|
|
@@ -243,9 +243,12 @@ func (ldap *ldapHandler) checkCurrUserAdmin(w http.ResponseWriter, r *http.Reque
|
|
|
return false
|
|
|
}
|
|
|
isAdmin := false
|
|
|
+ //get the croups out from LDAP group list
|
|
|
regexSyntax := regexp.MustCompile("cn=([^,]+),")
|
|
|
for _, v := range ldapCurrUserInfo.GetAttributeValues("memberOf") {
|
|
|
+ //loop through all memberOf's array
|
|
|
groups := regexSyntax.FindStringSubmatch(v)
|
|
|
+ //if after regex there is still groups exists
|
|
|
if len(groups) > 0 {
|
|
|
//check if the LDAP group is already exists in ArOZOS system
|
|
|
if ldap.permissionHandler.GroupExists(groups[1]) {
|
|
|
@@ -259,6 +262,8 @@ func (ldap *ldapHandler) checkCurrUserAdmin(w http.ResponseWriter, r *http.Reque
|
|
|
}
|
|
|
|
|
|
func (ldap *ldapHandler) SynchronizeUser(w http.ResponseWriter, r *http.Request) {
|
|
|
+ //check if suer is admin before executing the command
|
|
|
+ //if user is admin then check if user will lost him/her's admin access
|
|
|
consistencyCheck := ldap.checkCurrUserAdmin(w, r)
|
|
|
if !consistencyCheck {
|
|
|
common.SendErrorResponse(w, "You will no longer become the admin after synchronizing, synchronize terminated")
|
|
|
@@ -267,11 +272,8 @@ func (ldap *ldapHandler) SynchronizeUser(w http.ResponseWriter, r *http.Request)
|
|
|
|
|
|
ldapUsersList := ldap.getAllUser(-1)
|
|
|
for _, ldapUser := range ldapUsersList {
|
|
|
- //check if user does not exist in system
|
|
|
- if !ldap.ag.UserExists(ldapUser.Username) {
|
|
|
- //TODO change password
|
|
|
- ldap.ag.CreateUserAccount(ldapUser.Username, "P@ssw0rd", ldapUser.EquivGroup)
|
|
|
- } else {
|
|
|
+ //check if user exist in system
|
|
|
+ if ldap.ag.UserExists(ldapUser.Username) {
|
|
|
//if exists, then check if the user group is the same with ldap's setting
|
|
|
//Get the permission groups by their ids
|
|
|
userinfo, err := ldap.userHandler.GetUserInfoFromUsername(ldapUser.Username)
|
|
|
@@ -287,9 +289,10 @@ func (ldap *ldapHandler) SynchronizeUser(w http.ResponseWriter, r *http.Request)
|
|
|
common.SendOK(w)
|
|
|
}
|
|
|
|
|
|
-//LOGIN related command
|
|
|
-
|
|
|
+//LOGIN related function
|
|
|
+//functions basically same as arozos's original function
|
|
|
func (ldap *ldapHandler) HandleLoginPage(w http.ResponseWriter, r *http.Request) {
|
|
|
+ //load the template from file and inject necessary variables
|
|
|
red, _ := common.Mv(r, "redirect", false)
|
|
|
|
|
|
//Append the redirection addr into the template
|
|
|
@@ -437,7 +440,7 @@ func (ldap *ldapHandler) HandleSetPassword(w http.ResponseWriter, r *http.Reques
|
|
|
common.SendOK(w)
|
|
|
return
|
|
|
} else {
|
|
|
- common.SendErrorResponse(w, "User existed!!")
|
|
|
+ common.SendErrorResponse(w, "User exists, please contact the system administrator if you believe this is an error.")
|
|
|
return
|
|
|
}
|
|
|
} else {
|
AY's Macbook Pro