gam7 7.23.4__py3-none-any.whl → 7.23.6__py3-none-any.whl

gam/__init__.py

@@ -25,7 +25,7 @@ https://github.com/GAM-team/GAM/wiki
 """
 
 __author__ = 'GAM Team <google-apps-manager@googlegroups.com>'
-__version__ = '7.23.04'
+__version__ = '7.23.06'
 __license__ = 'Apache License 2.0 (http://www.apache.org/licenses/LICENSE-2.0)'
 
 #pylint: disable=wrong-import-position
@@ -16990,21 +16990,38 @@ def doDeleteAdmin():
   except (GAPI.forbidden, GAPI.permissionDenied) as e:
     ClientAPIAccessDeniedExit(str(e))
 
-ASSIGNEE_EMAILTYPE_TOFIELD_MAP = {
+ADMIN_ASSIGNEE_TYPE_TO_ASSIGNEDTO_FIELD_MAP = {
   'user': 'assignedToUser',
   'group': 'assignedToGroup',
   'serviceaccount': 'assignedToServiceAccount',
+  'unknown': 'assignedToUnknown',
   }
-PRINT_ADMIN_FIELDS = ['roleAssignmentId', 'roleId', 'assignedTo', 'scopeType', 'orgUnitId']
+ALL_ASSIGNEE_TYPES = ['user', 'group', 'serviceaccount']
+
+PRINT_ADMIN_FIELDS = ['roleAssignmentId', 'roleId', 'assignedTo', 'scopeType', 'orgUnitId', 'assigneeType']
 PRINT_ADMIN_TITLES = ['roleAssignmentId', 'roleId', 'role',
                       'assignedTo', 'assignedToUser', 'assignedToGroup', 'assignedToServiceAccount', 'assignedToUnknown',
                       'scopeType', 'orgUnitId', 'orgUnit']
 
