From 65af9ab367a9416365f788f32812bd1dafa98def Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim=20Gr=C3=B6ger?= <tim@groeger-clan.de>
Date: Thu, 12 Nov 2020 22:47:10 +0100
Subject: [PATCH] [LDAP] Rollen updaten
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* LDAP-Rollen werden geupdatet, wenn User geändert wird
* LDAP-Rollen werden geupdatet, wenn eine neue Person hinzugefügt wird.
---
 flaschengeist/plugins/auth_ldap/__init__.py | 25 +++++++++++++++++----
 1 file changed, 21 insertions(+), 4 deletions(-)

diff --git a/flaschengeist/plugins/auth_ldap/__init__.py b/flaschengeist/plugins/auth_ldap/__init__.py
index 201ed7b..b9412b1 100644
--- a/flaschengeist/plugins/auth_ldap/__init__.py
+++ b/flaschengeist/plugins/auth_ldap/__init__.py
@@ -2,7 +2,7 @@
 
 import ssl
 from ldap3.utils.hashed import hashed
-from ldap3 import SUBTREE, MODIFY_REPLACE, HASHED_SALTED_MD5
+from ldap3 import SUBTREE, MODIFY_REPLACE, MODIFY_ADD, MODIFY_DELETE, HASHED_SALTED_MD5
 from ldap3.core.exceptions import LDAPPasswordIsMandatoryError, LDAPBindError
 from flask import current_app as app
 from flask_ldapconn import LDAPConn
@@ -83,8 +83,8 @@ class AuthLDAP(AuthPlugin):
                 'uidNumber': uidNumber
 
             }
-            test = ldap_conn.add(dn, object_class, attributes)
-            print(test)
+            ldap_conn.add(dn, object_class, attributes)
+            self.set_roles(user)
         except (LDAPPasswordIsMandatoryError, LDAPBindError):
             raise BadRequest
         except Exception as e:
@@ -116,7 +116,23 @@ class AuthLDAP(AuthPlugin):
             groups.append(data["attributes"]["cn"][0])
         return groups
 
-    def modify_user(self, user: User, password, new_password=None):
+    def set_roles(self, user: User):
+        try:
+            ldap_conn = self.ldap.connect(self.admin_dn, self.admin_secret)
+            self.ldap.connection.search(f"ou=group,{self.dn}", "(cn=*)", SUBTREE, attributes=["cn", "gidNumber"])
+            ldap_roles = self.ldap.response()
+            for ldap_role in ldap_roles:
+                if ldap_role["attributes"]["cn"][0] in user.roles:
+                    modify = {'memberUid': [(MODIFY_ADD, [user.userid])]}
+                else:
+                    modify = {'memberUid': [(MODIFY_DELETE, [user.userid])]}
+                test = ldap_conn.modify(ldap_role["dn"], modify)
+
+        except (LDAPPasswordIsMandatoryError, LDAPBindError):
+            raise BadRequest
+
+
+    def modify_user(self, user: User, password=None, new_password=None):
         try:
             dn = user.get_attribute("DN")
             if password:
@@ -137,5 +153,6 @@ class AuthLDAP(AuthPlugin):
                 salted_password = hashed(HASHED_SALTED_MD5, new_password)
                 modifier["userPassword"] = [(MODIFY_REPLACE, [salted_password])]
             ldap_conn.modify(dn, modifier)
+            self.set_roles(user)
         except (LDAPPasswordIsMandatoryError, LDAPBindError):
             raise BadRequest