refs #5770 feat update usermemebers

This commit is contained in:
Javier Segarra 2024-01-30 14:54:58 +01:00
parent ca1ead228f
commit c5068c970a
2 changed files with 213 additions and 225 deletions

View File

@ -172,190 +172,105 @@ module.exports = Self => {
async syncRoles() { async syncRoles() {
let $ = app.models; let $ = app.models;
let { // let {
client, // client,
accountConfig // accountConfig
} = this; // } = this;
// Prepare data // Prepare data
try {
let roles = await $.VnRole.find({ // OBTENER ROLES
fields: ['id', 'name', 'description'] let roles = (await $.VnRole.find({
});
let roleRoles = await $.RoleRole.find({
fields: ['role', 'inheritsFrom']
});
let roleMap = toMap(roleRoles, e => {
return {key: e.inheritsFrom, val: e.role};
});
let accounts = await $.Account.find({
fields: ['id'],
include: {
relation: 'user',
scope: {
fields: ['name', 'roleFk'],
where: {active: true}
}
}
});
let accountMap = toMap(accounts, e => {
let user = e.user();
if (!user) return;
return {key: user.roleFk, val: user.name};
});
// Delete roles
let opts = {
scope: 'sub',
attributes: ['dn'],
filter: 'objectClass=posixGroup'
};
let reqs = [];
await client.searchForeach(this.groupDn, opts, object => {
if (shouldSync)
reqs.push(client.del(object.dn));
});
await Promise.all(reqs);
// Recreate roles
reqs = [];
for (let role of roles) {
let newEntry = {
objectClass: ['top', 'posixGroup'],
cn: role.name,
description: role.description,
gidNumber: accountConfig.idBase + role.id
};
let memberUid = [];
for (let subrole of roleMap.get(role.id) || [])
memberUid = memberUid.concat(accountMap.get(subrole) || []);
if (memberUid.length) {
memberUid.sort((a, b) => a.localeCompare(b));
newEntry.memberUid = memberUid;
}
let dn = `cn=${role.name},${this.groupDn}`;
if (shouldSync)
reqs.push(client.add(dn, newEntry));
}
await Promise.all(reqs);
},
async syncRole(role) {
let $ = app.models;
let {
client,
accountConfig
} = this;
// Prepare data
let roles = await $.VnRole.find({
fields: ['id', 'name', 'description'], fields: ['id', 'name', 'description'],
where: { order: 'modified DESC'
name: role }));
} let rolesMap = roles.map(role => role.name);
});
let roleRoles = await $.RoleRole.find({
fields: ['role', 'inheritsFrom']
});
let roleMap = toMap(roleRoles, e => {
return {key: e.inheritsFrom, val: e.role};
});
let accounts = await $.Account.find({ // OBTENER SAMBA ROLES
fields: ['id'], let sambaCurrentRoles = await sambaTool('group', ['list']);
// Encontrar elementos a eliminar
const rolesToDelete = differences(sambaCurrentRoles, rolesMap);
// Encontrar elementos a insertar
const rolesToInsert = differences(rolesMap, sambaCurrentRoles);
// Encontrar elementos a actualizar
const rolesToUpdate = differences(rolesMap, [...rolesToDelete, ...rolesToInsert]);
// OBTENER USUARIOS Y SUS ROLES
if (
rolesToDelete.length > 0 ||
rolesToInsert.length > 0 ||
rolesToUpdate.length > 0) {
let users = await $.VnUser.find({
include: { include: {
relation: 'user', relation: 'role',
scope: { scope: {fields: ['name'],
fields: ['name', 'roleFk'], where: {'name': {nin: rolesToDelete}}
where: {active: true}
} }
}
});
let accountMap = toMap(accounts, e => {
let user = e.user();
if (!user) return;
return {key: user.roleFk, val: user.name};
});
// Delete roles
let opts = {
scope: 'sub',
attributes: ['dn'],
filter: 'objectClass=posixGroup'
};
