2020-05-17 04:55:08 +00:00
|
|
|
const { Model } = require('flitter-orm')
|
2020-05-21 01:35:17 +00:00
|
|
|
const LDAP = require('ldapjs')
|
2020-05-17 04:55:08 +00:00
|
|
|
|
|
|
|
// For organizational purposes only.
|
|
|
|
class GroupModel extends Model {
|
|
|
|
static get services() {
|
2020-05-21 01:35:17 +00:00
|
|
|
return [...super.services, 'models', 'ldap_server', 'configs']
|
2020-05-17 04:55:08 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static get schema() {
|
|
|
|
return {
|
|
|
|
name: String,
|
|
|
|
user_ids: [String],
|
2021-03-11 01:12:46 +00:00
|
|
|
posix_user_id: String,
|
|
|
|
posix_group_id: Number,
|
2021-03-11 02:06:43 +00:00
|
|
|
grants_sudo: { type: Boolean, default: false },
|
2020-05-17 04:55:08 +00:00
|
|
|
active: { type: Boolean, default: true },
|
2020-05-21 01:35:17 +00:00
|
|
|
ldap_visible: { type: Boolean, default: true },
|
2020-05-17 04:55:08 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
identifier() {
|
|
|
|
return this.name.toLowerCase().replace(/\s/g, '_')
|
|
|
|
}
|
|
|
|
|
2020-05-21 01:35:17 +00:00
|
|
|
get dn() {
|
|
|
|
return LDAP.parseDN(`cn=${this.name},${this.ldap_server.group_dn().format(this.configs.get('ldap:server.format'))}`)
|
|
|
|
}
|
|
|
|
|
2020-05-17 04:55:08 +00:00
|
|
|
async users() {
|
|
|
|
const User = this.models.get('auth:User')
|
|
|
|
return await User.find({ _id: { $in: this.user_ids.map(x => this.constructor.to_object_id(x)) } })
|
|
|
|
}
|
|
|
|
|
2021-03-11 02:12:06 +00:00
|
|
|
async get_gid_number() {
|
|
|
|
if ( !this.posix_group_id ) {
|
|
|
|
const Setting = this.models.get('Setting')
|
|
|
|
let last_uid = await Setting.get('ldap.last_alloc_uid')
|
|
|
|
if ( last_uid < 1 ) {
|
|
|
|
last_uid = this.configs.get('ldap:server.schema.start_uid')
|
|
|
|
}
|
|
|
|
|
|
|
|
this.posix_group_id = last_uid + 1
|
|
|
|
await Setting.set('ldap.last_alloc_uid', this.posix_group_id)
|
|
|
|
await this.save()
|
|
|
|
}
|
|
|
|
|
|
|
|
return this.posix_group_id
|
|
|
|
}
|
|
|
|
|
2020-05-21 01:35:17 +00:00
|
|
|
async to_ldap() {
|
|
|
|
const users = await this.users()
|
2021-03-11 02:12:06 +00:00
|
|
|
return {
|
2020-05-21 01:35:17 +00:00
|
|
|
cn: this.name,
|
|
|
|
dn: this.dn.format(this.configs.get('ldap:server.format')),
|
2021-03-11 02:12:06 +00:00
|
|
|
objectClass: ['groupOfNames', 'posixGroup'],
|
2021-03-11 05:21:33 +00:00
|
|
|
gidNumber: String(await this.get_gid_number()),
|
2020-05-21 01:35:17 +00:00
|
|
|
member: users.map(x => x.dn.format(this.configs.get('ldap:server.format'))),
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-03-11 05:43:16 +00:00
|
|
|
static async sudo_directory() {
|
|
|
|
const groups = await this.find({ ldap_visible: true, active: true, grants_sudo: true })
|
|
|
|
|
|
|
|
let users = []
|
|
|
|
for ( const group of groups ) {
|
|
|
|
users = [...users, ...(await group.users())]
|
|
|
|
}
|
|
|
|
|
2021-03-11 05:53:22 +00:00
|
|
|
return users.filter(u => u.uid !== 'root')
|
2021-03-11 05:43:16 +00:00
|
|
|
}
|
|
|
|
|
2020-05-21 01:35:17 +00:00
|
|
|
static async ldap_directory() {
|
2021-03-11 01:12:46 +00:00
|
|
|
const User = this.prototype.models.get('auth:User')
|
|
|
|
const groups = await this.find({ ldap_visible: true, active: true })
|
|
|
|
|
|
|
|
const posix_user_ids = groups.map(group => group.posix_user_id)
|
|
|
|
.filter(Boolean)
|
|
|
|
.map(id => User.to_object_id(id))
|
|
|
|
|
|
|
|
const missing_posix_users = await User.find({
|
|
|
|
ldap_visible: true,
|
|
|
|
_id: {
|
|
|
|
$nin: posix_user_ids
|
|
|
|
}
|
|
|
|
})
|
|
|
|
|
|
|
|
for ( const user of missing_posix_users ) {
|
|
|
|
const group = new this({
|
|
|
|
name: `${user.uid} (posix)`,
|
|
|
|
user_ids: [user.id],
|
|
|
|
posix_user_id: user.id,
|
|
|
|
posix_group_id: await user.get_uid_number(),
|
|
|
|
})
|
|
|
|
|
|
|
|
await group.save()
|
|
|
|
groups.push(group)
|
|
|
|
}
|
|
|
|
|
|
|
|
return groups
|
2020-05-21 01:35:17 +00:00
|
|
|
}
|
|
|
|
|
2020-05-17 04:55:08 +00:00
|
|
|
async to_api() {
|
|
|
|
return {
|
|
|
|
id: this.id,
|
|
|
|
name: this.name,
|
|
|
|
user_ids: this.user_ids,
|
2020-05-21 01:35:17 +00:00
|
|
|
ldap_visible: this.ldap_visible,
|
2021-03-11 02:06:43 +00:00
|
|
|
grants_sudo: !!this.grants_sudo,
|
2020-05-17 04:55:08 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
module.exports = exports = GroupModel
|