diff options
-rw-r--r-- | main.go | 63 | ||||
-rw-r--r-- | templates/home.html | 26 |
2 files changed, 58 insertions, 31 deletions
@@ -1,12 +1,12 @@ package main import ( - "fmt" "crypto/rand" "crypto/tls" "encoding/base64" "encoding/json" "flag" + "fmt" "html/template" "io/ioutil" "log" @@ -24,6 +24,8 @@ type ConfigFile struct { LdapServerAddr string `json:"ldap_server_addr"` LdapTLS bool `json:"ldap_tls"` UserFormat string `json:"user_format"` + GroupCanInvite string `json:"group_can_invite"` + GroupCanAdmin string `json:"group_can_admin"` } var configFlag = flag.String("config", "./config.json", "Configuration file path") @@ -112,8 +114,8 @@ type LoginInfo struct { } type LoginStatus struct { - Info *LoginInfo - conn *ldap.Conn + Info *LoginInfo + conn *ldap.Conn UserEntry *ldap.Entry } @@ -172,11 +174,11 @@ func checkLogin(w http.ResponseWriter, r *http.Request) *LoginStatus { login_info.DN, ldap.ScopeBaseObject, ldap.NeverDerefAliases, 0, 0, false, fmt.Sprintf("(&(objectClass=organizationalPerson))"), - []string{"dn", "displayname", "givenname", "sn", "mail"}, + []string{"dn", "displayname", "givenname", "sn", "mail", "memberof"}, nil) sr, err := l.Search(searchRequest) - if err!= nil { + if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return nil } @@ -187,8 +189,8 @@ func checkLogin(w http.ResponseWriter, r *http.Request) *LoginStatus { } return &LoginStatus{ - Info: login_info, - conn: l, + Info: login_info, + conn: l, UserEntry: sr.Entries[0], } } @@ -220,6 +222,12 @@ type LoginFormData struct { // Page handlers ---- +type HomePageData struct { + Login *LoginStatus + CanAdmin bool + CanInvite bool +} + func handleHome(w http.ResponseWriter, r *http.Request) { templateHome := template.Must(template.ParseFiles("templates/layout.html", "templates/home.html")) @@ -228,7 +236,22 @@ func handleHome(w http.ResponseWriter, r *http.Request) { return } - templateHome.Execute(w, login) + can_admin := false + can_invite := false + for _, group := range login.UserEntry.GetAttributeValues("memberof") { + if config.GroupCanInvite != "" && group == config.GroupCanInvite { + can_invite = true + } + if config.GroupCanAdmin != "" && group == config.GroupCanAdmin { + can_admin = true + } + } + + templateHome.Execute(w, &HomePageData{ + Login: login, + CanAdmin: can_admin, + CanInvite: can_invite, + }) } func handleLogout(w http.ResponseWriter, r *http.Request) { @@ -307,13 +330,13 @@ func handleLogin(w http.ResponseWriter, r *http.Request) *LoginInfo { } type ProfileTplData struct { - Status *LoginStatus + Status *LoginStatus ErrorMessage string - Success bool - Mail string - DisplayName string - GivenName string - Surname string + Success bool + Mail string + DisplayName string + GivenName string + Surname string } func handleProfile(w http.ResponseWriter, r *http.Request) { @@ -325,9 +348,9 @@ func handleProfile(w http.ResponseWriter, r *http.Request) { } data := &ProfileTplData{ - Status: login, + Status: login, ErrorMessage: "", - Success: false, + Success: false, } if r.Method == "POST" { @@ -361,10 +384,10 @@ func handleProfile(w http.ResponseWriter, r *http.Request) { } type PasswdTplData struct { - Status *LoginStatus + Status *LoginStatus ErrorMessage string NoMatchError bool - Success bool + Success bool } func handlePasswd(w http.ResponseWriter, r *http.Request) { @@ -376,9 +399,9 @@ func handlePasswd(w http.ResponseWriter, r *http.Request) { } data := &PasswdTplData{ - Status: login, + Status: login, ErrorMessage: "", - Success: false, + Success: false, } if r.Method == "POST" { diff --git a/templates/home.html b/templates/home.html index d55b45f..3f91e7b 100644 --- a/templates/home.html +++ b/templates/home.html @@ -2,7 +2,7 @@ {{define "body"}} <div class="alert alert-success"> - Bienvenue, <strong>{{ .UserEntry.GetAttributeValue "givenname" }}</strong> ! + Bienvenue, <strong>{{ .Login.UserEntry.GetAttributeValue "givenname" }}</strong> ! </div> <div class="d-flex"> <a class="ml-auto btn btn-sm btn-dark" href="/logout">Se déconnecter</a> @@ -16,19 +16,23 @@ <div class="list-group list-group-flush"> <a class="list-group-item list-group-item-action" href="/profile">Modifier mon profil</a> <a class="list-group-item list-group-item-action" href="/passwd">Modifier mon mot de passe</a> - <a class="list-group-item list-group-item-action" href="/invite">Inviter quelqu'un</a> + {{if .CanInvite}} + <a class="list-group-item list-group-item-action" href="/invite">Inviter quelqu'un</a> + {{end}} </div> </div> -<div class="card mt-3"> - <div class="card-header"> - Administration - </div> - <div class="list-group list-group-flush"> - <a class="list-group-item list-group-item-action" href="/admin/users">Utilisateurs</a> - <a class="list-group-item list-group-item-action" href="/admin/groups">Groupes</a> - <a class="list-group-item list-group-item-action" href="/admin/ldap">Explorateur LDAP</a> +{{if .CanAdmin}} + <div class="card mt-3"> + <div class="card-header"> + Administration + </div> + <div class="list-group list-group-flush"> + <a class="list-group-item list-group-item-action" href="/admin/users">Utilisateurs</a> + <a class="list-group-item list-group-item-action" href="/admin/groups">Groupes</a> + <a class="list-group-item list-group-item-action" href="/admin/ldap">Explorateur LDAP</a> + </div> </div> -</div> +{{end}} {{end}} |