From 8de81d8ab14af6a907075358cc846549aff96253 Mon Sep 17 00:00:00 2001
From: Franziska Kunsmann <hi@kunsmann.eu>
Date: Tue, 21 Dec 2021 10:20:16 +0100
Subject: [PATCH] implement group member management

---
 ldap_frontend/__init__.py                   | 40 +++++++++++++++++++--
 ldap_frontend/templates/groups/members.html | 19 ++++++++++
 2 files changed, 56 insertions(+), 3 deletions(-)

diff --git a/ldap_frontend/__init__.py b/ldap_frontend/__init__.py
index 0df32c8..b77873b 100644
--- a/ldap_frontend/__init__.py
+++ b/ldap_frontend/__init__.py
@@ -2,7 +2,7 @@ from json import load
 from os import environ
 
 from flask import Flask, flash, redirect, request, session, url_for
-from ldap3 import ALL_ATTRIBUTES
+from ldap3 import ALL_ATTRIBUTES, MODIFY_ADD, MODIFY_DELETE
 from ldap3.core.exceptions import LDAPException
 
 from .helpers.flask import template
@@ -154,12 +154,45 @@ def groups(ldap):
 def group_edit(ldap, ou):
     if request.method == "POST":
         if request.form.get("remove"):
-            flash(
-                f"did not remove {request.form['remove']} because not yet implemented"
+            ldap.modify(
+                APP_CONFIG["template"]["group_dn"].format(ou),
+                {
+                    "member": [
+                        (
+                            MODIFY_DELETE,
+                            APP_CONFIG["template"]["user_dn"].format(
+                                request.form["remove"]
+                            ),
+                        )
+                    ]
+                },
             )
+            flash(f"{request.form['remove']} was removed from {ou}")
+        elif request.form.get("add"):
+            ldap.modify(
+                APP_CONFIG["template"]["group_dn"].format(ou),
+                {
+                    "member": [
+                        (
+                            MODIFY_ADD,
+                            APP_CONFIG["template"]["user_dn"].format(
+                                request.form["add"]
+                            ),
+                        )
+                    ]
+                },
+            )
+            flash(f"{request.form['add']} was added to {ou}")
 
         return redirect(url_for("group_edit", ou=ou))
 
+    ldap.search(
+        APP_CONFIG["ldap"]["user_base"],
+        APP_CONFIG["template"]["group_nonmembers"].format(ou),
+        attributes=["cn", "uid"],
+    )
+    users = ldap.entries
+
     ldap.search(
         APP_CONFIG["ldap"]["user_base"],
         APP_CONFIG["template"]["group_members"].format(ou),
@@ -171,4 +204,5 @@ def group_edit(ldap, ou):
         "groups/members.html",
         members=ldap.entries,
         ou=ou,
+        other_users=users,
     )
diff --git a/ldap_frontend/templates/groups/members.html b/ldap_frontend/templates/groups/members.html
index 6d34abf..f74b651 100644
--- a/ldap_frontend/templates/groups/members.html
+++ b/ldap_frontend/templates/groups/members.html
@@ -24,4 +24,23 @@
 {% endfor %}
                 </tbody>
             </table>
+            <form action="{{ url_for("group_edit", ou=ou) }}" method="post" class="row g-3 needs-validation">
+                <fieldset>
+                    <legend>add user to group</legend>
+
+                    <div class="row mb-3">
+                        <label for="add" class="form-label col-sm-2">user</label>
+                        <div class="col-sm-10">
+                            <select name="add" id="add" class="form-select">
+                                <option value="" selected>select user ...</option>
+{% for user in other_users|sort %}
+                                <option value="{{ user["uid"] }}">{{ user["cn"] }} ({{ user["uid"] }})</option>
+{% endfor %}
+                            </select>
+                        </div>
+                    </div>
+
+                    <input type="submit" value="add user" class="btn btn-primary mb-3"><br>
+                </fieldset>
+            </form>
 {% endblock %}