Do not always show invite and admin links

2020-02-09 17:52:48 +01:00 · 2020-02-09 17:52:48 +01:00 · edc75d18b7
commit edc75d18b7
parent 826a27854a
2 changed files with 58 additions and 31 deletions
--- a/main.go
+++ b/main.go
@ -1,12 +1,12 @@
 package main
 import (
 	"fmt"
 	"crypto/rand"
 	"crypto/tls"
 	"encoding/base64"
 	"encoding/json"
 	"flag"
 	"fmt"
 	"html/template"
 	"io/ioutil"
 	"log"
@ -24,6 +24,8 @@ type ConfigFile struct {
 	LdapServerAddr string `json:"ldap_server_addr"`
 	LdapTLS        bool   `json:"ldap_tls"`
 	UserFormat     string `json:"user_format"`
 	GroupCanInvite string `json:"group_can_invite"`
 	GroupCanAdmin  string `json:"group_can_admin"`
 }
 var configFlag = flag.String("config", "./config.json", "Configuration file path")
@ -112,8 +114,8 @@ type LoginInfo struct {
 }
 type LoginStatus struct {
-	Info *LoginInfo
+	Info      *LoginInfo
-	conn *ldap.Conn
+	conn      *ldap.Conn
 	UserEntry *ldap.Entry
 }
@ -172,11 +174,11 @@ func checkLogin(w http.ResponseWriter, r *http.Request) *LoginStatus {
 		login_info.DN,
 		ldap.ScopeBaseObject, ldap.NeverDerefAliases, 0, 0, false,
 		fmt.Sprintf("(&(objectClass=organizationalPerson))"),
-		[]string{"dn", "displayname", "givenname", "sn", "mail"},
+		[]string{"dn", "displayname", "givenname", "sn", "mail", "memberof"},
 		nil)
 	sr, err := l.Search(searchRequest)
-	if err!= nil {
+	if err != nil {
 		http.Error(w, err.Error(), http.StatusInternalServerError)
 		return nil
 	}
@ -187,8 +189,8 @@ func checkLogin(w http.ResponseWriter, r *http.Request) *LoginStatus {
 	}
 	return &LoginStatus{
-		Info: login_info,
+		Info:      login_info,
-		conn: l,
+		conn:      l,
 		UserEntry: sr.Entries[0],
 	}
 }
@ -220,6 +222,12 @@ type LoginFormData struct {
 // Page handlers ----
 type HomePageData struct {
 	Login     *LoginStatus
 	CanAdmin  bool
 	CanInvite bool
 }
 func handleHome(w http.ResponseWriter, r *http.Request) {
 	templateHome := template.Must(template.ParseFiles("templates/layout.html", "templates/home.html"))
@ -228,7 +236,22 @@ func handleHome(w http.ResponseWriter, r *http.Request) {
 		return
 	}
-	templateHome.Execute(w, login)
+	can_admin := false
 	can_invite := false
 	for _, group := range login.UserEntry.GetAttributeValues("memberof") {
 		if config.GroupCanInvite != "" && group == config.GroupCanInvite {
 			can_invite = true
 		}
 		if config.GroupCanAdmin != "" && group == config.GroupCanAdmin {
 			can_admin = true
 		}
 	}
 	templateHome.Execute(w, &HomePageData{
 		Login:     login,
 		CanAdmin:  can_admin,
 		CanInvite: can_invite,
 	})
 }
 func handleLogout(w http.ResponseWriter, r *http.Request) {
@ -307,13 +330,13 @@ func handleLogin(w http.ResponseWriter, r *http.Request) *LoginInfo {
 }
 type ProfileTplData struct {
-	Status *LoginStatus
+	Status       *LoginStatus
 	ErrorMessage string
-	Success bool
+	Success      bool
-	Mail string
+	Mail         string
-	DisplayName string
+	DisplayName  string
-	GivenName string
+	GivenName    string
-	Surname string
+	Surname      string
 }
 func handleProfile(w http.ResponseWriter, r *http.Request) {
@ -325,9 +348,9 @@ func handleProfile(w http.ResponseWriter, r *http.Request) {
 	}
 	data := &ProfileTplData{
-		Status: login,
+		Status:       login,
 		ErrorMessage: "",
-		Success: false,
+		Success:      false,
 	}
 	if r.Method == "POST" {
@ -361,10 +384,10 @@ func handleProfile(w http.ResponseWriter, r *http.Request) {
 }
 type PasswdTplData struct {
-	Status *LoginStatus
+	Status       *LoginStatus
 	ErrorMessage string
 	NoMatchError bool
-	Success bool
+	Success      bool
 }
 func handlePasswd(w http.ResponseWriter, r *http.Request) {
@ -376,9 +399,9 @@ func handlePasswd(w http.ResponseWriter, r *http.Request) {
 	}
 	data := &PasswdTplData{
-		Status: login,
+		Status:       login,
 		ErrorMessage: "",
-		Success: false,
+		Success:      false,
 	}
 	if r.Method == "POST" {
--- a/templates/home.html
+++ b/templates/home.html
@ -2,7 +2,7 @@
 {{define "body"}}
 <div class="alert alert-success">
-    Bienvenue, <strong>{{ .UserEntry.GetAttributeValue "givenname" }}</strong> !
+    Bienvenue, <strong>{{ .Login.UserEntry.GetAttributeValue "givenname" }}</strong> !
 </div>
 <div class="d-flex">
  <a class="ml-auto btn btn-sm btn-dark" href="/logout">Se déconnecter</a>
@ -16,19 +16,23 @@
  <div class="list-group list-group-flush">
    <a class="list-group-item list-group-item-action" href="/profile">Modifier mon profil</a>
    <a class="list-group-item list-group-item-action" href="/passwd">Modifier mon mot de passe</a>
-    <a class="list-group-item list-group-item-action" href="/invite">Inviter quelqu'un</a>
+    {{if .CanInvite}}
      <a class="list-group-item list-group-item-action" href="/invite">Inviter quelqu'un</a>
    {{end}}
  </div>
 </div>
-<div class="card mt-3">
+{{if .CanAdmin}}
-  <div class="card-header">
+  <div class="card mt-3">
-    Administration
+    <div class="card-header">
      Administration
    </div>
    <div class="list-group list-group-flush">
      <a class="list-group-item list-group-item-action" href="/admin/users">Utilisateurs</a>
      <a class="list-group-item list-group-item-action" href="/admin/groups">Groupes</a>
      <a class="list-group-item list-group-item-action" href="/admin/ldap">Explorateur LDAP</a>
    </div>
  </div>
-  <div class="list-group list-group-flush">
+{{end}}
    <a class="list-group-item list-group-item-action" href="/admin/users">Utilisateurs</a>
    <a class="list-group-item list-group-item-action" href="/admin/groups">Groupes</a>
    <a class="list-group-item list-group-item-action" href="/admin/ldap">Explorateur LDAP</a>
  </div>
 </div>
 {{end}}