From 62606cbee59ada31fde4b749c73f35abcf785cee Mon Sep 17 00:00:00 2001
From: Nathan Coad <nathan@thecoads.com>
Date: Thu, 11 Jan 2024 18:00:41 +1100
Subject: [PATCH] more checking when creating ldap group

---
 controllers/controlGroups.go | 30 +++++++++++++++++++++++-------
 models/group.go              | 13 +++++++++++++
 2 files changed, 36 insertions(+), 7 deletions(-)

diff --git a/controllers/controlGroups.go b/controllers/controlGroups.go
index b78c42f..7c23fee 100644
--- a/controllers/controlGroups.go
+++ b/controllers/controlGroups.go
@@ -59,29 +59,45 @@ func AddGroupHandler(c *gin.Context) {
 	//remove leading/trailing spaces in groupname
 	g.GroupName = html.EscapeString(strings.TrimSpace(g.GroupName))
 
-	// Check if role already exists
+	// Check if group already exists
 	testGroup, _ := models.GroupGetByName(g.GroupName)
-	log.Printf("AddGroup checking if group '%s' already exists\n", g.GroupName)
+	log.Printf("AddGroupHandler checking if group '%s' already exists\n", g.GroupName)
 
 	if (models.Group{} == testGroup) {
-		log.Printf("AddGroup confirmed no existing group name\n")
+		log.Printf("AddGroupHandler confirmed no existing group name\n")
 	} else {
 		errorString := fmt.Sprintf("attempt to register conflicting groupname '%s'", g.GroupName)
-		log.Printf("Register error : '%s'\n", errorString)
+		log.Printf("AddGroupHandler error : '%s'\n", errorString)
 		c.JSON(http.StatusBadRequest, gin.H{"error": errorString})
 		return
 	}
 
-	_, err := g.GroupAdd()
+	// Check if there is already an LDAP group with the same Dn
+	if g.LdapGroup {
+		// TODO check for existing LDAP group
+		testLdapGroup, _ := models.GroupGetByLdapDn(g.LdapDn)
+
+		if (models.Group{} == testLdapGroup) {
+			log.Printf("AddGroupHandler confirmed no existing group for same LDAP DN\n")
+		} else {
+			errorString := fmt.Sprintf("attempt to register group with same ldap DN as existing group '%s'", g.GroupName)
+			log.Printf("AddGroupHandler error : '%s'\n", errorString)
+			c.JSON(http.StatusBadRequest, gin.H{"error": errorString})
+			return
+		}
+	}
+
+	// Verification checks passed, return group
+	group, err := g.GroupAdd()
 
 	if err != nil {
 		errString := fmt.Sprintf("error creating group : '%s'", err)
-		log.Printf("AddGroup %s\n", errString)
+		log.Printf("AddGroupHandler %s\n", errString)
 		c.JSON(http.StatusBadRequest, gin.H{"error": errString})
 		return
 	}
 
-	c.JSON(http.StatusOK, gin.H{"message": "group creation success", "data": g})
+	c.JSON(http.StatusOK, gin.H{"message": "group creation success", "data": group})
 }
 
 func DeleteGroupHandler(c *gin.Context) {
diff --git a/models/group.go b/models/group.go
index 07011ed..9199bd0 100644
--- a/models/group.go
+++ b/models/group.go
@@ -26,6 +26,19 @@ func GroupGetByName(groupname string) (Group, error) {
 	return g, nil
 }
 
+// GroupGetByName queries the database for a group with the  specified LDAP distinguishedName
+func GroupGetByLdapDn(ldapDn string) (Group, error) {
+	var g Group
+
+	// Query database for matching group object
+	err := db.QueryRowx("SELECT * FROM groups WHERE LdapGroup = 1 AND  LdapDn = ?", ldapDn).StructScan(&g)
+	if err != nil {
+		return g, errors.New("group not found")
+	}
+
+	return g, nil
+}
+
 // GroupList returns a list of all groups in database
 func GroupList() ([]Group, error) {
 	var results []Group