implement group member management

2021-12-21 10:20:16 +01:00 · 2021-12-21 10:20:16 +01:00 · 8de81d8ab1
commit 8de81d8ab1
parent 6446c09a01
2 changed files with 56 additions and 3 deletions
--- a/ldap_frontend/init.py
+++ b/ldap_frontend/init.py
@ -2,7 +2,7 @@ from json import load
 from os import environ

 from flask import Flask, flash, redirect, request, session, url_for
-from ldap3 import ALL_ATTRIBUTES
+from ldap3 import ALL_ATTRIBUTES, MODIFY_ADD, MODIFY_DELETE
 from ldap3.core.exceptions import LDAPException

 from .helpers.flask import template
@ -154,12 +154,45 @@ def groups(ldap):
 def group_edit(ldap, ou):
    if request.method == "POST":
        if request.form.get("remove"):
-            flash(
-                f"did not remove {request.form['remove']} because not yet implemented"
+            ldap.modify(
+                APP_CONFIG["template"]["group_dn"].format(ou),
+                {
+                    "member": [
+                        (
+                            MODIFY_DELETE,
+                            APP_CONFIG["template"]["user_dn"].format(
+                                request.form["remove"]
+                            ),
                        )
+                    ]
+                },
+            )
+            flash(f"{request.form['remove']} was removed from {ou}")
+        elif request.form.get("add"):
+            ldap.modify(
+                APP_CONFIG["template"]["group_dn"].format(ou),
+                {
+                    "member": [
+                        (
+                            MODIFY_ADD,
+                            APP_CONFIG["template"]["user_dn"].format(
+                                request.form["add"]
+                            ),
+                        )
+                    ]
+                },
+            )
+            flash(f"{request.form['add']} was added to {ou}")

        return redirect(url_for("group_edit", ou=ou))

+    ldap.search(
+        APP_CONFIG["ldap"]["user_base"],
+        APP_CONFIG["template"]["group_nonmembers"].format(ou),
+        attributes=["cn", "uid"],
+    )
+    users = ldap.entries
+
    ldap.search(
        APP_CONFIG["ldap"]["user_base"],
        APP_CONFIG["template"]["group_members"].format(ou),
@ -171,4 +204,5 @@ def group_edit(ldap, ou):
        "groups/members.html",
        members=ldap.entries,
        ou=ou,
+        other_users=users,
    )
--- a/ldap_frontend/templates/groups/members.html
+++ b/ldap_frontend/templates/groups/members.html
@ -24,4 +24,23 @@
 {% endfor %}
                </tbody>
            </table>
+            <form action="{{ url_for("group_edit", ou=ou) }}" method="post" class="row g-3 needs-validation">
+                <fieldset>
+                    <legend>add user to group</legend>
+
+                    <div class="row mb-3">
+                        <label for="add" class="form-label col-sm-2">user</label>
+                        <div class="col-sm-10">
+                            <select name="add" id="add" class="form-select">
+                                <option value="" selected>select user ...</option>
+{% for user in other_users|sort %}
+                                <option value="{{ user["uid"] }}">{{ user["cn"] }} ({{ user["uid"] }})</option>
+{% endfor %}
+                            </select>
+                        </div>
+                    </div>
+
+                    <input type="submit" value="add user" class="btn btn-primary mb-3"><br>
+                </fieldset>
+            </form>
 {% endblock %}