Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feat/sql groups #2041

Merged
merged 36 commits into from
Apr 25, 2024
Merged

Feat/sql groups #2041

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
36 commits
Select commit Hold shift + click to select a range
62bbce4
wip(test): check access by group
frankiejol Mar 26, 2024
6d9da82
test: list bases access
frankiejol Mar 26, 2024
03568b8
wip: group base code
frankiejol Mar 26, 2024
91af9df
wip: group management backend
frankiejol Mar 27, 2024
231ea89
wip(frontend): list local and ldap groups
frankiejol Mar 27, 2024
9ec7bd0
wip(frontend): list users and groups
frankiejol Mar 28, 2024
d044e2d
wip: list local groups for access settings
frankiejol Mar 28, 2024
a1618b9
wip(frontend): groups API and tests
frankiejol Apr 4, 2024
521c61e
wip (frontend): templates wit new groups API
frankiejol Apr 4, 2024
22d6761
wip(frontend): show sql groups when no LDAP enabled
frankiejol Apr 5, 2024
eb177b4
test: allow local-groups tag
frankiejol Apr 8, 2024
4b52e16
wip(bookings): test local group
frankiejol Apr 8, 2024
6351134
wip: booking local group
frankiejol Apr 8, 2024
022882c
wip: add and change local groups
frankiejol Apr 9, 2024
a657b02
wip: create booking with local groups
frankiejol Apr 9, 2024
23bf824
wip: fixed change groups clears pristine flag
frankiejol Apr 9, 2024
754ed76
wip: require one group assigned
frankiejol Apr 9, 2024
9376ac4
wip: default bookings is true and description
frankiejol Apr 9, 2024
71be099
wip: hide LDAP groups select when no LDAP
frankiejol Apr 9, 2024
bb995c8
wip: now bookings are enabled by default
frankiejol Apr 10, 2024
6cd2c4a
wip(doc): new methods
frankiejol Apr 10, 2024
a8ef18c
wip: cloacked angular while loading
frankiejol Apr 11, 2024
4f3ecd5
wip(frontend): upload members
frankiejol Apr 11, 2024
73d6c3e
wip: upload group members
frankiejol Apr 11, 2024
f56443b
wip(CLI): upload group members
frankiejol Apr 12, 2024
88cf2ed
wip: manage access with id_group
frankiejol Apr 15, 2024
23970a0
wip: add and remove access by id_group
frankiejol Apr 15, 2024
7d9199c
wip(frontend): id group
frankiejol Apr 15, 2024
020f71a
wip: working with id group
frankiejol Apr 16, 2024
843dc3c
wip: create groups_local table before
frankiejol Apr 18, 2024
e5a40a2
Merge branch 'main' into feat/sql_groups
frankiejol Apr 18, 2024
d93f471
wip: services do not support slash
frankiejol Apr 18, 2024
4be3179
wip: hide base when removing from group
frankiejol Apr 18, 2024
e9bfd13
wip: test disabled groups
frankiejol Apr 18, 2024
b5616b6
wip: hide clone when not allowed to access group
frankiejol Apr 18, 2024
a00f16d
wip: filter groups
frankiejol Apr 18, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion MANIFEST
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,6 @@ lib/Ravada/I18N/ca.po
lib/Ravada/NetInterface.pm
lib/Ravada/Auth.pm
lib/Ravada/Domain.pm
lib/Ravada/Routes.pm
lib/Ravada/Route.pm
script/rvd_front
script/rvd_back
45 changes: 42 additions & 3 deletions lib/Ravada.pm
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1567,8 +1567,9 @@ sub _add_indexes_generic($self) {
"unique (id_domain)"
]
,group_access => [
"unique (id_domain,name)"
"unique (id_domain,name,id_group)"
,"index(id_domain)"
,"index(id_group)"
]
,iso_images => [
"unique (name)"
Expand Down Expand Up @@ -1619,6 +1620,11 @@ sub _add_indexes_generic($self) {
"index(id_booking_entry,ldap_group)"
,"index(id_booking_entry)"
]
,booking_entry_local_groups => [
"unique(id_booking_entry,id_group)"
,"index(id_booking_entry)"
]

