diff options
author | Alex Auvolat <alex@adnab.me> | 2020-02-09 22:32:59 +0100 |
---|---|---|
committer | Alex Auvolat <alex@adnab.me> | 2020-02-09 22:32:59 +0100 |
commit | db9840a6f1d708ca3c333761fd051f328c2bd9f3 (patch) | |
tree | 5e41d73493cf3651f9e00cac8cda2c6d1be4a768 | |
parent | 43825b1bbc02e9b1697b965a1621a936c5ae0334 (diff) | |
download | guichet-db9840a6f1d708ca3c333761fd051f328c2bd9f3.tar.gz guichet-db9840a6f1d708ca3c333761fd051f328c2bd9f3.zip |
Add/remove from groups
-rw-r--r-- | admin.go | 142 | ||||
-rw-r--r-- | templates/admin_ldap.html | 92 |
2 files changed, 183 insertions, 51 deletions
@@ -123,12 +123,19 @@ func handleAdminGroups(w http.ResponseWriter, r *http.Request) { type AdminLDAPTplData struct { DN string - Members []string - Groups []string + Members []EntryName + Groups []EntryName Props map[string]*PropValues Children []Child Path []PathItem - AddError string + + Error string + Success bool +} + +type EntryName struct { + DN string + DisplayName string } type Child struct { @@ -146,8 +153,6 @@ type PathItem struct { type PropValues struct { Values []string Editable bool - ModifySuccess bool - ModifyError string } func handleAdminLDAP(w http.ResponseWriter, r *http.Request) { @@ -160,10 +165,8 @@ func handleAdminLDAP(w http.ResponseWriter, r *http.Request) { dn := mux.Vars(r)["dn"] - modifyAttr := "" - modifyError := "" - modifySuccess := false - addError := "" + dError := "" + dSuccess := false if r.Method == "POST" { r.ParseForm() @@ -179,18 +182,17 @@ func handleAdminLDAP(w http.ResponseWriter, r *http.Request) { } } - modifyAttr = attr if len(values_filtered) == 0 { - modifyError = "Refusing to delete attribute." + dError = "Refusing to delete attribute." } else { modify_request := ldap.NewModifyRequest(dn, nil) modify_request.Replace(attr, values_filtered) err := login.conn.Modify(modify_request) if err != nil { - modifyError = err.Error() + dError = err.Error() } else { - modifySuccess = true + dSuccess = true } } } else if action == "add" { @@ -208,9 +210,10 @@ func handleAdminLDAP(w http.ResponseWriter, r *http.Request) { modify_request.Add(attr, values_filtered) err := login.conn.Modify(modify_request) - modifyAttr = attr if err != nil { - addError = err.Error() + dError = err.Error() + } else { + dSuccess = true } } else if action == "delete" { attr := strings.Join(r.Form["attr"], "") @@ -220,7 +223,42 @@ func handleAdminLDAP(w http.ResponseWriter, r *http.Request) { err := login.conn.Modify(modify_request) if err != nil { - modifyError = err.Error() + dError = err.Error() + } else { + dSuccess = true + } + } else if action == "delete-from-group" { + group := strings.Join(r.Form["group"], "") + modify_request := ldap.NewModifyRequest(group, nil) + modify_request.Delete("member", []string{dn}) + + err := login.conn.Modify(modify_request) + if err != nil { + dError = err.Error() + } else { + dSuccess = true + } + } else if action == "add-to-group" { + group := strings.Join(r.Form["group"], "") + modify_request := ldap.NewModifyRequest(group, nil) + modify_request.Add("member", []string{dn}) + + err := login.conn.Modify(modify_request) + if err != nil { + dError = err.Error() + } else { + dSuccess = true + } + } else if action == "delete-member" { + member := strings.Join(r.Form["member"], "") + modify_request := ldap.NewModifyRequest(dn, nil) + modify_request.Delete("member", []string{member}) + + err := login.conn.Modify(modify_request) + if err != nil { + dError = err.Error() + } else { + dSuccess = true } } } @@ -282,33 +320,76 @@ func handleAdminLDAP(w http.ResponseWriter, r *http.Request) { break } } - pv := &PropValues{ + props[attr.Name] = &PropValues{ Values: attr.Values, Editable: editable, } - if attr.Name == modifyAttr { - if modifySuccess { - pv.ModifySuccess = true - } else if modifyError != "" { - pv.ModifyError = modifyError - } - } - props[attr.Name] = pv } } } - members := []string{} + members_dn := []string{} if mp, ok := props["member"]; ok { - members = mp.Values + members_dn = mp.Values delete(props, "member") } - groups := []string{} + + members := []EntryName{} + if len(members_dn) > 0 { + mapDnToName := make(map[string]string) + searchRequest = ldap.NewSearchRequest( + config.UserBaseDN, + ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, + fmt.Sprintf("(objectClass=organizationalPerson)"), + []string{"dn", "displayname"}, + nil) + sr, err := login.conn.Search(searchRequest) + if err != nil { + http.Error(w, err.Error(), http.StatusInternalServerError) + return + } + for _, ent := range sr.Entries { + mapDnToName[ent.DN] = ent.GetAttributeValue("displayname") + } + for _, memdn := range members_dn { + members = append(members, EntryName{ + DN: memdn, + DisplayName: mapDnToName[memdn], + }) + } + } + + groups_dn := []string{} if