Remove ldap:Group model
This commit is contained in:
parent
ea77402750
commit
faab948a6b
@ -11,7 +11,6 @@
|
||||
- e.g. after insert perform action
|
||||
- e.g. after update perform action, &c.
|
||||
- IAM manage user API scopes
|
||||
- Eliminate LDAP group model, make LDAP server use standard auth group
|
||||
- OAuth2 -> support refresh tokens
|
||||
- Traps -> support session traps; convert MFA challenge to use session trap
|
||||
- Allow setting user trap from web UI
|
||||
|
@ -14,7 +14,7 @@ class GroupsController extends LDAPController {
|
||||
|
||||
constructor() {
|
||||
super()
|
||||
this.Group = this.models.get('ldap:Group')
|
||||
this.Group = this.models.get('auth:Group')
|
||||
}
|
||||
|
||||
// TODO flitter-orm chunk query
|
||||
@ -106,7 +106,7 @@ class GroupsController extends LDAPController {
|
||||
async get_resource_from_dn(dn) {
|
||||
const cn = this.get_cn_from_dn(dn)
|
||||
if ( cn ) {
|
||||
return this.Group.findOne({name: cn, ldap_visible: true})
|
||||
return this.Group.findOne({name: cn, ldap_visible: true, active: true})
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -22,7 +22,13 @@ class UsersController extends LDAPController {
|
||||
// Might need to override compare to support special handling for userPassword
|
||||
|
||||
// TODO generalize some of the addition logic
|
||||
// TODO rework some of the registration and validation logic
|
||||
async add_people(req, res, next) {
|
||||
const Setting = this.models.get('Setting')
|
||||
if ( !(await Setting.get('auth.allow_registration')) ) {
|
||||
return next(new LDAP.InsufficientAccessRightsError('Operation not enabled.'))
|
||||
}
|
||||
|
||||
if ( !req.user.can('ldap:add:users') ) {
|
||||
return next(new LDAP.InsufficientAccessRightsError())
|
||||
}
|
||||
@ -87,6 +93,7 @@ class UsersController extends LDAPController {
|
||||
}
|
||||
|
||||
// TODO generalize some of the modification logic
|
||||
// TODO rework validation
|
||||
async modify_people(req, res, next) {
|
||||
if ( !req.user.can('ldap:modify:users') ) {
|
||||
return next(new LDAP.InsufficientAccessRightsError())
|
||||
|
@ -13,37 +13,15 @@ const groups_routes = {
|
||||
],
|
||||
},
|
||||
|
||||
/*bind: {
|
||||
'ou=groups': ['ldap_controller::Users.bind'],
|
||||
},*/
|
||||
bind: {},
|
||||
|
||||
/*add: {
|
||||
'ou=groups': [
|
||||
'ldap_middleware::BindUser',
|
||||
'ldap_controller::Groups.add_group',
|
||||
],
|
||||
},
|
||||
add: {},
|
||||
|
||||
del: {
|
||||
'ou=people': [
|
||||
'ldap_middleware::BindUser',
|
||||
'ldap_controller::Users.delete',
|
||||
],
|
||||
},
|
||||
del: {},
|
||||
|
||||
modify: {
|
||||
'ou=people': [
|
||||
'ldap_middleware::BindUser',
|
||||
'ldap_controller::Users.modify_people',
|
||||
],
|
||||
},
|
||||
modify: {},
|
||||
|
||||
compare: {
|
||||
'ou=people': [
|
||||
'ldap_middleware::BindUser',
|
||||
'ldap_controller::Users.compare',
|
||||
],
|
||||
},*/
|
||||
compare: {},
|
||||
|
||||
}
|
||||
|
||||
|
@ -1,9 +1,10 @@
|
||||
const { Model } = require('flitter-orm')
|
||||
const LDAP = require('ldapjs')
|
||||
|
||||
// For organizational purposes only.