+def getAssigneeTypes(myarg, typesSet):
+  if myarg in {'type', 'types'}:
+    for gtype in getString(Cmd.OB_ADMIN_ASSIGNEE_TYPE_LIST).lower().replace(',', ' ').split():
+      if gtype in ADMIN_ASSIGNEE_TYPE_TO_ASSIGNEDTO_FIELD_MAP:
+        typesSet.add(ADMIN_ASSIGNEE_TYPE_TO_ASSIGNEDTO_FIELD_MAP[gtype])
+      else:
+        invalidChoiceExit(gtype, ADMIN_ASSIGNEE_TYPE_TO_ASSIGNEDTO_FIELD_MAP, True)
+  else:
+    return False
+  return True
+
 # gam print admins [todrive <ToDriveAttribute>*]
-#	[user|group <EmailAddress>|<UniqueID>] [role <RoleItem>] [condition]
-#	[privileges] [oneitemperrow]
+#	[user|group <EmailAddress>|<UniqueID>] [role <RoleItem>]
+#	[types <AdminAssigneeTypeList>]
+#	[recursive] [condition] [privileges] [oneitemperrow]
 # gam show admins
-#	[user|group <EmailAddress>|<UniqueID>] [role <RoleItem>] [condition] [privileges]
+#	[user|group <EmailAddress>|<UniqueID>] [role <RoleItem>]
+#	[types <AdminAssigneeTypeList>]
+#	[recursive] [condition] [privileges]
 def doPrintShowAdmins():
   def _getPrivileges(admin):
     if showPrivileges:
@@ -17031,19 +17048,18 @@ def doPrintShowAdmins():
   def _setNamesFromIds(admin, privileges):
     admin['role'] = role_from_roleid(admin['roleId'])
     assignedTo = admin['assignedTo']
-    admin['assignedToUnknown'] = False
     if assignedTo not in assignedToIdEmailMap:
-      assigneeType = admin.get('assigneeType')
-      assignedToField = ASSIGNEE_EMAILTYPE_TOFIELD_MAP.get(assigneeType, None)
       assigneeEmail, assigneeType = convertUIDtoEmailAddressWithType(f'uid:{assignedTo}', cd, sal,
-                                                                     emailTypes=list(ASSIGNEE_EMAILTYPE_TOFIELD_MAP.keys()))
-      if not assignedToField and assigneeType in ASSIGNEE_EMAILTYPE_TOFIELD_MAP:
-        assignedToField = ASSIGNEE_EMAILTYPE_TOFIELD_MAP[assigneeType]
-      if assigneeType == 'unknown':
+                                                                     emailTypes=ALL_ASSIGNEE_TYPES if admin.get('assigneeType') != 'group' else ['group'])
+      if assigneeType in ADMIN_ASSIGNEE_TYPE_TO_ASSIGNEDTO_FIELD_MAP:
+        assignedToField = ADMIN_ASSIGNEE_TYPE_TO_ASSIGNEDTO_FIELD_MAP[assigneeType]
+      else:
         assignedToField = 'assignedToUnknown'
+      if assignedToField == 'assignedToUnknown':
         assigneeEmail = True
       assignedToIdEmailMap[assignedTo] = {'assignedToField': assignedToField, 'assigneeEmail': assigneeEmail}
     admin[assignedToIdEmailMap[assignedTo]['assignedToField']] = assignedToIdEmailMap[assignedTo]['assigneeEmail']
+    admin['assignedToField'] = assignedToIdEmailMap[assignedTo]['assignedToField']
     if privileges is not None:
       admin.update(privileges)
     if 'orgUnitId' in admin:
@@ -17059,7 +17075,8 @@ def doPrintShowAdmins():
   csvPF = CSVPrintFile(PRINT_ADMIN_TITLES) if Act.csvFormat() else None
   roleId = None
   userKey = None
-  oneItemPerRow = showPrivileges = False
+  oneItemPerRow = recursive = showPrivileges = False
+  typesSet = set()
   kwargs = {}
   rolePrivileges = {}
   fieldsList = PRINT_ADMIN_FIELDS
@@ -17072,6 +17089,17 @@ def doPrintShowAdmins():
       userKey = kwargs['userKey'] = getEmailAddress()
     elif myarg == 'role':
       _, roleId = getRoleId()
+    elif getAssigneeTypes(myarg, typesSet):
+      pass
+    elif myarg == 'recursive':
+      recursive = True
+      allGroupRoles = ','.join(sorted(ALL_GROUP_ROLES))
+      memberOptions = initMemberOptions()
+      memberOptions[MEMBEROPTION_INCLUDEDERIVEDMEMBERSHIP] = True
+      memberOptions[MEMBEROPTION_DISPLAYMATCH] = False
+      memberDisplayOptions = initIPSGMGroupMemberDisplayOptions()
+      for role in [Ent.ROLE_MEMBER, Ent.ROLE_MANAGER, Ent.ROLE_OWNER]:
+        memberDisplayOptions[role]['show'] = True
     elif myarg == 'condition':
       fieldsList.append('condition')
       if csvPF:
@@ -17085,13 +17113,15 @@ def doPrintShowAdmins():
   if roleId and not kwargs:
     kwargs['roleId'] = roleId
     roleId = None
+  if not typesSet:
+    typesSet = set(ADMIN_ASSIGNEE_TYPE_TO_ASSIGNEDTO_FIELD_MAP.values())
   fields = getItemFieldsFromFieldsList('items', fieldsList)
   printGettingAllAccountEntities(Ent.ADMIN_ROLE_ASSIGNMENT)
   try:
     admins = callGAPIpages(cd.roleAssignments(), 'list', 'items',
                            pageMessage=getPageMessage(),
                            throwReasons=[GAPI.INVALID, GAPI.USER_NOT_FOUND,
-                                         GAPI.FORBIDDEN, GAPI.SERVICE_NOT_AVAILABLE,
+                                         GAPI.NOT_FOUND, GAPI.FORBIDDEN, GAPI.SERVICE_NOT_AVAILABLE,
                                          GAPI.BAD_REQUEST, GAPI.CUSTOMER_NOT_FOUND,
                                          GAPI.FORBIDDEN, GAPI.PERMISSION_DENIED],
                            retryReasons=GAPI.SERVICE_NOT_AVAILABLE_RETRY_REASONS,
@@ -17099,39 +17129,77 @@ def doPrintShowAdmins():
   except (GAPI.invalid, GAPI.userNotFound):
     entityUnknownWarning(Ent.ADMINISTRATOR, userKey)
     return
-  except (GAPI.serviceNotAvailable) as e:
-    entityActionFailedExit([Ent.ADMINISTRATOR, userKey, Ent.ADMIN_ROLE, roleId], str(e))
+  except GAPI.notFound as e:
+    entityActionFailedExit([Ent.ADMIN_ROLE, kwargs['roleId']], str(e))
+  except (GAPI.forbidden, GAPI.serviceNotAvailable) as e:
+    entityActionFailedExit([Ent.ADMINISTRATOR, userKey], str(e))
   except (GAPI.badRequest, GAPI.customerNotFound):
     accessErrorExit(cd)
   except (GAPI.forbidden, GAPI.permissionDenied) as e:
     ClientAPIAccessDeniedExit(str(e))
+  count = len(admins)
+  groupMembers = {}
+  expandedAdmins = []
+  i = 0
+  for admin in admins:
+    i += 1
+    if roleId and roleId != admin['roleId']:
+      continue
+    assignedTo = admin['assignedTo']
+    if admin['assigneeType'] != 'group' or not recursive:
+      _setNamesFromIds(admin, _getPrivileges(admin))
+      if admin['assignedToField'] in typesSet:
+        expandedAdmins.append(admin)
+      continue
+    if assignedTo not in groupMembers:
+      membersList = []
+      membersSet = set()
+      level = 0
+      getGroupMembers(cd, assignedTo, allGroupRoles, membersList, membersSet, i, count,
+                      memberOptions, memberDisplayOptions, level, {Ent.TYPE_USER})
+      groupMembers[assignedTo] = membersList[:]
+    _setNamesFromIds(admin, _getPrivileges(admin))
+    if admin[assignedToIdEmailMap[assignedTo]['assignedToField']] not in typesSet:
+      continue
+    expandedAdmins.append(admin)
+    if not groupMembers[assignedTo]:
+      expandedAdmins.append(admin)
+      continue
+    admin['assigneeType'] = 'user'
+    admin['assignedToGroup'] = assignedToIdEmailMap[assignedTo]['assigneeEmail']
+    for member in groupMembers[assignedTo]:
+      userAdmin = admin.copy()
+      userAdmin['assignedTo'] = member['id']
+      _setNamesFromIds(userAdmin, _getPrivileges(admin))
+      expandedAdmins.append(userAdmin)
+  admins = expandedAdmins
+  count = len(expandedAdmins)
   if not csvPF:
-    count = len(admins)
     performActionNumItems(count, Ent.ADMIN_ROLE_ASSIGNMENT)
     Ind.Increment()
     i = 0
-    for admin in admins:
+    for admin in expandedAdmins:
       i += 1
-      if roleId and roleId != admin['roleId']:
-        continue
-      _setNamesFromIds(admin, _getPrivileges(admin))
       printEntity([Ent.ADMIN_ROLE_ASSIGNMENT, admin['roleAssignmentId']], i, count)
       Ind.Increment()
       for field in PRINT_ADMIN_TITLES:
         if field in admin:
           if field == 'roleAssignmentId':
             continue
-          if field != 'rolePrivileges':
-            printKeyValueList([field, admin[field]])
-          else:
-            showJSON(None, admin[field])
+          printKeyValueList([field, admin[field]])
+      if showPrivileges:
+        rolePrivileges = admin.get('rolePrivileges', [])
+        jcount = len(rolePrivileges)
+        if jcount > 0:
+          printKeyValueList(['rolePrivileges', jcount])
+          Ind.Increment()
+          showJSON(None, rolePrivileges)
+          Ind.Decrement()
       Ind.Decrement()
     Ind.Decrement()
   else:
-    for admin in admins:
-      if roleId and roleId != admin['roleId']:
-        continue
-      _setNamesFromIds(admin, _getPrivileges(admin))
+    for admin in expandedAdmins:
+      admin.pop('assignedToField')
       if not oneItemPerRow or 'rolePrivileges' not in admin:
         csvPF.WriteRowTitles(flattenJSON(admin))
       else:

gam/gamlib/glclargs.py

@@ -1138,6 +1138,7 @@ class GamCLArgs():
   OB_ARGUMENT = 'argument'
   OB_ASP_ID_LIST = 'ASPIDList'
   OB_ASSET_ID = 'AssetID'
+  OB_ADMIN_ASSIGNEE_TYPE_LIST = 'AdminAssigneeTypeList'
   OB_BROWSER_ENROLLEMNT_TOKEN_ID = 'BrowserEnrollmentTokenID'
   OB_BROWSER_ENTITY = 'BrowserEntity'
   OB_BUILDING_ID = 'BuildingID'

{gam7-7.23.4.dist-info → gam7-7.23.6.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: gam7
-Version: 7.23.4
+Version: 7.23.6
 Summary: CLI tool to manage Google Workspace
 Project-URL: Homepage, https://github.com/GAM-team/GAM
 Project-URL: Issues, https://github.com/GAM-team/GAM/issues

{gam7-7.23.4.dist-info → gam7-7.23.6.dist-info}/RECORD

@@ -1,4 +1,4 @@
-gam/__init__.py,sha256=oaItKwe2zhuAvz_2tmyBdOqI2-14mxIw3k-enrfqfsY,3620631
+gam/__init__.py,sha256=hT_6mB1-IGqw6dWjKeo0W3EQF73Ve2_NjiX_xB7INIc,3623383
 gam/__main__.py,sha256=amz0-959ph6zkZKqjaar4n60yho-T37w6qWI36qx0CA,1049
 gam/cacerts.pem,sha256=DUsVo2XlFYwfkhe3gnxa-Km4Z4noz74hSApXwTT-nQE,44344
 gam/cbcm-v1.1beta1.json,sha256=xO5XloCQQULmPbFBx5bckdqmbLFQ7sJ2TImhE1ysDIY,19439
@@ -24,7 +24,7 @@ gam/gamlib/__init__.py,sha256=z5mF-y0j8pm-YNFBaiuxB4M_GAUPG-cXWwrhYwrVReM,679
 gam/gamlib/glaction.py,sha256=1Il_HrChVnPkzZwiZs5au4mFQVtq4K1Z42uIuR6qdnI,9419
 gam/gamlib/glapi.py,sha256=u97M7Y2BeP3tYEEGYEz-9kY4fdV0fYkeqC3YN-sRwNc,36028
 gam/gamlib/glcfg.py,sha256=jX9IIrqSa8CPZ-UdnMDs2RuGo8vPh3jpgvRhI9VRbII,28325
-gam/gamlib/glclargs.py,sha256=rGcAoRLaCv5L9cBxI56MrPXr0JcImO45bLQNaYahoUY,53251
+gam/gamlib/glclargs.py,sha256=LlTtwJJHqU48l7SQT4bcZCWlw3Y46g42Bn1ACGW8gIk,53307
 gam/gamlib/glentity.py,sha256=KWFomkoNE6lLE83zVqVIlJ2rkzfLkhEasW1M0TWGieA,35373
 gam/gamlib/glgapi.py,sha256=pdBbwNtnCwFWxJGaP-_3hdTjSNoOCJF2yo76WdQOi1k,40426
 gam/gamlib/glgdata.py,sha256=weRppttWm6uRyqtBoGPKoHiNZ2h28nhfUV4J_mbCszY,2707
@@ -47,8 +47,8 @@ gam/gdata/apps/audit/__init__.py,sha256=AbpHGcgLb-kRsJGnwFEktk7uzpZOCcBY74-YBdrK
 gam/gdata/apps/audit/service.py,sha256=Z1eueThcNeVUMWP1DRWc_DGHrJCiJI8W_xj6L-cqu-Q,9658
 gam/gdata/apps/contacts/__init__.py,sha256=Um6zgIkiahZns7yAEuC3pxHSMD8iciZ_EoynSLoYPfU,30463
 gam/gdata/apps/contacts/service.py,sha256=5lNb-Ii1Gyek6ePFji3kyoYtCBc8CuJTwagx2BL2o14,15684
-gam7-7.23.4.dist-info/METADATA,sha256=wFTkVmPc7GaFtbv--X570TPEmzhxGdoGtHojWs-OSJg,3092
-gam7-7.23.4.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-gam7-7.23.4.dist-info/entry_points.txt,sha256=HVUM5J7dA8YwvJfG30jiLefR19ExMs387TWugWd9sf4,42
-gam7-7.23.4.dist-info/licenses/LICENSE,sha256=xx0jnfkXJvxRnG63LTGOxlggYnIysveWIZ6H3PNdCrQ,11357
-gam7-7.23.4.dist-info/RECORD,,
+gam7-7.23.6.dist-info/METADATA,sha256=BEAOLvBw21I1PEiIFYzkqJhHRdWQeu1_BzMSM6LDzrU,3092
+gam7-7.23.6.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+gam7-7.23.6.dist-info/entry_points.txt,sha256=HVUM5J7dA8YwvJfG30jiLefR19ExMs387TWugWd9sf4,42
+gam7-7.23.6.dist-info/licenses/LICENSE,sha256=xx0jnfkXJvxRnG63LTGOxlggYnIysveWIZ6H3PNdCrQ,11357
+gam7-7.23.6.dist-info/RECORD,,