From ef819b0a2e663c4439100454bfdad526c8797498 Mon Sep 17 00:00:00 2001 From: garrettmills Date: Wed, 10 Mar 2021 20:06:43 -0600 Subject: [PATCH] Groups - allow flagging group as su equivalent --- app/assets/app/cobalt/Form.component.js | 2 +- .../app/resource/auth/Group.resource.js | 9 ++++++ app/controllers/api/v1/Auth.controller.js | 29 ++++++++++++++++++- app/models/auth/Group.model.js | 2 ++ 4 files changed, 40 insertions(+), 2 deletions(-) diff --git a/app/assets/app/cobalt/Form.component.js b/app/assets/app/cobalt/Form.component.js index f8d0716..2ba01b1 100644 --- a/app/assets/app/cobalt/Form.component.js +++ b/app/assets/app/cobalt/Form.component.js @@ -42,7 +42,7 @@ const template = ` {{ field.error }} diff --git a/app/assets/app/resource/auth/Group.resource.js b/app/assets/app/resource/auth/Group.resource.js index 0d29596..5a76397 100644 --- a/app/assets/app/resource/auth/Group.resource.js +++ b/app/assets/app/resource/auth/Group.resource.js @@ -62,6 +62,15 @@ class GroupResource extends CRUDBase { required: true, type: 'text', }, + { + name: 'Superuser equivalent?', + field: 'grants_sudo', + type: 'select', + options: [ + {display: 'Yes', value: true}, + {display: 'No', value: false}, + ], + }, { name: 'Users', field: 'user_ids', diff --git a/app/controllers/api/v1/Auth.controller.js b/app/controllers/api/v1/Auth.controller.js index 1b5e46b..73fd955 100644 --- a/app/controllers/api/v1/Auth.controller.js +++ b/app/controllers/api/v1/Auth.controller.js @@ -239,7 +239,10 @@ class AuthController extends Controller { .message(req.T('api.group_already_exists')) .api() - const group = new Group({ name: req.body.name }) + const group = new Group({ + name: req.body.name, + grants_sudo: !!req.body.grants_sudo, + }) // Validate user ids const User = this.models.get('auth:User') @@ -257,6 +260,17 @@ class AuthController extends Controller { group.user_ids = user_ids } + if ( group.grants_sudo ) { + const Setting = this.models.get('Setting') + let last_uid = await Setting.get('ldap.last_alloc_uid') + if ( last_uid < 1 ) { + last_uid = this.configs.get('ldap:server.schema.start_uid') + } + + group.posix_group_id = last_uid + 1 + await Setting.set('ldap.last_alloc_uid', group.posix_group_id) + } + await group.save() return res.api(await group.to_api()) } @@ -365,6 +379,19 @@ class AuthController extends Controller { } group.name = req.body.name + group.grants_sudo = !!req.body.grants_sudo + + if ( group.grants_sudo && !group.posix_group_id ) { + const Setting = this.models.get('Setting') + let last_uid = await Setting.get('ldap.last_alloc_uid') + if ( last_uid < 1 ) { + last_uid = this.configs.get('ldap:server.schema.start_uid') + } + + group.posix_group_id = last_uid + 1 + await Setting.set('ldap.last_alloc_uid', group.posix_group_id) + } + await group.save() return res.api() } diff --git a/app/models/auth/Group.model.js b/app/models/auth/Group.model.js index f3648bf..d2530c1 100644 --- a/app/models/auth/Group.model.js +++ b/app/models/auth/Group.model.js @@ -13,6 +13,7 @@ class GroupModel extends Model { user_ids: [String], posix_user_id: String, posix_group_id: Number, + grants_sudo: { type: Boolean, default: false }, active: { type: Boolean, default: true }, ldap_visible: { type: Boolean, default: true }, } @@ -84,6 +85,7 @@ class GroupModel extends Model { name: this.name, user_ids: this.user_ids, ldap_visible: this.ldap_visible, + grants_sudo: !!this.grants_sudo, } } }