diff options
author | Alex Auvolat <alex@adnab.me> | 2020-02-11 20:10:47 +0100 |
---|---|---|
committer | Alex Auvolat <alex@adnab.me> | 2020-02-11 20:10:47 +0100 |
commit | dc9b2bc4584aa690455954d4b6476b537b356c88 (patch) | |
tree | 492e683bb6a8cdc9775a9f01ac32780082f38077 | |
parent | 0dca53bca06fbdb2096e4426acf8a2f3f3bf9c24 (diff) | |
download | guichet-dc9b2bc4584aa690455954d4b6476b537b356c88.tar.gz guichet-dc9b2bc4584aa690455954d4b6476b537b356c88.zip |
Fix several group membership issue
TODO:
- check for other wrong uses of GetAttributeValue(s)
- refactor is_admin check
-rw-r--r-- | admin.go | 11 | ||||
-rw-r--r-- | main.go | 16 |
2 files changed, 18 insertions, 9 deletions
@@ -19,9 +19,14 @@ func checkAdminLogin(w http.ResponseWriter, r *http.Request) *LoginStatus { } can_admin := (login.Info.DN == config.AdminAccount) - for _, group := range login.UserEntry.GetAttributeValues("memberof") { - if config.GroupCanAdmin != "" && group == config.GroupCanAdmin { - can_admin = true + fmt.Printf("%#v", login.UserEntry) + for _, attr := range login.UserEntry.Attributes { + if strings.EqualFold(attr.Name, "memberof") { + for _, group := range attr.Values { + if config.GroupCanAdmin != "" && group == config.GroupCanAdmin { + can_admin = true + } + } } } @@ -259,12 +259,16 @@ func handleHome(w http.ResponseWriter, r *http.Request) { can_admin := (login.Info.DN == config.AdminAccount) can_invite := false - for _, group := range login.UserEntry.GetAttributeValues("memberof") { - if config.GroupCanInvite != "" && group == config.GroupCanInvite { - can_invite = true - } - if config.GroupCanAdmin != "" && group == config.GroupCanAdmin { - can_admin = true + for _, attr := range login.UserEntry.Attributes { + if strings.EqualFold(attr.Name, "memberof") { + for _, group := range attr.Values { + if config.GroupCanInvite != "" && group == config.GroupCanInvite { + can_invite = true + } + if config.GroupCanAdmin != "" && group == config.GroupCanAdmin { + can_admin = true + } + } } } |