Groups - allow flagging group as su equivalent

app/assets/app/cobalt/Form.component.js

@@ -42,7 +42,7 @@ const template = `
                         <option
                             v-for="option of field.options"
                             :value="option.value"
-                            :selected="data[field.field] && data[field.field].includes(option.value)"
+                            :selected="data[field.field] && (data[field.field] === option.value || (Array.isArray(data[field.field]) && data[field.field].includes(option.value)))"
                         >{{ typeof option.display === 'function' ? option.display(option) : option.display }}</option>
                     </select>
                     <small class="form-text" style="color: darkred;" v-if="field.error">{{ field.error }}</small>

app/assets/app/resource/auth/Group.resource.js

@@ -62,6 +62,15 @@ class GroupResource extends CRUDBase {
                     required: true,
                     type: 'text',
                 },
+                {
+                    name: 'Superuser equivalent?',
+                    field: 'grants_sudo',
+                    type: 'select',
+                    options: [
+                        {display: 'Yes', value: true},
+                        {display: 'No', value: false},
+                    ],
+                },
                 {
                     name: 'Users',
                     field: 'user_ids',

app/controllers/api/v1/Auth.controller.js

@@ -239,7 +239,10 @@ class AuthController extends Controller {
                 .message(req.T('api.group_already_exists'))
                 .api()
 
-        const group = new Group({ name: req.body.name })
+        const group = new Group({
+            name: req.body.name,
+            grants_sudo: !!req.body.grants_sudo,
+        })
 
         // Validate user ids
         const User = this.models.get('auth:User')
@@ -257,6 +260,17 @@ class AuthController extends Controller {
             group.user_ids = user_ids
         }
 
+        if ( group.grants_sudo ) {
+            const Setting = this.models.get('Setting')
+            let last_uid = await Setting.get('ldap.last_alloc_uid')
+            if ( last_uid < 1 ) {
+                last_uid = this.configs.get('ldap:server.schema.start_uid')
+            }
+
+            group.posix_group_id = last_uid + 1
+            await Setting.set('ldap.last_alloc_uid', group.posix_group_id)
+        }
+
         await group.save()
         return res.api(await group.to_api())
     }
@@ -365,6 +379,19 @@ class AuthController extends Controller {
         }
 
         group.name = req.body.name
+        group.grants_sudo = !!req.body.grants_sudo
+
+        if ( group.grants_sudo && !group.posix_group_id ) {
+            const Setting = this.models.get('Setting')
+            let last_uid = await Setting.get('ldap.last_alloc_uid')
+            if ( last_uid < 1 ) {
+                last_uid = this.configs.get('ldap:server.schema.start_uid')
+            }
+
+            group.posix_group_id = last_uid + 1
+            await Setting.set('ldap.last_alloc_uid', group.posix_group_id)
+        }
+
         await group.save()
         return res.api()
     }

app/models/auth/Group.model.js

@@ -13,6 +13,7 @@ class GroupModel extends Model {
             user_ids: [String],
             posix_user_id: String,
             posix_group_id: Number,
+            grants_sudo: { type: Boolean, default: false },
             active: { type: Boolean, default: true },
             ldap_visible: { type: Boolean, default: true },
         }
@@ -84,6 +85,7 @@ class GroupModel extends Model {
             name: this.name,
             user_ids: this.user_ids,
             ldap_visible: this.ldap_visible,
+            grants_sudo: !!this.grants_sudo,
         }
     }
 }