ldap user: show groups

2023-09-22 21:58:49 +02:00 · 2023-09-22 21:58:49 +02:00 · def69fb5d3
parent 84abc355b9
commit def69fb5d3
3 changed files with 23 additions and 3 deletions
--- a/webapp/config.py.dist
+++ b/webapp/config.py.dist
@ -8,6 +8,7 @@ dn_format = "uid=%s,ou=people,dc=hackerspace,dc=pl"

 ldapweb_admin_group = 'cn=ldap-admin,ou=Group,dc=hackerspace,dc=pl'

+ldap_base = 'dc=hackerspace,dc=pl'
 ldap_people = 'ou=People,dc=hackerspace,dc=pl'
 admin_groups = {
    'Fatty': 'cn=fatty,ou=Group,dc=hackerspace,dc=pl',
--- a/webapp/templates/admin/user.html
+++ b/webapp/templates/admin/user.html
@ -2,9 +2,18 @@
 {% block content %}
 <h1>User: {{ uid }}</h1>

-<a class="btn btn-default" href="/admin" role="button">Back</a>
+<div style="margin-bottom: 10px">
+  <a class="btn btn-default" href="/admin" role="button">Back</a>

-<a class="btn btn-default" href="https://kasownik.hackerspace.pl/admin/member/{{ uid }}" role="button" target="_blank">View user in Kasownik</a>
+  <a class="btn btn-default" href="https://kasownik.hackerspace.pl/admin/member/{{ uid }}" role="button" target="_blank">View user in Kasownik</a>
+</div>
+
+<p>
+  <strong>Belongs to groups:</strong>
+  {% for group_name in groups %}
+    <a href="/admin/groups/{{ group_name }}">{{ group_name }}</a>,
+  {% endfor %}
+</p>

 <p>Full LDAP record:</p>

--- a/webapp/views.py
+++ b/webapp/views.py
@ -268,6 +268,15 @@ def rendered_ldap_profile(profile):
    rendered_profile.sort(key=lambda x: x[1] is None)
    return rendered_profile

+def ldap_get_user_groups(conn, uid):
+    groups = []
+    user_dn = config.dn_format % uid
+    filter = f'(&(objectClass=groupOfUniqueNames)(uniqueMember={user_dn}))'
+    for group_dn, attrs in conn.search_s(config.ldap_base, ldap.SCOPE_SUBTREE, filter):
+        groups.append(attrs['cn'][0].decode())
+
+    return groups
+
 def ldap_validate_uid(uid):
    if not re.match(r'^[a-z-_][a-z0-9-_]*\Z', uid, flags=re.I):
        raise RuntimeError('Invalid uid')
@ -282,5 +291,6 @@ def admin_user_view(uid):
    ldap_validate_uid(uid)

    profile = ldap_get_user(conn, uid)
+    groups = ldap_get_user_groups(conn, uid)

-    return flask.render_template('admin/user.html', uid=uid, profile=rendered_ldap_profile(profile))
+    return flask.render_template('admin/user.html', uid=uid, profile=rendered_ldap_profile(profile), groups=groups)