|
|
@@ -13,6 +13,7 @@ import (
|
|
|
"imuslab.com/arozos/mod/common"
|
|
|
db "imuslab.com/arozos/mod/database"
|
|
|
permission "imuslab.com/arozos/mod/permission"
|
|
|
+ "imuslab.com/arozos/mod/user"
|
|
|
)
|
|
|
|
|
|
type ldapHandler struct {
|
|
|
@@ -21,6 +22,7 @@ type ldapHandler struct {
|
|
|
reg *reg.RegisterHandler
|
|
|
coredb *db.Database
|
|
|
permissionHandler *permission.PermissionHandler
|
|
|
+ userHandler *user.UserHandler
|
|
|
}
|
|
|
|
|
|
type Config struct {
|
|
|
@@ -40,11 +42,11 @@ type UserAccount struct {
|
|
|
|
|
|
/*
|
|
|
TODO: not sure why auto redirect will keep enable
|
|
|
-
|
|
|
+TODO: stop user to syncorize if the current user will lost admin access
|
|
|
*/
|
|
|
|
|
|
//NewLdapHandler xxx
|
|
|
-func NewLdapHandler(authAgent *auth.AuthAgent, register *reg.RegisterHandler, coreDb *db.Database, permissionHandler *permission.PermissionHandler) *ldapHandler {
|
|
|
+func NewLdapHandler(authAgent *auth.AuthAgent, register *reg.RegisterHandler, coreDb *db.Database, permissionHandler *permission.PermissionHandler, userHandler *user.UserHandler) *ldapHandler {
|
|
|
//ldap handler init
|
|
|
log.Println("Starting LDAP client...")
|
|
|
err := coreDb.NewTable("ldap")
|
|
|
@@ -65,6 +67,7 @@ func NewLdapHandler(authAgent *auth.AuthAgent, register *reg.RegisterHandler, co
|
|
|
reg: register,
|
|
|
coredb: coreDb,
|
|
|
permissionHandler: permissionHandler,
|
|
|
+ userHandler: userHandler,
|
|
|
}
|
|
|
|
|
|
return &LDAPHandler
|
|
|
@@ -202,7 +205,11 @@ func (ldap *ldapHandler) getAllUser(limit int) []UserAccount {
|
|
|
break
|
|
|
}
|
|
|
}
|
|
|
- return accounts[1:]
|
|
|
+ if len(accounts) > 0 {
|
|
|
+ return accounts[1:]
|
|
|
+ } else {
|
|
|
+ return []UserAccount{}
|
|
|
+ }
|
|
|
}
|
|
|
|
|
|
func (ldap *ldapHandler) TestConnection(w http.ResponseWriter, r *http.Request) {
|
|
|
@@ -219,22 +226,30 @@ func (ldap *ldapHandler) TestConnection(w http.ResponseWriter, r *http.Request)
|
|
|
}
|
|
|
|
|
|
func (ldap *ldapHandler) SyncorizeUser(w http.ResponseWriter, r *http.Request) {
|
|
|
+ //currentLoggedInUser, err := ldap.userHandler.GetUserInfoFromRequest(w, r)
|
|
|
+ //if err != nil {
|
|
|
+ // common.SendErrorResponse(w, "Error while getting user info")
|
|
|
+ // return
|
|
|
+ //}
|
|
|
ldapUsersList := ldap.getAllUser(-1)
|
|
|
- //arozUsersList := ldap.ag.ListUsers()
|
|
|
|
|
|
for _, ldapUser := range ldapUsersList {
|
|
|
//check if user does not exist in system
|
|
|
if !ldap.ag.UserExists(ldapUser.Username) {
|
|
|
//TODO change password
|
|
|
- //TODO reg.GetDefaultUserGroup()
|
|
|
ldap.ag.CreateUserAccount(ldapUser.Username, "P@ssw0rd", ldapUser.EquivGroup)
|
|
|
} else {
|
|
|
//if exists, then check if the user group is the same with ldap's setting
|
|
|
- //ldapUserCurrentEquivGroup, _ := ldap.permissionHandler.GetUsersPermissionGroup(ldapUser.Username)
|
|
|
- //for _, ldapUserNewEquivGroup := range ldapUser.EquivGroup {
|
|
|
- // if ldap.ag.
|
|
|
- //}
|
|
|
+ //Get the permission groups by their ids
|
|
|
+ userinfo, err := ldap.userHandler.GetUserInfoFromUsername(ldapUser.Username)
|
|
|
+ if err != nil {
|
|
|
+ common.SendErrorResponse(w, "Error while getting user info")
|
|
|
+ return
|
|
|
+ }
|
|
|
+ newPermissionGroups := ldap.permissionHandler.GetPermissionGroupByNameList(ldapUser.EquivGroup)
|
|
|
+ //Set the user's permission to these groups
|
|
|
+ userinfo.SetUserPermissionGroup(newPermissionGroups)
|
|
|
}
|
|
|
}
|
|
|
-
|
|
|
+ common.SendOK(w)
|
|
|
}
|
AY's Macbook Pro