Update ldap.go

mod/auth/ldap/ldap.go

@@ -225,14 +225,42 @@ func (ldap *ldapHandler) TestConnection(w http.ResponseWriter, r *http.Request)
 	common.SendJSONResponse(w, string(accountJSON))
 }
 
+func (ldap *ldapHandler) checkCurrUserAdmin(w http.ResponseWriter, r *http.Request) bool {
+	//check current user is admin and new update will remove it or not
+	currentLoggedInUser, err := ldap.userHandler.GetUserInfoFromRequest(w, r)
+	if err != nil {
+		common.SendErrorResponse(w, "Error while getting user info")
+		return false
+	}
+	ldapCurrUserInfo, err := ldap.ldapreader.GetUser(currentLoggedInUser.Username)
+	if err != nil {
+		common.SendErrorResponse(w, "Error while getting user info from LDAP")
+		return false
+	}
+	isAdmin := false
+	regexSyntax := regexp.MustCompile("cn=([^,]+),")
+	for _, v := range ldapCurrUserInfo.GetAttributeValues("memberOf") {
+		groups := regexSyntax.FindStringSubmatch(v)
+		if len(groups) > 0 {
+			//check if the LDAP group is already exists in ArOZOS system
+			if ldap.permissionHandler.GroupExists(groups[1]) {
+				if ldap.permissionHandler.GetPermissionGroupByName(groups[1]).IsAdmin {
+					isAdmin = true
+				}
+			}
+		}
+	}
+	return isAdmin
+}
+
 func (ldap *ldapHandler) SynchronizeUser(w http.ResponseWriter, r *http.Request) {
-	//currentLoggedInUser, err := ldap.userHandler.GetUserInfoFromRequest(w, r)
-	//if err != nil {
-	//	common.SendErrorResponse(w, "Error while getting user info")
-	//	return
-	//}
-	ldapUsersList := ldap.getAllUser(-1)
+	consistencyCheck := ldap.checkCurrUserAdmin(w, r)
+	if !consistencyCheck {
+		common.SendErrorResponse(w, "You will no longer become the admin after synchronizing, synchronize terminated")
+		return
+	}
 
+	ldapUsersList := ldap.getAllUser(-1)
 	for _, ldapUser := range ldapUsersList {
 		//check if user does not exist in system
 		if !ldap.ag.UserExists(ldapUser.Username) {