diff --git a/app/assets/app/cobalt/Form.component.js b/app/assets/app/cobalt/Form.component.js
index f8d0716..2ba01b1 100644
--- a/app/assets/app/cobalt/Form.component.js
+++ b/app/assets/app/cobalt/Form.component.js
@@ -42,7 +42,7 @@ const template = `
{{ field.error }}
diff --git a/app/assets/app/resource/auth/Group.resource.js b/app/assets/app/resource/auth/Group.resource.js
index 0d29596..5a76397 100644
--- a/app/assets/app/resource/auth/Group.resource.js
+++ b/app/assets/app/resource/auth/Group.resource.js
@@ -62,6 +62,15 @@ class GroupResource extends CRUDBase {
required: true,
type: 'text',
},
+ {
+ name: 'Superuser equivalent?',
+ field: 'grants_sudo',
+ type: 'select',
+ options: [
+ {display: 'Yes', value: true},
+ {display: 'No', value: false},
+ ],
+ },
{
name: 'Users',
field: 'user_ids',
diff --git a/app/controllers/api/v1/Auth.controller.js b/app/controllers/api/v1/Auth.controller.js
index 1b5e46b..73fd955 100644
--- a/app/controllers/api/v1/Auth.controller.js
+++ b/app/controllers/api/v1/Auth.controller.js
@@ -239,7 +239,10 @@ class AuthController extends Controller {
.message(req.T('api.group_already_exists'))
.api()
- const group = new Group({ name: req.body.name })
+ const group = new Group({
+ name: req.body.name,
+ grants_sudo: !!req.body.grants_sudo,
+ })
// Validate user ids
const User = this.models.get('auth:User')
@@ -257,6 +260,17 @@ class AuthController extends Controller {
group.user_ids = user_ids
}
+ if ( group.grants_sudo ) {
+ const Setting = this.models.get('Setting')
+ let last_uid = await Setting.get('ldap.last_alloc_uid')
+ if ( last_uid < 1 ) {
+ last_uid = this.configs.get('ldap:server.schema.start_uid')
+ }
+
+ group.posix_group_id = last_uid + 1
+ await Setting.set('ldap.last_alloc_uid', group.posix_group_id)
+ }
+
await group.save()
return res.api(await group.to_api())
}
@@ -365,6 +379,19 @@ class AuthController extends Controller {
}
group.name = req.body.name
+ group.grants_sudo = !!req.body.grants_sudo
+
+ if ( group.grants_sudo && !group.posix_group_id ) {
+ const Setting = this.models.get('Setting')
+ let last_uid = await Setting.get('ldap.last_alloc_uid')
+ if ( last_uid < 1 ) {
+ last_uid = this.configs.get('ldap:server.schema.start_uid')
+ }
+
+ group.posix_group_id = last_uid + 1
+ await Setting.set('ldap.last_alloc_uid', group.posix_group_id)
+ }
+
await group.save()
return res.api()
}
diff --git a/app/models/auth/Group.model.js b/app/models/auth/Group.model.js
index f3648bf..d2530c1 100644
--- a/app/models/auth/Group.model.js
+++ b/app/models/auth/Group.model.js
@@ -13,6 +13,7 @@ class GroupModel extends Model {
user_ids: [String],
posix_user_id: String,
posix_group_id: Number,
+ grants_sudo: { type: Boolean, default: false },
active: { type: Boolean, default: true },
ldap_visible: { type: Boolean, default: true },
}
@@ -84,6 +85,7 @@ class GroupModel extends Model {
name: this.name,
user_ids: this.user_ids,
ldap_visible: this.ldap_visible,
+ grants_sudo: !!this.grants_sudo,
}
}
}