Add ability to manage computers and computer groups from web interface

2021-03-15 16:10:23 -05:00
parent 718414d924
commit d6e4ea2e56
10 changed files with 636 additions and 5 deletions
--- a/app/controllers/api/v1/LDAP.controller.js
+++ b/app/controllers/api/v1/LDAP.controller.js
@@ -46,6 +46,32 @@ class LDAPController extends Controller {
        return res.api(data)
    }

+    async get_machines(req, res, next) {
+        const Machine = this.models.get('ldap:Machine')
+        const machines = await Machine.find({active: true})
+        const data = []
+
+        for ( const machine of machines ) {
+            if ( !req.user.can(`ldap:machine:${machine.id}:view`) ) continue
+            data.push(await machine.to_api())
+        }
+
+        return res.api(data)
+    }
+
+    async get_machine_groups(req, res, next) {
+        const MachineGroup = this.models.get('ldap:MachineGroup')
+        const groups = await MachineGroup.find({active: true})
+        const data = []
+
+        for ( const group of groups ) {
+            if ( !req.user.can(`ldap:machine_group:${group.id}:view`) ) continue
+            data.push(await group.to_api())
+        }
+
+        return res.api(data)
+    }
+
    async get_client(req, res, next) {
        const Client = this.models.get('ldap:Client')
        const client = await Client.findById(req.params.id)
@@ -80,6 +106,40 @@ class LDAPController extends Controller {
        return res.api(await group.to_api())
    }

+    async get_machine(req, res, next) {
+        const Machine = this.models.get('ldap:Machine')
+        const machine = await Machine.findById(req.params.id)
+
+        if ( !machine || !machine.active )
+            return res.status(404)
+                .message(req.T('api.machine_not_found'))
+                .api()
+
+        if ( !req.user.can(`ldap:machine:${machine.id}:view`) )
+            return res.status(401)
+                .message(req.T('api.insufficient_permissions'))
+                .api()
+
+        return res.api(await machine.to_api())
+    }
+
+    async get_machine_group(req, res, next) {
+        const MachineGroup = this.models.get('ldap:MachineGroup')
+        const group = await MachineGroup.findById(req.params.id)
+
+        if ( !group || !group.active )
+            return res.status(404)
+                .message(req.T('api.group_not_found'))
+                .api()
+
+        if ( !req.user.can(`ldap:machine_group:${group.id}:view`) )
+            return res.status(401)
+                .message(req.T('api.insufficient_permissions'))
+                .api()
+
+        return res.api(await group.to_api())
+    }
+
    async create_client(req, res, next) {
        if ( !req.user.can('ldap:client:create') )
            return res.status(401)
@@ -121,13 +181,89 @@ class LDAPController extends Controller {
        return res.api(await client.to_api())
    }

-    async create_group(req, res, next) {
-        console.log(req.body)
-        if ( !req.user.can(`ldap:group:create`) )
-            return res.status(401)
-                .message(req.T('api.insufficient_permissions'))
+    async create_machine(req, res, next) {
+        // validate inputs
+        const required_fields = ['name', 'description']
+        for ( const field of required_fields ) {
+            if ( !req.body[field] )
+                return res.status(400)
+                    .message(`${req.T('api.missing_field')} ${field}`)
+                    .api()
+        }
+
+        // Make sure the machine name is free
+        const Machine = this.models.get('ldap:Machine')
+        const existing_machine = await Machine.findOne({ name: req.body.name })
+        if ( existing_machine )
+            return res.status(400)
+                .message(req.T('api.machine_already_exists'))
                .api()

+        const machine = new Machine({
+            name: req.body.name,
+            description: req.body.description,
+            host_name: req.body.host_name,
+            location: req.body.location,
+        })
+
+        if ( req.body.bind_password ) {
+            await machine.set_bind_password(req.body.bind_password)
+        }
+
+        if ( 'ldap_visible' in req.body ) {
+            machine.ldap_visible = !!req.body.ldap_visible
+        }
+
+        await machine.save()
+        return res.api(await machine.to_api())
+    }
+
+    async create_machine_group(req, res, next) {
+        // validate inputs
+        const required_fields = ['name']
+        for ( const field of required_fields ) {
+            if ( !req.body[field] )
+                return res.status(400)
+                    .message(`${req.T('api.missing_field')} ${field}`)
+                    .api()
+        }
+
+        // Make sure the machine name is free
+        const MachineGroup = this.models.get('ldap:MachineGroup')
+        const existing_group = await MachineGroup.findOne({ name: req.body.name })
+        if ( existing_group )
+            return res.status(400)
+                .message(req.T('api.group_already_exists'))
+                .api()
+
+        const group = new MachineGroup({
+            name: req.body.name,
+            description: req.body.description,
+        })
+
+        if ( 'ldap_visible' in req.body ) {
+            group.ldap_visible = !!req.body.ldap_visible
+        }
+
+        const Machine = this.models.get('ldap:Machine')
+        const machine_ids = Array.isArray(req.body.machine_ids) ? req.body.machine_ids : []
+        group.machine_ids = []
+        for ( const potential of machine_ids ) {
+            const machine = await Machine.findOne({
+                _id: Machine.to_object_id(potential),
+                active: true,
+            })
+
+            if ( machine ) {
+                group.machine_ids.push(potential)
+            }
+        }
+
+        await group.save()
+        return res.api(await group.to_api())
+    }
+
+    async create_group(req, res, next) {
        // validate inputs
        const required_fields = ['role', 'name']
        for ( const field of required_fields ) {
@@ -240,6 +376,106 @@ class LDAPController extends Controller {
        return res.api()
    }