gp, ok := props["memberof"]; ok { - groups = gp.Values + groups_dn = gp.Values delete(props, "memberof") } + groups := []EntryName{} + if len(groups_dn) > 0 { + mapDnToName := make(map[string]string) + searchRequest = ldap.NewSearchRequest( + config.GroupBaseDN, + ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, + fmt.Sprintf("(objectClass=groupOfNames)"), + []string{"dn", "displayname"}, + nil) + sr, err := login.conn.Search(searchRequest) + if err != nil { + http.Error(w, err.Error(), http.StatusInternalServerError) + return + } + for _, ent := range sr.Entries { + mapDnToName[ent.DN] = ent.GetAttributeValue("displayname") + } + for _, grpdn := range groups_dn { + groups = append(groups, EntryName{ + DN: grpdn, + DisplayName: mapDnToName[grpdn], + }) + } + } + // Get children searchRequest = ldap.NewSearchRequest( dn, @@ -341,6 +422,7 @@ func handleAdminLDAP(w http.ResponseWriter, r *http.Request) { Props: props, Children: children, Path: path, - AddError: addError, + Error: dError, + Success: dSuccess, }) } diff --git a/templates/admin_ldap.html b/templates/admin_ldap.html index 5eece8a..b72f587 100644 --- a/templates/admin_ldap.html +++ b/templates/admin_ldap.html @@ -36,6 +36,16 @@ </tbody> </table> +{{if .Success}} + <div class="alert alert-success mt-2">Modification enregistrée.</div> +{{end}} +{{if .Error}} + <div class="alert alert-danger mt-2"> + Impossible d'effectuer la modification. + <div style="font-size: 0.8em">{{.Error}}</div> + </div> +{{end}} + <h5>Attributs</h5> <div class="container"> {{range $key, $value := .Props}} @@ -54,15 +64,6 @@ </div> </div> </form> - {{if $value.ModifySuccess}} - <div class="alert alert-success mt-2">Modification enregistrée.</div> - {{end}} - {{if $value.ModifyError}} - <div class="alert alert-danger mt-2"> - Impossible de modifier la valeur. - <div style="font-size: 0.8em">{{$value.ModifyError}}</div> - </div> - {{end}} </div> <div class="col-md-1"> @@ -94,12 +95,6 @@ <input class="form-control" type="text" name="attr" placeholder="Ajouter un attribut..." /> </div> <div class="col-md-7"> - {{if .AddError}} - <div class="alert alert-danger"> - Impossible d'ajouter la valeur. - <div style="font-size: 0.8em">{{.AddError}}</div> - </div> - {{end}} <div class="form-row"> <textarea name="values" placeholder="Valeur(s)..." rows="2" class="form-control col-md-9"></textarea> <div class="col-md-3"> @@ -112,21 +107,76 @@ </div> {{if .Members}} + <hr class="mt-4" /> <h5 class="mt-4">Membres</h5> - <ul class="list-group"> + <div class="container"> {{range .Members}} - <li class="list-group-item">{{.}}</li> + <div class="row mt-4"> + <div class="col-md-3"> + <strong>{{.DisplayName}}</strong> + </div> + <div class="col-md-5"> + <a href="/admin/ldap/{{.DN}}">{{.DN}}</a> + </div> + <div class="col-md-2"> + <form method="POST" onsubmit="return confirm('Supprimer du groupe ?');"> + <input type="hidden" name="action" value="delete-member" /> + <input type="hidden" name="member" value="{{.DN}}" /> + <input type="submit" value="Supprimer" class="form-control btn btn-danger btn-sm" /> + </form> + </div> + </div> {{end}} - </ul> + <form method="POST"> + <input type="hidden" name="action" value="add" /> + <input type="hidden" name="attr" value="member" /> + <div class="row mt-4"> + <div class="col-md-3"><strong>Ajouter au groupe :</strong> + </div> + <div class="col-md-5"> + <input class="form-control" type="text" name="values" placeholder="Groupe..." /> + </div> + <div class="col-md-2"> + <input type="submit" value="Ajouter" class="form-control btn btn-success btn-sm" /> + </div> + </form> + </div> {{end}} {{if .Groups}} + <hr class="mt-4" /> <h5 class="mt-4">Membre de</h5> - <ul class="list-group"> + <div class="container"> {{range .Groups}} - <li class="list-group-item">{{.}}</li> + <div class="row mt-4"> + <div class="col-md-3"> + <strong>{{.DisplayName}}</strong> + </div> + <div class="col-md-5"> + <a href="/admin/ldap/{{.DN}}">{{.DN}}</a> + </div> + <div class="col-md-2"> + <form method="POST" onsubmit="return confirm('Supprimer du groupe ?');"> + <input type="hidden" name="action" value="delete-from-group" /> + <input type="hidden" name="group" value="{{.DN}}" /> + <input type="submit" value="Supprimer" class="form-control btn btn-danger btn-sm" /> + </form> + </div> + </div> {{end}} - </ul> + <form method="POST"> + <input type="hidden" name="action" value="add-to-group" /> + <div class="row mt-4"> + <div class="col-md-3"><strong>Nouveau groupe :</strong> + </div> + <div class="col-md-5"> + <input class="form-control" type="text" name="group" placeholder="Groupe..." /> + </div> + <div class="col-md-2"> + <input type="submit" value="Ajouter" class="form-control btn btn-success btn-sm" /> + </div> + </form> + </div> {{end}} <hr class="mt-4" /> |