verdnatura/salix
verdnatura
/
salix
3
4
Fork 0
Code Issues Pull Requests 57 Releases Wiki Activity

feat #5770 feat: approach1

This commit is contained in:
Javier Segarra 2024-01-23 08:25:13 +01:00
parent 725c43c7e4
commit 712ee7a925
2 changed files with 141 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

81
modules/account/back/models/samba-config.js
View File

@ -1,4 +1,4 @@
const app = require('vn-loopback/server/server');
const ldap = require('../util/ldapjs-extra');
const execFile = require('child_process').execFile;
@ -168,6 +168,85 @@ module.exports = Self => {
};
await this.adClient.searchForeach(this.fullUsersDn, opts,
o => usersToSync.add(o.sAMAccountName));
},
async syncRoles(role) {
let $ = app.models;
let {
client,
accountConfig
} = this;
// Prepare data
let roles = await $.VnRole.find({
fields: ['id', 'name', 'description'],
where: {
name: role
}
});
let roleRoles = await $.RoleRole.find({
fields: ['role', 'inheritsFrom']
});
let roleMap = toMap(roleRoles, e => {
return {key: e.inheritsFrom, val: e.role};
});
let accounts = await $.Account.find({
fields: ['id'],
include: {
relation: 'user',
scope: {
fields: ['name', 'roleFk'],
where: {active: true}
}
}
});
let accountMap = toMap(accounts, e => {
let user = e.user();
if (!user) return;
return {key: user.roleFk, val: user.name};
});
// Delete roles
let opts = {
scope: 'sub',
attributes: ['dn'],
filter: 'objectClass=posixGroup'
};
let reqs = [];
await client.searchForeach(this.groupDn, opts, object => {
if (shouldSync)
reqs.push(client.del(object.dn));
});
await Promise.all(reqs);
// Recreate roles
reqs = [];
for (let role of roles) {
let newEntry = {
objectClass: ['top', 'posixGroup'],
cn: role.name,
description: role.description,
gidNumber: accountConfig.idBase + role.id
};
let memberUid = [];
for (let subrole of roleMap.get(role.id) || [])
memberUid = memberUid.concat(accountMap.get(subrole) || []);
if (memberUid.length) {
memberUid.sort((a, b) => a.localeCompare(b));
newEntry.memberUid = memberUid;
}
let dn = `cn=${role.name},${this.groupDn}`;
if (shouldSync)
reqs.push(client.add(dn, newEntry));
}
await Promise.all(reqs);
}
});
};

61
modules/account/back/models/specs/samba-config.spec.js Normal file
View File

@ -0,0 +1,61 @@
const app = require('vn-loopback/server/server');
const RoleControlFlags = {
ACCOUNTDISABLE: 0x2
};
describe('Samba config', () => {
// const employeeId = 1;
// const developerId = 9;
// const sysadminId = 66;
// const itBossId = 104;
// const rootId = 100;
// const clarkKent = 1103;
const roles = {
itBoss: {id: 104, value: 'itBoss'}
};
it('With role as argument', async() => {
syncRole(roles.itBoss.value);
});
it('No role as argument', async() => {
});
});
async function syncRole(roleName, info) {
let vnRoleArgs = {
fields: ['id', 'name', 'description'],
};
let role = null;
let roles = [];
if (roleName) {
vnRoleArgs.where = {
name: roleName
};
role = await $.VnRole.find(vnRoleArgs);
} else roles = await $.VnRole.find(vnRoleArgs);
let roleRoleArgs = {
fields: ['role', 'inheritsFrom'],
};
if (role) roleRoleArgs.where = {'role.id': roles[0].id};
let roleRoles = await $.RoleRole.find(roleRoleArgs);
let roleMap = toMap(roleRoles, e => {
return {key: e.inheritsFrom, val: e.role};
});
let currentGroupList = await this.sambaTool('group', ['list']);
if (info.disableGroup || info.enableGroup) {
if (currentGroupList.includes(roleName))
await this.sambaTool('group', ['modify', roleName, `--is-visible=${info.enableGroup ? 'yes' : 'no'}`]);
} else if (info.removeGroup)
await this.sambaTool('group', ['delete']);
else if (info.recreateGroups) {
for (const role of roleMap)
await this.sambaTool('group', ['add', roleName, `--description=${role.description}`]);
}
}