Commit 72e513a4 authored by Francesc Guasch's avatar Francesc Guasch
Browse files

feature(frontend): manage user groups

parent 47141d54
......@@ -306,7 +306,6 @@ sub search_user {
timelimit => $timelimit
);
warn "LDAP retry ".$mesg->code." ".$mesg->error if $retry > 1;
if ( $retry <= 3 && $mesg->code && $mesg->code != 4 ) {
warn "LDAP error ".$mesg->code." ".$mesg->error."."
......@@ -461,6 +460,28 @@ sub search_group {
return $entries[0];
}
sub search_group_member($cn) {
my $base = "ou=groups,"._dc_base();
my $ldap = _init_ldap_admin();
my $mesg = $ldap ->search (
filter => "memberuid=$cn"
,base => $base
,sizelimit => 100
);
warn $mesg->code." ".$mesg->error." [base: $base]" if $mesg->code;
my @entries = map { $_->get_value('cn') } $mesg->entries();
$mesg = $ldap ->search (
filter => "member=cn=$cn,"._dc_base()
,base => $base
,sizelimit => 100
);
my @entries2 = map { $_->get_value('cn') } $mesg->entries();
return (sort (@entries,@entries2));
}
=head2 add_to_group
Adds user to group
......
......@@ -1126,6 +1126,13 @@ sub ldap_entry($self) {
return $self->{_ldap_entry};
}
sub groups($self) {
return () if !$self->external_auth || $self->external_auth ne 'ldap';
my @groups = Ravada::Auth::LDAP::search_group_member($self->name);
return @groups;
}
sub AUTOLOAD($self, $domain=undef) {
my $name = $AUTOLOAD;
......
......@@ -364,10 +364,7 @@ sub user_allowed($entry, $user_name) {
return 1 if $user_name eq $allowed_user_name;
}
for my $group_name ($entry->ldap_groups) {
my $group = Ravada::Auth::LDAP->_search_posix_group($group_name);
my @member = $group->get_value('memberUid');
my ($found) = grep /^$user_name$/,@member;
return 1 if $found;
return 1 if Ravada::Auth::LDAP::is_member($user_name, $group_name);
}
return 0;
}
......
......@@ -401,12 +401,47 @@ ravadaApp.directive("solShowMachine", swMach)
$scope.show_machine = { '0': false };
};
function usersPageC($scope, $http, $interval, request) {
$scope.action = function(target,action,machineId){
$http.get('/'+target+'/'+action+'/'+machineId+'.json');
function usersPageC($scope, $http, $interval, request) {
$scope.list_groups= function() {
$scope.loading_groups = true;
$scope.error = '';
$http.get('/list_ldap_groups')
.then(function(response) {
$scope.loading_groups = false;
$scope.groups = response.data;
});
};
$scope.list_user_groups = function(id_user) {
$http.get('/user/list_groups/'+id_user)
.then(function(response) {
$scope.user_groups = response.data;
});
};
$scope.add_group_member = function(id_user, cn, group) {
$http.post("/ldap/group/add_member/"
,JSON.stringify(
{ 'group': group
,'cn': cn
})
).then(function(response) {
$scope.error = response.data.error;
$scope.list_user_groups(id_user);
});
};
$scope.remove_group_member = function(id_user, dn, group) {
$http.post("/ldap/group/remove_member/"
,JSON.stringify(
{ 'group': group
,'dn': dn
})
).then(function(response) {
$scope.error = response.data.error;
$scope.list_user_groups(id_user);
});
};
$scope.list_groups();
};
//On load code
};
function messagesPageC($scope, $http, $interval, request) {
$scope.getMessages = function() {
......
......@@ -314,7 +314,7 @@ get '/admin/group/#name' => sub($c) {
push @{$c->stash->{js}}, '/js/admin.js';
my $group = Ravada::Auth::LDAP::search_group(name => $c->stash('name'));
$c->stash(object_class => [$group->get_value('objectClass')]);
$c->stash(object_class => [ grep !/^top$/,$group->get_value('objectClass')]);
return $c->render( template => "/main/admin_group");
};
......@@ -1078,6 +1078,7 @@ any '/admin/user/(:id).(:type)' => sub {
my $c = shift;
return access_denied($c) if !$USER->can_manage_users() && !$USER->can_grant();
push @{$c->stash->{js}}, '/js/admin.js';
my $user = Ravada::Auth::SQL->search_by_id($c->stash('id'));
return $c->render(text => "Unknown user id: ".$c->stash('id'))
......@@ -1114,6 +1115,14 @@ any '/admin/user/(:id).(:type)' => sub {
return $c->render(template => 'main/manage_user');
};
get '/user/list_groups/(#id_user)' => sub($c) {
my $id_user = $c->stash('id_user');
return _access_denied($c) unless $USER->is_admin || $id_user == $USER->id;
my $user = Ravada::Auth::SQL->search_by_id($id_user);
return $c->render(json => [$user->groups()]);
};
any '/user/change_password' => sub {
my $c = shift;
return change_password($c);
......
......@@ -3,12 +3,16 @@
<body id="page-top" data-spy="scroll" data-target=".fixed-top" role="document" ng-app="ravada.app">
<div id="wrapper">
%= include 'bootstrap/navigation'
<div id="page-wrapper">
<div id="page-wrapper" ng-controller="usersPage" ng-init="list_user_groups(<%= $user->id %>)">
<div class="page-header">
<div class="card">
<div class="card-header">
<h2><%=l 'User' %>&nbsp;<%= $user->name %></h2>
<h2><%=l 'User' %>&nbsp;<%= $user->name %>
% if ( $user->external_auth ) {
(<%= $user->external_auth %>)
% }
</h2>
</div> <!-- del panel heading-->
</div>
<ul class="nav nav-tabs" id="myTab" role="tablist">
......@@ -27,6 +31,12 @@
<a class="nav-link" href="#password" role="tab" data-toggle="tab" aria-controls="password" aria-selected="true">Password</a>
</li>
% }
% if ( $_user->is_admin && $user->is_external && $user->external_auth eq 'ldap' ) {
<li class="nav-item">
<a class="nav-link" href="#groups" role="tab" data-toggle="tab" aria-controls="groups" aria-selected="true">Groups</a>
</li>
% }
</ul>
<div class="tab-content" id="myTabContent">
% if ( $_user->is_admin ) {
......@@ -43,6 +53,11 @@
<div class="tab-pane fade" id="password" role="tabpanel" aria-labelledby="password-tab">
%= include '/main/manage_user_password'
</div>
% }
% if ( $_user->is_admin && $user->is_external && $user->external_auth eq 'ldap' ) {
<div class="tab-pane fade" id="groups" role="tabpanel" aria-labelledby="group-tab">
%= include '/main/manage_user_groups'
</div>
% }
</div>
</div><! --page-header -->
......
<div class="card-body">
<%=l 'Add to group' %>
<span ng-show="loading_users"><i class="fas fa-sync-alt fa-spin"></i></span>
<span ng-show="user_groups && !user_groups.length">
<%=l 'No LDAP groups created.' %>
<a href="/admin/groups"><%=l 'Add groups' %></a>
</span>
<select
ng-show="groups && groups.length"
ng-model="new_group"
ng-options="group for group in groups"
>
</select>
<button ng-show="new_group"
ng-click="add_group_member(<%= $user->id %>,'<%= $user->name %>',new_group)">Add</button>
</div>
{{error}}
<table class="table table-striped" ng-show="user_groups.length>0">
<thead>
<tr>
<th><%=l 'Name' %></th>
</tr>
</thead>
<tbody>
<tr ng-repeat="group in user_groups">
<td>
<button ng-click="remove_group_member( <%= $user->id %>,'<%= $user->ldap_entry->dn %>',group)"
ng-show="<%= $_user->can_manage_users %>"
class="badge badge-light text-blue">x</button>
{{group}}
</td>
</tr>
</tbody>
</table>
<div ng-show="user_groups.length==0">No member of any group</div>
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment