From db9840a6f1d708ca3c333761fd051f328c2bd9f3 Mon Sep 17 00:00:00 2001 From: Alex Auvolat Date: Sun, 9 Feb 2020 22:32:59 +0100 Subject: Add/remove from groups --- admin.go | 142 ++++++++++++++++++++++++++++++++++++---------- templates/admin_ldap.html | 92 +++++++++++++++++++++++------- 2 files changed, 183 insertions(+), 51 deletions(-) diff --git a/admin.go b/admin.go index e6a55f5..70d555f 100644 --- a/admin.go +++ b/admin.go @@ -123,12 +123,19 @@ func handleAdminGroups(w http.ResponseWriter, r *http.Request) { type AdminLDAPTplData struct { DN string - Members []string - Groups []string + Members []EntryName + Groups []EntryName Props map[string]*PropValues Children []Child Path []PathItem - AddError string + + Error string + Success bool +} + +type EntryName struct { + DN string + DisplayName string } type Child struct { @@ -146,8 +153,6 @@ type PathItem struct { type PropValues struct { Values []string Editable bool - ModifySuccess bool - ModifyError string } func handleAdminLDAP(w http.ResponseWriter, r *http.Request) { @@ -160,10 +165,8 @@ func handleAdminLDAP(w http.ResponseWriter, r *http.Request) { dn := mux.Vars(r)["dn"] - modifyAttr := "" - modifyError := "" - modifySuccess := false - addError := "" + dError := "" + dSuccess := false if r.Method == "POST" { r.ParseForm() @@ -179,18 +182,17 @@ func handleAdminLDAP(w http.ResponseWriter, r *http.Request) { } } - modifyAttr = attr if len(values_filtered) == 0 { - modifyError = "Refusing to delete attribute." + dError = "Refusing to delete attribute." } else { modify_request := ldap.NewModifyRequest(dn, nil) modify_request.Replace(attr, values_filtered) err := login.conn.Modify(modify_request) if err != nil { - modifyError = err.Error() + dError = err.Error() } else { - modifySuccess = true + dSuccess = true } } } else if action == "add" { @@ -208,9 +210,10 @@ func handleAdminLDAP(w http.ResponseWriter, r *http.Request) { modify_request.Add(attr, values_filtered) err := login.conn.Modify(modify_request) - modifyAttr = attr if err != nil { - addError = err.Error() + dError = err.Error() + } else { + dSuccess = true } } else if action == "delete" { attr := strings.Join(r.Form["attr"], "") @@ -220,7 +223,42 @@ func handleAdminLDAP(w http.ResponseWriter, r *http.Request) { err := login.conn.Modify(modify_request) if err != nil { - modifyError = err.Error() + dError = err.Error() + } else { + dSuccess = true + } + } else if action == "delete-from-group" { + group := strings.Join(r.Form["group"], "") + modify_request := ldap.NewModifyRequest(group, nil) + modify_request.Delete("member", []string{dn}) + + err := login.conn.Modify(modify_request) + if err != nil { + dError = err.Error() + } else { + dSuccess = true + } + } else if action == "add-to-group" { + group := strings.Join(r.Form["group"], "") + modify_request := ldap.NewModifyRequest(group, nil) + modify_request.Add("member", []string{dn}) + + err := login.conn.Modify(modify_request) + if err != nil { + dError = err.Error() + } else { + dSuccess = true + } + } else if action == "delete-member" { + member := strings.Join(r.Form["member"], "") + modify_request := ldap.NewModifyRequest(dn, nil) + modify_request.Delete("member", []string{member}) + + err := login.conn.Modify(modify_request) + if err != nil { + dError = err.Error() + } else { + dSuccess = true } } } @@ -282,33 +320,76 @@ func handleAdminLDAP(w http.ResponseWriter, r *http.Request) { break } } - pv := &PropValues{ + props[attr.Name] = &PropValues{ Values: attr.Values, Editable: editable, } - if attr.Name == modifyAttr { - if modifySuccess { - pv.ModifySuccess = true - } else if modifyError != "" { - pv.ModifyError = modifyError - } - } - props[attr.Name] = pv } } } - members := []string{} + members_dn := []string{} if mp, ok := props["member"]; ok { - members = mp.Values + members_dn = mp.Values delete(props, "member") } - groups := []string{} + + members := []EntryName{} + if len(members_dn) > 0 { + mapDnToName := make(map[string]string) + searchRequest = ldap.NewSearchRequest( + config.UserBaseDN, + ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, + fmt.Sprintf("(objectClass=organizationalPerson)"), + []string{"dn", "displayname"}, + nil) + sr, err := login.conn.Search(searchRequest) + if err != nil { + http.Error(w, err.Error(), http.StatusInternalServerError) + return + } + for _, ent := range sr.Entries { + mapDnToName[ent.DN] = ent.GetAttributeValue("displayname") + } + for _, memdn := range members_dn { + members = append(members, EntryName{ + DN: memdn, + DisplayName: mapDnToName[memdn], + }) + } + } + + groups_dn := []string{} if gp, ok := props["memberof"]; ok { - groups = gp.Values + groups_dn = gp.Values delete(props, "memberof") } + groups := []EntryName{} + if len(groups_dn) > 0 { + mapDnToName := make(map[string]string) + searchRequest = ldap.NewSearchRequest( + config.GroupBaseDN, + ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, + fmt.Sprintf("(objectClass=groupOfNames)"), + []string{"dn", "displayname"}, + nil) + sr, err := login.conn.Search(searchRequest) + if err != nil { + http.Error(w, err.Error(), http.StatusInternalServerError) + return + } + for _, ent := range sr.Entries { + mapDnToName[ent.DN] = ent.GetAttributeValue("displayname") + } + for _, grpdn := range groups_dn { + groups = append(groups, EntryName{ + DN: grpdn, + DisplayName: mapDnToName[grpdn], + }) + } + } + // Get children searchRequest = ldap.NewSearchRequest( dn, @@ -341,6 +422,7 @@ func handleAdminLDAP(w http.ResponseWriter, r *http.Request) { Props: props, Children: children, Path: path, - AddError: addError, + Error: dError, + Success: dSuccess, }) } diff --git a/templates/admin_ldap.html b/templates/admin_ldap.html index 5eece8a..b72f587 100644 --- a/templates/admin_ldap.html +++ b/templates/admin_ldap.html @@ -36,6 +36,16 @@ +{{if .Success}} +
Modification enregistrée.
+{{end}} +{{if .Error}} +
+ Impossible d'effectuer la modification. +
{{.Error}}
+
+{{end}} +
Attributs
{{range $key, $value := .Props}} @@ -54,15 +64,6 @@
- {{if $value.ModifySuccess}} -
Modification enregistrée.
- {{end}} - {{if $value.ModifyError}} -
- Impossible de modifier la valeur. -
{{$value.ModifyError}}
-
- {{end}}
@@ -94,12 +95,6 @@
- {{if .AddError}} -
- Impossible d'ajouter la valeur. -
{{.AddError}}
-
- {{end}}
@@ -112,21 +107,76 @@
{{if .Members}} +
Membres
-
    +
    {{range .Members}} -
  • {{.}}
  • +
    +
    + {{.DisplayName}} +
    +
    + {{.DN}} +
    +
    +
    + + + +
    +
    +
    {{end}} -
+
+ + +
+
Ajouter au groupe : +
+
+ +
+
+ +
+ +
{{end}} {{if .Groups}} +
Membre de
-
    +
    {{range .Groups}} -
  • {{.}}
  • +
    +
    + {{.DisplayName}} +
    +
    + {{.DN}} +
    +
    +
    + + + +
    +
    +
    {{end}} -
+
+ +
+
Nouveau groupe : +
+
+ +
+
+ +
+ +
{{end}}
-- cgit v1.2.3