let reqs = [];
await client.searchForeach(this.groupDn, opts, object => {
if (shouldSync)
reqs.push(client.del(object.dn));
});
await Promise.all(reqs);
// Recreate roles
reqs = [];
for (let role of roles) {
let newEntry = {
objectClass: ['top', 'posixGroup'],
cn: role.name,
description: role.description,
gidNumber: accountConfig.idBase + role.id
};
let memberUid = [];
for (let subrole of roleMap.get(role.id) || [])
memberUid = memberUid.concat(accountMap.get(subrole) || []);
if (memberUid.length) {
memberUid.sort((a, b) => a.localeCompare(b));
newEntry.memberUid = memberUid;
}
let dn = `cn=${role.name},${this.groupDn}`;
if (shouldSync)
reqs.push(client.add(dn, newEntry));
}
await Promise.all(reqs);
}, },
async syncRoleX(roleName, info) { fields: ['name', 'roleFk'],
let vnRoleArgs = { // where: {'active': true}
fields: ['id', 'name', 'description'],
};
let role = null;
let roles = [];
if (roleName) {
vnRoleArgs.where = {
name: roleName
};
role = await $.VnRole.find(vnRoleArgs);
} else roles = await $.VnRole.find(vnRoleArgs);
let roleRoleArgs = {
fields: ['role', 'inheritsFrom'],
};
if (role) roleRoleArgs.where = {'role.id': roles[0].id};
let roleRoles = await $.RoleRole.find(roleRoleArgs);
let roleMap = toMap(roleRoles, e => {
return {key: e.inheritsFrom, val: e.role};
}); });
let usersMap = toMap(users, user => {
let role = user.role();
if (!role) {
console.info(`User ${user.name} has not valid role`);
return;
}
return {key: role.name, val: user.name};
});
usersMap.set('group1', ['employee']);
if (rolesToDelete.length > 0) {
// PROCEDIMIENTO PARA ELIMINAR USUARIOS ASOCIADOS AL ROL
let usersToDelete = rolesToDelete.flatMap(role => {
const exist = usersMap.get(role);
let currentGroupList = await this.sambaTool('group', ['list']); if (exist) {
if (info.disableGroup || info.enableGroup) { return usersMap.get(role)?.map(
if (currentGroupList.includes(roleName)) a => sambaTool('group', ['removemembers', role, a])
await this.sambaTool('group', ['modify', roleName, `--is-visible=${info.enableGroup ? 'yes' : 'no'}`]); );
} else if (info.removeGroup) } else return [];
await this.sambaTool('group', ['delete']); }
);
const resultsUserDelete = await Promise.all(usersToDelete);
else if (info.recreateGroups) { // PROCEDIMIENTO PARA ELIMINAR ROLES
for (const role of roleMap) const resultsRoleDelete = await Promise.all(
await this.sambaTool('group', ['add', roleName, `--description=${role.description}`]); rolesToDelete.map(role => sambaTool('group', ['delete', role]))
);
}
if (rolesToInsert.length > 0) {
// PROCEDIMIENTO PARA INSERTAR ROLES
const resultsRoleInsert = await Promise.all(
rolesToInsert.map(role => sambaTool('group', ['add', role]))
);
// PROCEDIMIENTO PARA INSERTAR USUARIOS ASOCIADOS AL ROL
let usersToInsert = rolesToInsert.flatMap(role => usersMap.get(role).map(
a => sambaTool('group', ['addmembers', role, a])
)
);
const resultsUserInsert = await Promise.all(usersToInsert);
}
if (rolesToUpdate.length > 0) {
let promises = [];
for await (const role of rolesToUpdate) {
const users = await sambaTool('group', ['listmembers', role]);
const usersToDelete = differences(users, usersMap.get(role));
promises.push(usersToDelete.map(user => sambaTool('group', ['removemembers', user.name])));
const usersToInsert = differences(usersMap.get(role), users);
promises.push(usersToInsert.map(user => sambaTool('group', ['addmembers', user.name])));
await Promise.all(promises);
}
}
}
} catch (error) {
console.error(error);
} }
} }

View File

@ -1,33 +1,10 @@
// const execFile = require('child_process').execFile; // const execFile = require('child_process').execFile;
const app = require('vn-loopback/server/server'); const app = require('vn-loopback/server/server');
const SAMBA_TOOL = 'samba-tool'; const SAMBA_TOOL = 'samba-tool';
// const RoleControlFlags = {
// ACCOUNTDISABLE: 0x2
// };
fdescribe('Samba config', () => { fdescribe('Samba config', () => {
// const employeeId = 1;
// const developerId = 9;
// const sysadminId = 66;
// const itBossId = 104;
// const rootId = 100;
// const clarkKent = 1103;
// const roles = {
// itBoss: {id: 104, value: 'itBoss'}
// };
it('SyncRoles', async() => { it('SyncRoles', async() => {
await syncRoles(); await syncRoles();
}); });
// it('With role as argument', async() => {
// syncRole(roles.itBoss.value);
// });
// it('No role as argument', async() => {
// });
}); });
async function sambaTool(command, args = []) { async function sambaTool(command, args = []) {
// const allArgs = [command].concat( // const allArgs = [command].concat(
@ -41,17 +18,22 @@ async function sambaTool(command, args = []) {
case 'group': case 'group':
if (args[0] === 'list') if (args[0] === 'list')
return ['employee', 'customer', 'agency', 'group1']; return ['employee', 'customer', 'agency', 'group1'];
else if (args[0] === 'add') { else if (['listmembers'].includes(args[0])) {
return new Promise(resolve => { return new Promise(resolve => {
resolve(`${SAMBA_TOOL} add ${args[1]}`); resolve(['user1']);
}); });
} else if (['delete', 'listmembers'].includes(args[0])) { } else if (['delete', 'add'].includes(args[0])) {
return new Promise(resolve => { return new Promise(resolve => {
resolve(`${SAMBA_TOOL} ${args[0]} ${args[1]}`); resolve(`${SAMBA_TOOL} ${command} ${args[0]} ${args[1]}`);
}); });
} else if (['addmembers', 'removemembers'].includes(args[0])) { } else if (['addmembers', 'removemembers'].includes(args[0])) {
return new Promise(resolve => { return new Promise(resolve => {
resolve(`${SAMBA_TOOL} ${args[0]} ${args[1]} ${args[2]}`); resolve(`${SAMBA_TOOL} ${command} ${args[0]} ${args[1]} ${args[2]}`);
});
} else if (args[0] === 'modify') {
return new Promise(resolve => {
// samba-tool group modify group_name --description description
resolve(`${SAMBA_TOOL} ${command} ${args[0]} ${args[1]} ${args[2]} ${args[3]}`);
}); });
} }
break; break;
@ -79,23 +61,36 @@ async function syncRoles() {
// OBTENER SAMBA ROLES // OBTENER SAMBA ROLES
let sambaCurrentRoles = await sambaTool('group', ['list']); let sambaCurrentRoles = await sambaTool('group', ['list']);
expect(sambaCurrentRoles.length).toEqual(4); expect(sambaCurrentRoles.length).toEqual(4);
// Encontrar elementos para eliminados // Encontrar elementos para eliminados
const rolesToDelete = sambaCurrentRoles.filter(item => !rolesMap.includes(item)); const rolesToDelete = differences(sambaCurrentRoles, rolesMap);
// const rolesToDelete = sambaCurrentRoles.filter(item => !rolesMap.includes(item));
expect(rolesToDelete.length).toEqual(1); expect(rolesToDelete.length).toEqual(1);
// Encontrar elementos insertar // Encontrar elementos insertar
const rolesToInsert = rolesMap.filter(item => !sambaCurrentRoles.includes(item)); const rolesToInsert = differences(rolesMap, sambaCurrentRoles);