,booking_entry_users => [
"index(id_booking_entry,id_user)"
,"index(id_booking_entry)"
Expand All @@ -1629,6 +1635,12 @@ sub _add_indexes_generic($self) {
,"index(id_base)"
,"index(id_booking_entry)"
]
,groups_local => [
'UNIQUE (name)'
]
,users_group => [
'UNIQUE(id_user, id_group)'
]

,volumes => [
"index(id_domain)"
Expand Down Expand Up @@ -2212,11 +2224,21 @@ sub _sql_create_tables($self) {
,xml => 'TEXT'
}
]
,
[ groups_local => {
id => 'integer PRIMARY KEY AUTO_INCREMENT',
,name => 'char(255) NOT NULL'
,is_external => 'int NOT NULL default(0)'
,external_auth => 'varchar(64) default NULL'
}
]
,[
group_access => {
id => 'integer NOT NULL PRIMARY KEY AUTO_INCREMENT'
,id_domain => 'integer NOT NULL references `domains` (`id`) ON DELETE CASCADE'
,name => 'char(80)'
,id_group => 'integer references `groups_local` (`id`) ON DELETE CASCADE'
,name => 'char(80) DEFAULT NULL'
,type => 'char(40)'
}
]
,
Expand Down Expand Up @@ -2348,6 +2370,17 @@ sub _sql_create_tables($self) {
}
]
,
[
booking_entry_local_groups => {
id => 'INTEGER PRIMARY KEY AUTO_INCREMENT'
,id_booking_entry
=> 'int not null references `booking_entries` (`id`) ON DELETE CASCADE'
,id_group => 'int not null'
,date_changed => 'timestamp DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP'
}
]
,

[
booking_entry_users => {
id => 'INTEGER PRIMARY KEY AUTO_INCREMENT'
Expand Down Expand Up @@ -2377,6 +2410,12 @@ sub _sql_create_tables($self) {
}
]
,
[ users_group => {
id => 'integer PRIMARY KEY AUTO_INCREMENT',
,id_user => 'integer NOT NULL'
,id_group =>'integer NOT NULL'
}
],
[
volumes => {
id => 'integer PRIMARY KEY AUTO_INCREMENT',
Expand Down Expand Up @@ -2670,7 +2709,7 @@ sub _sql_insert_defaults($self){
,{
id_parent => $id_backend
,name => 'bookings'
,value => 0
,value => 1
}
,{
id_parent => $id_backend
Expand Down
188 changes: 188 additions & 0 deletions lib/Ravada/Auth/Group.pm
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,188 @@
package Ravada::Auth::Group;

use warnings;
use strict;

=head1 NAME

Ravada::Auth::Group - Group management library for Ravada

=cut

use Carp qw(carp);
use Data::Dumper qw(Dumper);
use Hash::Util qw(lock_hash);

use Moose;

use feature qw(signatures);
no warnings "experimental::signatures";

has 'name' => (
is => 'rw'
,isa => 'Str'
,required => 1
);

our $CON;

sub _init_connector {
my $connector = shift;

$CON = \$connector if defined $connector;
return if $CON;

$CON= \$Ravada::CONNECTOR if !$CON || !$$CON;
$CON= \$Ravada::Front::CONNECTOR if !$CON || !$$CON;

if (!$CON || !$$CON) {
my $connector = Ravada::_connect_dbh();
$CON = \$connector;
}

die "Undefined connector" if !$CON || !$$CON;
}

sub BUILD {
my $self = shift;
_init_connector();
$self->_load_data();
}

sub _load_data($self) {
_init_connector();

confess "No group name nor id " if !defined $self->name && !$self->id;

confess "Undefined \$\$CON" if !defined $$CON;
my $sth = $$CON->dbh->prepare(
"SELECT * FROM groups_local WHERE name=? ");
$sth->execute($self->name);
my ($found) = $sth->fetchrow_hashref;
$sth->finish;

return if !$found->{name};

lock_hash %$found;
$self->{_data} = $found if ref $self && $found;

}

sub open($self, $id) {
_init_connector();
my $sth = $$CON->dbh->prepare(
"SELECT name FROM groups_local WHERE id=?"
);
$sth->execute($id);
my ($name) = $sth->fetchrow;
confess "Error: unknown group id '$id'" if !$name;

return $self->new(name => $name);
}

sub id {
my $self = shift;
my $id;
eval { $id = $self->{_data}->{id} };
confess $@ if $@;

return $id;
}

sub add_group(%args) {
_init_connector();
my $name = delete $args{name};
my $external_auth = delete $args{external_auth};
my $is_external = 0;
$is_external = 1 if $external_auth;

confess "WARNING: Unknown arguments ".Dumper(\%args)
if keys %args;


my $sth;
eval { $sth = $$CON->dbh->prepare(
"INSERT INTO groups_local(name,is_external,external_auth)"
." VALUES(?,?,?)");
$sth->execute($name, $is_external, $external_auth);
};
confess $@ if $@;
return Ravada::Auth::Group->new(name => $name);
}

sub remove_member($self, $name) {
my $sth = $$CON->dbh->prepare("SELECT id FROM users WHERE name=?");
$sth->execute($name);
my ($id_user) = $sth->fetchrow;

$sth = $$CON->dbh->prepare("DELETE FROM users_group "
." WHERE id_user=?"
);
$sth->execute($id_user);
}

sub _remove_all_members($self) {
my $sth = $$CON->dbh->prepare("DELETE FROM users_group "
." WHERE id_group=?"
);
$sth->execute($self->id);
}

sub _remove_access($self) {
my $sth = $$CON->dbh->prepare("DELETE FROM group_access "
." WHERE type='local'"
." AND name=?"
);
$sth->execute($self->name);
}

sub members($self) {
my $sth = $$CON->dbh->prepare(
"SELECT u.id,u.name FROM users u,users_group ug "
." WHERE u.id = ug.id_user "
." AND ug.id_group=?"
." ORDER BY name"
);
$sth->execute($self->id);
my @members;
while (my ($uid,$name) = $sth->fetchrow) {
push @members,($name);
}
return @members;
}
sub members_info($self) {
my $sth = $$CON->dbh->prepare(
"SELECT u.id,u.name FROM users u,users_group ug "
." WHERE u.id = ug.id_user "
." AND ug.id_group=?"
." ORDER BY name"
);
$sth->execute($self->id);
my @members;
while (my ($uid,$name) = $sth->fetchrow) {
push @members,({ id => $uid, name => $name});
}
return @members;
}

sub remove($self) {
my $id = $self->id;

$self->_remove_all_members();
$self->_remove_access();

my $sth = $$CON->dbh->prepare(
"DELETE FROM groups_local WHERE id=?"
);
$sth->execute($id);
}

sub exists_id($id) {
_init_connector();
my $sth = $$CON->dbh->prepare("SELECT id FROM groups_local WHERE id=?");
$sth->execute($id);
my ($found) = $sth->fetchrow;
return $found;
}

1;
3 changes: 2 additions & 1 deletion lib/Ravada/Auth/LDAP.pm
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -280,7 +280,7 @@ sub search_user {
} else {
$args{name} = $_[0];
}
die "Error: LDAP not configured" if !exists $$CONFIG->{ldap};
confess "Error: LDAP not configured" if !exists $$CONFIG->{ldap};

my $username = delete $args{name} or confess "Missing user name";
my $retry = (delete $args{retry} or 0);
Expand Down Expand Up @@ -483,6 +483,7 @@ sub search_group {
=cut

sub search_group_members($cn, $retry = 0) {
confess if !exists $$CONFIG->{ldap};
my $base = ($$CONFIG->{ldap}->{groups_base} or "ou=groups,"._dc_base());

my $ldap = _init_ldap_admin();
Expand Down
Loading
Loading