show "admin" link if user is ldap admin

webapp/config.py.dist

@@ -6,6 +6,8 @@ secret_key = '9c2n8t5nrvbyt7cm3v4n87tnv45'
 ldap_url = 'ldap://ldap.hackerspace.pl'
 dn_format = "uid=%s,ou=people,dc=hackerspace,dc=pl"
 
+ldapweb_admin_group = 'cn=ldap-admin,ou=Group,dc=hackerspace,dc=pl'
+
 admin_dn = 'cn=ldapweb,ou=Services,dc=hackerspace,dc=pl'
 admin_pw = 'changeme'
 

webapp/templates/basic.html

@@ -35,6 +35,9 @@ body {
                    <div id="navbar" class="navbar-collapse collapse">
                        <ul class="nav navbar-nav navbar-right">
                            {% if session.username %}
+                               {% if session.is_admin %}
+                               <li><a href="/admin"><span class="glyphicon glyphicon-wrench" aria-hidden="true"></span> Admin</a></li>
+                               {% endif %}
                            <li><a href="/"><span class="glyphicon glyphicon-user" aria-hidden="true"></span> {{ session.username }}</a></li>
                            <li><a href="/logout"><span class="glyphicon glyphicon-lock" aria-hidden="true"></span> Log Out</a></li>
                            {% else %}

webapp/views.py

@@ -118,8 +118,12 @@ def login_action():
             if k == 'uid':
                 username = vs[0].decode()
 
+        # Check if user is an admin
+        is_admin = bool(conn.search_s(dn, ldap.SCOPE_SUBTREE, f'memberOf={config.ldapweb_admin_group}'))
+
         flask.session["username"] = username
         flask.session['dn'] = dn
+        flask.session['is_admin'] = is_admin
         context.refresh_profile()
         return flask.redirect(goto)
     else: