github.com/vnforks/kid@v5.11.1+incompatible/api4/ldap.go

github.com/vnforks/kid@v5.11.1+incompatible/api4/ldap.go (about)

     1  // Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved.
     2  // See License.txt for license information.
     3  
     4  package api4
     5  
     6  import (
     7  	"database/sql"
     8  	"encoding/json"
     9  	"net/http"
    10  
    11  	"github.com/mattermost/mattermost-server/model"
    12  )
    13  
    14  type mixedUnlinkedGroup struct {
    15  	Id           *string `json:"mattermost_group_id"`
    16  	DisplayName  string  `json:"name"`
    17  	RemoteId     string  `json:"primary_key"`
    18  	HasSyncables *bool   `json:"has_syncables"`
    19  }
    20  
    21  func (api *API) InitLdap() {
    22  	api.BaseRoutes.LDAP.Handle("/sync", api.ApiSessionRequired(syncLdap)).Methods("POST")
    23  	api.BaseRoutes.LDAP.Handle("/test", api.ApiSessionRequired(testLdap)).Methods("POST")
    24  
    25  	// GET /api/v4/ldap/groups?page=0&per_page=1000
    26  	api.BaseRoutes.LDAP.Handle("/groups", api.ApiSessionRequired(getLdapGroups)).Methods("GET")
    27  
    28  	// POST /api/v4/ldap/groups/:remote_id/link
    29  	api.BaseRoutes.LDAP.Handle(`/groups/{remote_id}/link`, api.ApiSessionRequired(linkLdapGroup)).Methods("POST")
    30  
    31  	// DELETE /api/v4/ldap/groups/:remote_id/link
    32  	api.BaseRoutes.LDAP.Handle(`/groups/{remote_id}/link`, api.ApiSessionRequired(unlinkLdapGroup)).Methods("DELETE")
    33  }
    34  
    35  func syncLdap(c *Context, w http.ResponseWriter, r *http.Request) {
    36  	if !c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_MANAGE_SYSTEM) {
    37  		c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
    38  		return
    39  	}
    40  
    41  	c.App.SyncLdap()
    42  
    43  	ReturnStatusOK(w)
    44  }
    45  
    46  func testLdap(c *Context, w http.ResponseWriter, r *http.Request) {
    47  	if !c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_MANAGE_SYSTEM) {
    48  		c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
    49  		return
    50  	}
    51  
    52  	if err := c.App.TestLdap(); err != nil {
    53  		c.Err = err
    54  		return
    55  	}
    56  
    57  	ReturnStatusOK(w)
    58  }
    59  
    60  func getLdapGroups(c *Context, w http.ResponseWriter, r *http.Request) {
    61  	if !c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_MANAGE_SYSTEM) {
    62  		c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
    63  		return
    64  	}
    65  
    66  	if c.App.License() == nil || !*c.App.License().Features.LDAPGroups {
    67  		c.Err = model.NewAppError("Api4.getLdapGroups", "api.ldap_groups.license_error", nil, "", http.StatusNotImplemented)
    68  		return
    69  	}
    70  
    71  	opts := model.GroupSearchOpts{
    72  		Q: c.Params.Q,
    73  	}
    74  	if c.Params.IsLinked != nil {
    75  		opts.IsLinked = c.Params.IsLinked
    76  	}
    77  	if c.Params.IsConfigured != nil {
    78  		opts.IsConfigured = c.Params.IsConfigured
    79  	}
    80  
    81  	groups, total, err := c.App.GetAllLdapGroupsPage(c.Params.Page, c.Params.PerPage, opts)
    82  	if err != nil {
    83  		c.Err = err
    84  		return
    85  	}
    86  
    87  	mugs := []*mixedUnlinkedGroup{}
    88  	for _, group := range groups {
    89  		mug := &mixedUnlinkedGroup{
    90  			DisplayName: group.DisplayName,
    91  			RemoteId:    group.RemoteId,
    92  		}
    93  		if len(group.Id) == 26 {
    94  			mug.Id = &group.Id
    95  			mug.HasSyncables = &group.HasSyncables
    96  		}
    97  		mugs = append(mugs, mug)
    98  	}
    99  
   100  	b, marshalErr := json.Marshal(struct {
   101  		Count  int                   `json:"count"`
   102  		Groups []*mixedUnlinkedGroup `json:"groups"`
   103  	}{Count: total, Groups: mugs})
   104  	if marshalErr != nil {
   105  		c.Err = model.NewAppError("Api4.getLdapGroups", "api.marshal_error", nil, marshalErr.Error(), http.StatusInternalServerError)
   106  		return
   107  	}
   108  
   109  	w.Write(b)
   110  }
   111  
   112  func linkLdapGroup(c *Context, w http.ResponseWriter, r *http.Request) {
   113  	c.RequireRemoteId()
   114  	if c.Err != nil {
   115  		return
   116  	}
   117  
   118  	if !c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_MANAGE_SYSTEM) {
   119  		c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
   120  		return
   121  	}
   122  
   123  	if c.App.License() == nil || !*c.App.License().Features.LDAPGroups {
   124  		c.Err = model.NewAppError("Api4.linkLdapGroup", "api.ldap_groups.license_error", nil, "", http.StatusNotImplemented)
   125  		return
   126  	}
   127  
   128  	ldapGroup, err := c.App.GetLdapGroup(c.Params.RemoteId)
   129  	if err != nil {
   130  		c.Err = err
   131  		return
   132  	}
   133  
   134  	if ldapGroup == nil {
   135  		c.Err = model.NewAppError("Api4.linkLdapGroup", "api.ldap_group.not_found", nil, "", http.StatusNotFound)
   136  		return
   137  	}
   138  
   139  	group, err := c.App.GetGroupByRemoteID(ldapGroup.RemoteId, model.GroupSourceLdap)
   140  	if err != nil && err.DetailedError != sql.ErrNoRows.Error() {
   141  		c.Err = err
   142  		return
   143  	}
   144  
   145  	var status int
   146  	var newOrUpdatedGroup *model.Group
   147  
   148  	// Group has been previously linked
   149  	if group != nil {
   150  		if group.DeleteAt == 0 {
   151  			newOrUpdatedGroup = group
   152  		} else {
   153  			group.DeleteAt = 0
   154  			group.DisplayName = ldapGroup.DisplayName
   155  			group.RemoteId = ldapGroup.RemoteId
   156  			newOrUpdatedGroup, err = c.App.UpdateGroup(group)
   157  			if err != nil {
   158  				c.Err = err
   159  				return
   160  			}
   161  		}
   162  		status = http.StatusOK
   163  	} else {
   164  		// Group has never been linked
   165  		//
   166  		// TODO: In a future phase of LDAP groups sync `Name` will be used for at-mentions and will be editable on
   167  		// the front-end so it will not have an initial value of `model.NewId()` but rather a slugified version of
   168  		// the LDAP group name with an appended duplicate-breaker.
   169  		newGroup := &model.Group{
   170  			Name:        model.NewId(),
   171  			DisplayName: ldapGroup.DisplayName,
   172  			RemoteId:    ldapGroup.RemoteId,
   173  			Source:      model.GroupSourceLdap,
   174  		}
   175  		newOrUpdatedGroup, err = c.App.CreateGroup(newGroup)
   176  		if err != nil {
   177  			c.Err = err
   178  			return
   179  		}
   180  		status = http.StatusCreated
   181  	}
   182  
   183  	b, marshalErr := json.Marshal(newOrUpdatedGroup)
   184  	if marshalErr != nil {
   185  		c.Err = model.NewAppError("Api4.linkLdapGroup", "api.marshal_error", nil, marshalErr.Error(), http.StatusInternalServerError)
   186  		return
   187  	}
   188  
   189  	w.WriteHeader(status)
   190  	w.Write(b)
   191  }
   192  
   193  func unlinkLdapGroup(c *Context, w http.ResponseWriter, r *http.Request) {
   194  	c.RequireRemoteId()
   195  	if c.Err != nil {
   196  		return
   197  	}
   198  
   199  	if !c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_MANAGE_SYSTEM) {
   200  		c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
   201  		return
   202  	}
   203  
   204  	if c.App.License() == nil || !*c.App.License().Features.LDAPGroups {
   205  		c.Err = model.NewAppError("Api4.unlinkLdapGroup", "api.ldap_groups.license_error", nil, "", http.StatusNotImplemented)
   206  		return
   207  	}
   208  
   209  	group, err := c.App.GetGroupByRemoteID(c.Params.RemoteId, model.GroupSourceLdap)
   210  	if err != nil {
   211  		c.Err = err
   212  		return
   213  	}
   214  
   215  	if group.DeleteAt == 0 {
   216  		_, err = c.App.DeleteGroup(group.Id)
   217  		if err != nil {
   218  			c.Err = err
   219  			return
   220  		}
   221  	}
   222  
   223  	ReturnStatusOK(w)
   224  }