// const rolesToInsert = rolesMap.filter(item => !sambaCurrentRoles.includes(item));
expect(rolesToInsert.length).toEqual(2); expect(rolesToInsert.length).toEqual(2);
// Encontrar elementos actualizar
const rolesToUpdate = differences(rolesMap, [...rolesToDelete, ...rolesToInsert]);
// const rolesToInsert = rolesMap.filter(item => !sambaCurrentRoles.includes(item));
expect(rolesToUpdate.length).toEqual(3);
// OBTENER USUARIOS Y SUS ROLES // OBTENER USUARIOS Y SUS ROLES
if (rolesToDelete.length > 0 || rolesToInsert.length > 0) { if (
rolesToDelete.length > 0 ||
rolesToInsert.length > 0 ||
rolesToUpdate.length > 0) {
let users = await $.VnUser.find({ let users = await $.VnUser.find({
include: { include: {
relation: 'role', relation: 'role',
scope: {fields: ['name'], scope: {fields: ['name'],
where: {'name': {inq: rolesToInsert}} where: {'name': {nin: rolesToDelete}}
} }
}, },
fields: ['name', 'roleFk'], fields: ['name', 'roleFk'],
where: {'active': true} // where: {'active': true}
}); });
/* let accounts = await $.Account.find({ /* let accounts = await $.Account.find({
fields: ['id'], fields: ['id'],
@ -115,11 +110,18 @@ async function syncRoles() {
});*/ });*/
let usersMap = toMap(users, user => { let usersMap = toMap(users, user => {
let role = user.role(); let role = user.role();
if (!role) return; if (!role) {
console.info(`User ${user.name} has not valid role`);
return;
}
return {key: role.name, val: user.name}; return {key: role.name, val: user.name};
}); });
usersMap.set('group1', ['employee']); usersMap.set('group1', ['employee']);
console.log(usersMap); // console.log(usersMap);
// const sumOfLengths = [...usersMap.values()].reduce((accumulator, currentArray) => {
// return accumulator + currentArray.length;
// }, 0);
// console.assert(sumOfLengths === users.length+1);
/* toMap(accounts, e => { /* toMap(accounts, e => {
let user = e.user(); let user = e.user();
if (!user) return; if (!user) return;
@ -148,33 +150,61 @@ async function syncRoles() {
); );
const resultsUserDelete = await Promise.all(usersToDelete); const resultsUserDelete = await Promise.all(usersToDelete);
expect(resultsUserDelete.length).toEqual(1); expect(resultsUserDelete.length).toEqual(1);
expect(resultsUserDelete[0]).toEqual('samba-tool removemembers group1 employee'); expect(resultsUserDelete[0]).toEqual('samba-tool group removemembers group1 employee');
// PROCEDIMIENTO PARA ELIMINAR ROLES // PROCEDIMIENTO PARA ELIMINAR ROLES
const resultsRoleDelete = await Promise.all( const resultsRoleDelete = await Promise.all(
rolesToDelete.map(role => sambaTool('group', ['delete', role])) rolesToDelete.map(role => sambaTool('group', ['delete', role]))
); );
expect(resultsRoleDelete.length).toEqual(1); expect(resultsRoleDelete.length).toEqual(1);
expect(resultsRoleDelete[0]).toEqual('samba-tool delete group1'); expect(resultsRoleDelete[0]).toEqual('samba-tool group delete group1');
} }
if (rolesToInsert.length > 0) { if (rolesToInsert.length > 0) {
// PROCEDIMIENTO PARA INSERTAR USUARIOS ASOCIADOS AL ROL // PROCEDIMIENTO PARA INSERTAR ROLES
const resultsRoleInsert = await Promise.all( const resultsRoleInsert = await Promise.all(
rolesToInsert.map(role => sambaTool('group', ['add', role])) rolesToInsert.map(role => sambaTool('group', ['add', role])),
); );
