aboutsummaryrefslogtreecommitdiff
path: root/admin.go
diff options
context:
space:
mode:
authorAlex Auvolat <alex@adnab.me>2020-02-09 22:32:59 +0100
committerAlex Auvolat <alex@adnab.me>2020-02-09 22:32:59 +0100
commitdb9840a6f1d708ca3c333761fd051f328c2bd9f3 (patch)
tree5e41d73493cf3651f9e00cac8cda2c6d1be4a768 /admin.go
parent43825b1bbc02e9b1697b965a1621a936c5ae0334 (diff)
downloadguichet-db9840a6f1d708ca3c333761fd051f328c2bd9f3.tar.gz
guichet-db9840a6f1d708ca3c333761fd051f328c2bd9f3.zip
Add/remove from groups
Diffstat (limited to 'admin.go')
-rw-r--r--admin.go142
1 files changed, 112 insertions, 30 deletions
diff --git a/admin.go b/admin.go
index e6a55f5..70d555f 100644
--- a/admin.go
+++ b/admin.go
@@ -123,12 +123,19 @@ func handleAdminGroups(w http.ResponseWriter, r *http.Request) {
type AdminLDAPTplData struct {
DN string
- Members []string
- Groups []string
+ Members []EntryName
+ Groups []EntryName
Props map[string]*PropValues
Children []Child
Path []PathItem
- AddError string
+
+ Error string
+ Success bool
+}
+
+type EntryName struct {
+ DN string
+ DisplayName string
}
type Child struct {
@@ -146,8 +153,6 @@ type PathItem struct {
type PropValues struct {
Values []string
Editable bool
- ModifySuccess bool
- ModifyError string
}
func handleAdminLDAP(w http.ResponseWriter, r *http.Request) {
@@ -160,10 +165,8 @@ func handleAdminLDAP(w http.ResponseWriter, r *http.Request) {
dn := mux.Vars(r)["dn"]
- modifyAttr := ""
- modifyError := ""
- modifySuccess := false
- addError := ""
+ dError := ""
+ dSuccess := false
if r.Method == "POST" {
r.ParseForm()
@@ -179,18 +182,17 @@ func handleAdminLDAP(w http.ResponseWriter, r *http.Request) {
}
}
- modifyAttr = attr
if len(values_filtered) == 0 {
- modifyError = "Refusing to delete attribute."
+ dError = "Refusing to delete attribute."
} else {
modify_request := ldap.NewModifyRequest(dn, nil)
modify_request.Replace(attr, values_filtered)
err := login.conn.Modify(modify_request)
if err != nil {
- modifyError = err.Error()
+ dError = err.Error()
} else {
- modifySuccess = true
+ dSuccess = true
}
}
} else if action == "add" {
@@ -208,9 +210,10 @@ func handleAdminLDAP(w http.ResponseWriter, r *http.Request) {
modify_request.Add(attr, values_filtered)
err := login.conn.Modify(modify_request)
- modifyAttr = attr
if err != nil {
- addError = err.Error()
+ dError = err.Error()
+ } else {
+ dSuccess = true
}
} else if action == "delete" {
attr := strings.Join(r.Form["attr"], "")
@@ -220,7 +223,42 @@ func handleAdminLDAP(w http.ResponseWriter, r *http.Request) {
err := login.conn.Modify(modify_request)
if err != nil {
- modifyError = err.Error()
+ dError = err.Error()
+ } else {
+ dSuccess = true
+ }
+ } else if action == "delete-from-group" {
+ group := strings.Join(r.Form["group"], "")
+ modify_request := ldap.NewModifyRequest(group, nil)
+ modify_request.Delete("member", []string{dn})
+
+ err := login.conn.Modify(modify_request)
+ if err != nil {
+ dError = err.Error()
+ } else {
+ dSuccess = true
+ }
+ } else if action == "add-to-group" {
+ group := strings.Join(r.Form["group"], "")
+ modify_request := ldap.NewModifyRequest(group, nil)
+ modify_request.Add("member", []string{dn})
+
+ err := login.conn.Modify(modify_request)
+ if err != nil {
+ dError = err.Error()
+ } else {
+ dSuccess = true
+ }
+ } else if action == "delete-member" {
+ member := strings.Join(r.Form["member"], "")
+ modify_request := ldap.NewModifyRequest(dn, nil)
+ modify_request.Delete("member", []string{member})
+
+ err := login.conn.Modify(modify_request)
+ if err != nil {
+ dError = err.Error()
+ } else {
+ dSuccess = true
}
}
}
@@ -282,33 +320,76 @@ func handleAdminLDAP(w http.ResponseWriter, r *http.Request) {
break
}
}
- pv := &PropValues{
+ props[attr.Name] = &PropValues{
Values: attr.Values,
Editable: editable,
}
- if attr.Name == modifyAttr {
- if modifySuccess {
- pv.ModifySuccess = true
- } else if modifyError != "" {
- pv.ModifyError = modifyError
- }
- }
- props[attr.Name] = pv
}
}
}
- members := []string{}
+ members_dn := []string{}
if mp, ok := props["member"]; ok {
- members = mp.Values
+ members_dn = mp.Values
delete(props, "member")
}
- groups := []string{}
+
+ members := []EntryName{}
+ if len(members_dn) > 0 {
+ mapDnToName := make(map[string]string)
+ searchRequest = ldap.NewSearchRequest(
+ config.UserBaseDN,
+ ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
+ fmt.Sprintf("(objectClass=organizationalPerson)"),
+ []string{"dn", "displayname"},
+ nil)
+ sr, err := login.conn.Search(searchRequest)
+ if err != nil {
+ http.Error(w, err.Error(), http.StatusInternalServerError)
+ return
+ }
+ for _, ent := range sr.Entries {
+ mapDnToName[ent.DN] = ent.GetAttributeValue("displayname")
+ }
+ for _, memdn := range members_dn {
+ members = append(members, EntryName{
+ DN: memdn,
+ DisplayName: mapDnToName[memdn],
+ })
+ }
+ }
+
+ groups_dn := []string{}
if gp, ok := props["memberof"]; ok {
- groups = gp.Values
+ groups_dn = gp.Values
delete(props, "memberof")
}
+ groups := []EntryName{}
+ if len(groups_dn) > 0 {
+ mapDnToName := make(map[string]string)
+ searchRequest = ldap.NewSearchRequest(
+ config.GroupBaseDN,
+ ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
+ fmt.Sprintf("(objectClass=groupOfNames)"),
+ []string{"dn", "displayname"},
+ nil)
+ sr, err := login.conn.Search(searchRequest)
+ if err != nil {
+ http.Error(w, err.Error(), http.StatusInternalServerError)
+ return
+ }
+ for _, ent := range sr.Entries {
+ mapDnToName[ent.DN] = ent.GetAttributeValue("displayname")
+ }
+ for _, grpdn := range groups_dn {
+ groups = append(groups, EntryName{
+ DN: grpdn,
+ DisplayName: mapDnToName[grpdn],
+ })
+ }
+ }
+
// Get children
searchRequest = ldap.NewSearchRequest(
dn,
@@ -341,6 +422,7 @@ func handleAdminLDAP(w http.ResponseWriter, r *http.Request) {
Props: props,
Children: children,
Path: path,
- AddError: addError,
+ Error: dError,
+ Success: dSuccess,
})
}