|
||||
class GroupModel extends Model {
|
||||
static get services() {
|
||||
return [...super.services, 'models']
|
||||
return [...super.services, 'models', 'ldap_server', 'configs']
|
||||
}
|
||||
|
||||
static get schema() {
|
||||
@ -11,6 +12,7 @@ class GroupModel extends Model {
|
||||
name: String,
|
||||
user_ids: [String],
|
||||
active: { type: Boolean, default: true },
|
||||
ldap_visible: { type: Boolean, default: true },
|
||||
}
|
||||
}
|
||||
|
||||
@ -18,16 +20,35 @@ class GroupModel extends Model {
|
||||
return this.name.toLowerCase().replace(/\s/g, '_')
|
||||
}
|
||||
|
||||
get dn() {
|
||||
return LDAP.parseDN(`cn=${this.name},${this.ldap_server.group_dn().format(this.configs.get('ldap:server.format'))}`)
|
||||
}
|
||||
|
||||
async users() {
|
||||
const User = this.models.get('auth:User')
|
||||
return await User.find({ _id: { $in: this.user_ids.map(x => this.constructor.to_object_id(x)) } })
|
||||
}
|
||||
|
||||
async to_ldap() {
|
||||
const users = await this.users()
|
||||
return {
|
||||
cn: this.name,
|
||||
dn: this.dn.format(this.configs.get('ldap:server.format')),
|
||||
objectClass: 'groupOfNames',
|
||||
member: users.map(x => x.dn.format(this.configs.get('ldap:server.format'))),
|
||||
}
|
||||
}
|
||||
|
||||
static async ldap_directory() {
|
||||
return this.find({ ldap_visible: true, active: true })
|
||||
}
|
||||
|
||||
async to_api() {
|
||||
return {
|
||||
id: this.id,
|
||||
name: this.name,
|
||||
user_ids: this.user_ids,
|
||||
ldap_visible: this.ldap_visible,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -153,16 +153,6 @@ class User extends AuthUser {
|
||||
return Group.find({ active: true, user_ids: this.id })
|
||||
}
|
||||
|
||||
async ldap_groups() {
|
||||
const Group = this.models.get('ldap:Group')
|
||||
return await Group.find({
|
||||
$or: [
|
||||
{ user_ids: this.id },
|
||||
{ role: { $in: this.roles } },
|
||||
],
|
||||
})
|
||||
}
|
||||
|
||||
async to_ldap() {
|
||||
const ldap_data = {
|
||||
uid: this.uid,
|
||||
@ -182,10 +172,11 @@ class User extends AuthUser {
|
||||
ldap_data[`data${key.substr(4)}`] = `${addl_data[key]}`
|
||||
}
|
||||
|
||||
const ldap_groups = await this.ldap_groups()
|
||||
if ( ldap_groups.length > 0 ) {
|
||||
ldap_data.memberOf = ldap_groups.map(x => x.dn.format(this.configs.get('ldap:server.format')))
|
||||
ldap_data.memberof = ldap_groups.map(x => x.dn.format(this.configs.get('ldap:server.format')))
|
||||
const groups = await this.groups()
|
||||
if ( groups.length > 0 ) {
|
||||
const group_data = groups.map(x => x.dn.format(this.configs.get('ldap:server.format')))
|
||||
ldap_data.memberOf = group_data
|
||||
ldap_data.memberof = group_data
|
||||
}
|
||||
|
||||
return ldap_data
|
||||
|
@ -1,54 +0,0 @@
|
||||
const LDAPBase = require('../LDAPBase')
|
||||
const LDAP = require('ldapjs')
|
||||
|
||||
class GroupModel extends LDAPBase {
|
||||
static get services() {
|
||||
return [...super.services, 'configs', 'ldap_server', 'models']
|
||||
}
|
||||
|
||||
static get schema() {
|
||||
return {
|
||||
role: String,
|
||||
user_ids: [String],
|
||||
name: String,
|
||||
active: {type: Boolean, default: true},
|
||||
ldap_visible: {type: Boolean, default: true},
|
||||
}
|
||||
}
|
||||
|
||||
async to_api() {
|
||||
return {
|
||||
id: this.id,
|
||||
role: this.role,
|
||||
user_ids: this.user_ids,
|
||||
name: this.name,
|
||||
ldap_visible: this.ldap_visible,
|
||||
}
|
||||
}
|
||||
|
||||
get dn() {
|
||||
return LDAP.parseDN(`cn=${this.name},${this.ldap_server.group_dn().format(this.configs.get('ldap:server.format'))}`)
|
||||
}
|
||||
|
||||
async users() {
|
||||
const User = this.models.get('auth:User')
|
||||
return User.find({
|
||||
$or: [
|
||||
{ _id: { $in: this.user_ids.map(x => this.constructor.to_object_id(x)) } },
|
||||
{ roles: this.role },
|
||||
],
|
||||
})
|
||||
}
|
||||
|
||||
async to_ldap() {
|
||||
const users = await this.users()
|
||||
return {
|
||||
cn: this.name,
|
||||
dn: this.dn.format(this.configs.get('ldap:server.format')),
|
||||
objectClass: 'groupOfNames',
|
||||
member: users.map(x => x.dn.format(this.configs.get('ldap:server.format')))
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
module.exports = exports = GroupModel
|
Loading…
Reference in New Issue
Block a user