+    admin['assignedToGroup'] = assignedToIdEmailMap[assignedTo]['assigneeEmail']
+    for member in groupMembers[assignedTo]:
+      userAdmin = admin.copy()
+      userAdmin['assignedTo'] = member['id']
+      _setNamesFromIds(userAdmin, _getPrivileges(admin))
+      expandedAdmins.append(userAdmin)
+  admins = expandedAdmins
+  count = len(expandedAdmins)
   if not csvPF:
-    count = len(admins)
     performActionNumItems(count, Ent.ADMIN_ROLE_ASSIGNMENT)
     Ind.Increment()
     i = 0
-    for admin in admins:
+    for admin in expandedAdmins:
       i += 1
-      if roleId and roleId != admin['roleId']:
-        continue
-      _setNamesFromIds(admin, _getPrivileges(admin))
       printEntity([Ent.ADMIN_ROLE_ASSIGNMENT, admin['roleAssignmentId']], i, count)
       Ind.Increment()
       for field in PRINT_ADMIN_TITLES:
         if field in admin:
           if field == 'roleAssignmentId':
             continue
-          if field != 'rolePrivileges':
-            printKeyValueList([field, admin[field]])
-          else:
-            showJSON(None, admin[field])
+          printKeyValueList([field, admin[field]])
+      if showPrivileges:
+        rolePrivileges = admin.get('rolePrivileges', [])
+        jcount = len(rolePrivileges)
+        if jcount > 0:
+          printKeyValueList(['rolePrivileges', jcount])
+          Ind.Increment()
+          showJSON(None, rolePrivileges)
+          Ind.Decrement()
       Ind.Decrement()
     Ind.Decrement()
   else:
-    for admin in admins:
-      if roleId and roleId != admin['roleId']:
-        continue
-      _setNamesFromIds(admin, _getPrivileges(admin))
+    for admin in expandedAdmins:
       if not oneItemPerRow or 'rolePrivileges' not in admin:
         csvPF.WriteRowTitles(flattenJSON(admin))
       else:

{gam7-7.23.4.dist-info → gam7-7.23.5.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: gam7
-Version: 7.23.4
+Version: 7.23.5
 Summary: CLI tool to manage Google Workspace
 Project-URL: Homepage, https://github.com/GAM-team/GAM
 Project-URL: Issues, https://github.com/GAM-team/GAM/issues

{gam7-7.23.4.dist-info → gam7-7.23.5.dist-info}/RECORD

@@ -1,4 +1,4 @@
-gam/__init__.py,sha256=oaItKwe2zhuAvz_2tmyBdOqI2-14mxIw3k-enrfqfsY,3620631
+gam/__init__.py,sha256=azObku-kchg7drgmBFc3imztILTag7nTTt2PSx-l-Cs,3622295
 gam/__main__.py,sha256=amz0-959ph6zkZKqjaar4n60yho-T37w6qWI36qx0CA,1049
 gam/cacerts.pem,sha256=DUsVo2XlFYwfkhe3gnxa-Km4Z4noz74hSApXwTT-nQE,44344
 gam/cbcm-v1.1beta1.json,sha256=xO5XloCQQULmPbFBx5bckdqmbLFQ7sJ2TImhE1ysDIY,19439
@@ -47,8 +47,8 @@ gam/gdata/apps/audit/__init__.py,sha256=AbpHGcgLb-kRsJGnwFEktk7uzpZOCcBY74-YBdrK
 gam/gdata/apps/audit/service.py,sha256=Z1eueThcNeVUMWP1DRWc_DGHrJCiJI8W_xj6L-cqu-Q,9658
 gam/gdata/apps/contacts/__init__.py,sha256=Um6zgIkiahZns7yAEuC3pxHSMD8iciZ_EoynSLoYPfU,30463
 gam/gdata/apps/contacts/service.py,sha256=5lNb-Ii1Gyek6ePFji3kyoYtCBc8CuJTwagx2BL2o14,15684
-gam7-7.23.4.dist-info/METADATA,sha256=wFTkVmPc7GaFtbv--X570TPEmzhxGdoGtHojWs-OSJg,3092
-gam7-7.23.4.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-gam7-7.23.4.dist-info/entry_points.txt,sha256=HVUM5J7dA8YwvJfG30jiLefR19ExMs387TWugWd9sf4,42
-gam7-7.23.4.dist-info/licenses/LICENSE,sha256=xx0jnfkXJvxRnG63LTGOxlggYnIysveWIZ6H3PNdCrQ,11357
-gam7-7.23.4.dist-info/RECORD,,
+gam7-7.23.5.dist-info/METADATA,sha256=4fCdZBo8CEvLYKB3C5MxtUIMeqGHc4DZCPHUN3oPdh8,3092
+gam7-7.23.5.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+gam7-7.23.5.dist-info/entry_points.txt,sha256=HVUM5J7dA8YwvJfG30jiLefR19ExMs387TWugWd9sf4,42
+gam7-7.23.5.dist-info/licenses/LICENSE,sha256=xx0jnfkXJvxRnG63LTGOxlggYnIysveWIZ6H3PNdCrQ,11357
+gam7-7.23.5.dist-info/RECORD,,