+    async update_machine(req, res, next) {
+        const Machine = this.models.get('ldap:Machine')
+
+        const machine = await Machine.findById(req.params.id)
+        if ( !machine || !machine.active )
+            return res.status(404)
+                .message(req.T('api.machine_not_found'))
+                .api()
+
+        if ( !req.user.can(`ldap:machine:${machine.id}:update`) )
+            return res.status(401)
+                .message(req.T('api.insufficient_permissions'))
+                .api()
+
+        const required_fields = ['name', 'description']
+        for ( const field of required_fields ) {
+            if ( !req.body[field] )
+                return res.status(400)
+                    .message(`${req.T('api.missing_field')} ${field}`)
+                    .api()
+        }
+
+        // Make sure the machine name is free
+        const existing_machine = await Machine.findOne({ name: req.body.name })
+        if ( existing_machine && existing_machine.id !== machine.id )
+            return res.status(400)
+                .message(req.T('api.machine_already_exists'))
+                .api()
+
+        machine.name = req.body.name
+        machine.description = req.body.description
+        machine.host_name = req.body.host_name
+        machine.location = req.body.location
+
+        if ( req.body.bind_password ) {
+            await machine.set_bind_password(req.body.bind_password)
+        }
+
+        if ( 'ldap_visible' in req.body ) {
+            machine.ldap_visible = !!req.body.ldap_visible
+        }
+
+        await machine.save()
+        return res.api(await machine.to_api())
+    }
+
+    async update_machine_group(req, res, next) {
+        const MachineGroup = this.models.get('ldap:MachineGroup')
+
+        const group = await MachineGroup.findById(req.params.id)
+        if ( !group || !group.active )
+            return res.status(404)
+                .message(req.T('api.group_not_found'))
+                .api()
+
+        if ( !req.user.can(`ldap:machine_group:${group.id}:update`) )
+            return res.status(401)
+                .message(req.T('api.insufficient_permissions'))
+                .api()
+
+        const required_fields = ['name']
+        for ( const field of required_fields ) {
+            if ( !req.body[field] )
+                return res.status(400)
+                    .message(`${req.T('api.missing_field')} ${field}`)
+                    .api()
+        }
+
+        // Make sure the machine name is free
+        const existing_group = await MachineGroup.findOne({ name: req.body.name })
+        if ( existing_group && existing_group.id !== group.id )
+            return res.status(400)
+                .message(req.T('api.group_already_exists'))
+                .api()
+
+        group.name = req.body.name
+        group.description = req.body.description
+
+        if ( 'ldap_visible' in req.body ) {
+            group.ldap_visible = !!req.body.ldap_visible
+        }
+
+        const Machine = this.models.get('ldap:Machine')
+        const machine_ids = Array.isArray(req.body.machine_ids) ? req.body.machine_ids : []
+        group.machine_ids = []
+        for ( const potential of machine_ids ) {
+            const machine = await Machine.findOne({
+                _id: Machine.to_object_id(potential),
+                active: true,
+            })
+
+            if ( machine ) {
+                group.machine_ids.push(potential)
+            }
+        }
+
+        await group.save()
+        return res.api(await group.to_api())
+    }
+
    async update_group(req, res, next) {
        const User = await this.models.get('auth:User')
        const Group = await this.models.get('ldap:Group')
@@ -337,6 +573,44 @@ class LDAPController extends Controller {
        await group.save()
        return res.api()
    }
+
+    async delete_machine(req, res, next) {
+        const Machine = this.models.get('ldap:Machine')
+        const machine = await Machine.findById(req.params.id)
+
+        if ( !machine || !machine.active )
+            return res.status(404)
+                .message(req.T('api.machine_not_found'))
+                .api()
+
+        if ( !req.user.can(`ldap:machine:${machine.id}:delete`) )
+            return res.status(401)
+                .message(req.T('api.insufficient_permissions'))
+                .api()
+
+        machine.active = false
+        await machine.save()
+        return res.api()
+    }
+
+    async delete_machine_group(req, res, next) {
+        const MachineGroup = this.models.get('ldap:MachineGroup')
+        const group = await MachineGroup.findById(req.params.id)
+
+        if ( !group || !group.active )
+            return res.status(404)
+                .message(req.T('api.group_not_found'))
+                .api()
+
+        if ( !req.user.can(`ldap:machine_group:${group.id}:delete`) )
+            return res.status(401)
+                .message(req.T('api.insufficient_permissions'))
+                .api()
+
+        group.active = false
+        await group.save()
+        return res.api()
+    }
 }

 module.exports = exports = LDAPController