more checking when creating ldap group

2024-01-11 18:00:41 +11:00
parent b65d1ef52e
commit 62606cbee5
2 changed files with 36 additions and 7 deletions
--- a/controllers/controlGroups.go
+++ b/controllers/controlGroups.go
@@ -59,29 +59,45 @@ func AddGroupHandler(c *gin.Context) {
 	//remove leading/trailing spaces in groupname
 	g.GroupName = html.EscapeString(strings.TrimSpace(g.GroupName))

-	// Check if role already exists
+	// Check if group already exists
 	testGroup, _ := models.GroupGetByName(g.GroupName)
-	log.Printf("AddGroup checking if group '%s' already exists\n", g.GroupName)
+	log.Printf("AddGroupHandler checking if group '%s' already exists\n", g.GroupName)

 	if (models.Group{} == testGroup) {
-		log.Printf("AddGroup confirmed no existing group name\n")
+		log.Printf("AddGroupHandler confirmed no existing group name\n")
 	} else {
 		errorString := fmt.Sprintf("attempt to register conflicting groupname '%s'", g.GroupName)
-		log.Printf("Register error : '%s'\n", errorString)
+		log.Printf("AddGroupHandler error : '%s'\n", errorString)
 		c.JSON(http.StatusBadRequest, gin.H{"error": errorString})
 		return
 	}

-	_, err := g.GroupAdd()
+	// Check if there is already an LDAP group with the same Dn
+	if g.LdapGroup {
+		// TODO check for existing LDAP group
+		testLdapGroup, _ := models.GroupGetByLdapDn(g.LdapDn)
+
+		if (models.Group{} == testLdapGroup) {
+			log.Printf("AddGroupHandler confirmed no existing group for same LDAP DN\n")
+		} else {
+			errorString := fmt.Sprintf("attempt to register group with same ldap DN as existing group '%s'", g.GroupName)
+			log.Printf("AddGroupHandler error : '%s'\n", errorString)
+			c.JSON(http.StatusBadRequest, gin.H{"error": errorString})
+			return
+		}
+	}
+
+	// Verification checks passed, return group
+	group, err := g.GroupAdd()

 	if err != nil {
 		errString := fmt.Sprintf("error creating group : '%s'", err)
-		log.Printf("AddGroup %s\n", errString)
+		log.Printf("AddGroupHandler %s\n", errString)
 		c.JSON(http.StatusBadRequest, gin.H{"error": errString})
 		return
 	}

-	c.JSON(http.StatusOK, gin.H{"message": "group creation success", "data": g})
+	c.JSON(http.StatusOK, gin.H{"message": "group creation success", "data": group})
 }

 func DeleteGroupHandler(c *gin.Context) {
--- a/models/group.go
+++ b/models/group.go
@@ -26,6 +26,19 @@ func GroupGetByName(groupname string) (Group, error) {
 	return g, nil
 }

+// GroupGetByName queries the database for a group with the  specified LDAP distinguishedName
+func GroupGetByLdapDn(ldapDn string) (Group, error) {
+	var g Group
+
+	// Query database for matching group object
+	err := db.QueryRowx("SELECT * FROM groups WHERE LdapGroup = 1 AND  LdapDn = ?", ldapDn).StructScan(&g)
+	if err != nil {
+		return g, errors.New("group not found")
+	}
+
+	return g, nil
+}
+
 // GroupList returns a list of all groups in database
 func GroupList() ([]Group, error) {
 	var results []Group