expect(resultsRoleInsert.length).toEqual(2); expect(resultsRoleInsert.length).toEqual(2);
expect(resultsRoleInsert[0]).toEqual('samba-tool add administrative'); expect(resultsRoleInsert[0]).toEqual('samba-tool group add administrative');
expect(resultsRoleInsert[1]).toEqual('samba-tool add guest'); expect(resultsRoleInsert[1]).toEqual('samba-tool group add guest');
const rolesToUpdate = await Promise.all(
rolesToInsert.map(
role =>
sambaTool('group',
['modify', role, '--description', `"${roles.find(r => r.name === role).description}"`]
)
)
);
expect(rolesToUpdate.length).toEqual(2);
expect(rolesToUpdate[0]).toEqual('samba-tool group modify administrative --description "Tareas relacionadas con la contabilidad"');
expect(rolesToUpdate[1]).toEqual('samba-tool group modify guest --description "Privilegios para usuarios sin cuenta"');
let usersToInsert = rolesToInsert.flatMap(role => usersMap.get(role).map( // PROCEDIMIENTO PARA AÑADIR DESCRIPCION AL ROLE
let usersToInsert = rolesToInsert.flatMap(role =>
usersMap.get(role).map(
a => sambaTool('group', ['addmembers', role, a]) a => sambaTool('group', ['addmembers', role, a])
) )
); );
// PROCEDIMIENTO PARA INSERTAR USUARIOS ASOCIADOS AL ROL
const resultsUserInsert = await Promise.all(usersToInsert); const resultsUserInsert = await Promise.all(usersToInsert);
expect(resultsUserInsert.length).toEqual(2); expect(resultsUserInsert.length).toEqual(2);
expect(resultsUserInsert[0]).toEqual('samba-tool addmembers administrative administrative'); expect(resultsUserInsert[0]).toEqual('samba-tool group addmembers administrative administrative');
expect(resultsUserInsert[1]).toEqual('samba-tool addmembers guest guest'); expect(resultsUserInsert[1]).toEqual('samba-tool group addmembers guest guest');
// PROCEDIMIENTO PARA INSERTAR ROLES }
if (rolesToUpdate.length > 0) {
let promises = [];
for await (const role of rolesToUpdate) {
const users = await sambaTool('group', ['listmembers', role]);
const usersToDelete = differences(users, usersMap.get(role));
promises.push(usersToDelete.map(user => sambaTool('group', ['removemembers', role, user])));
const usersToInsert = differences(usersMap.get(role), users);
promises.push(...usersToInsert.map(user => sambaTool('group', ['addmembers', role, user])));
const result = await Promise.all(promises);
console.log(result);
}
} }
} }
// let roleRoles = await $.RoleRole.find({ // let roleRoles = await $.RoleRole.find({
@ -202,3 +232,46 @@ function toMap(array, fn) {
} }
return map; return map;
} }
function binarySearch(array, value) {
let first = 0;
let last = array.length - 1;
while (first <= last) {
const index = Math.floor((first + last) / 2);
const middle = array[index];
if (middle === value)
return index; // Elemento encontrado, devuelve la posición.
if (middle < value)
first = index + 1;
else
last = index - 1;
}
return -1; // Elemento no encontrado.
}
function differences(array1, array2) {
const differences = [];
// Ordena ambos arrays
const sortedArray1 = array1.slice().sort();
const sortedArray2 = array2.slice().sort();
for (const value of sortedArray1) {
// Busca el elemento en el array ordenado utilizando búsqueda binaria
const result = binarySearch(sortedArray2, value);
// Si el elemento no se encuentra, agrégalo a la lista de diferencias
if (result === -1)
differences.push(value);
}
return differences;
}