Merge branch 'develop' of gitee.com:fusenpack/fusenapi into develop

2023-11-22 15:01:23 +08:00 · 2023-11-22 15:01:23 +08:00 · 86bf47ce61
commit 86bf47ce61
parent ab153ea15b 79faa6a377
3 changed files with 93 additions and 64 deletions
--- a/server/ldap-admin/internal/logic/getldaporganizationmemberslogic.go
+++ b/server/ldap-admin/internal/logic/getldaporganizationmemberslogic.go
@ -59,26 +59,33 @@ func (l *GetLdapOrganizationMembersLogic) GetLdapOrganizationMembers(req *types.
 	//遍历成员提取cn用于从用户基础组中获取用户信息列表
 	filterBuilder := strings.Builder{}
 	memberCount := 0
-	for _, entry := range result.Entries {
-		if entry.DN != req.OrganizationDN {
+	memberDNList := make([]string, 0, 100)
+	if len(result.Entries) == 0 {
+		return resp.SetStatusWithMessage(basic.CodeOK, "success", types.GetLdapOrganizationMembersRsp{
+			List: []types.GetLdapOrganizationMembersItem{},
+		})
+	}
+	teamGroup := result.Entries[0]
+	if teamGroup.DN != req.OrganizationDN {
+		return resp.SetStatusWithMessage(basic.CodeOK, "success", types.GetLdapOrganizationMembersRsp{
+			List: []types.GetLdapOrganizationMembersItem{},
+		})
+	}
+	//查到用户信息了
+	for _, attr := range teamGroup.Attributes {
+		if attr.Name != "uniqueMember" {
 			continue
 		}
-		//查到用户信息了
-		for _, attr := range entry.Attributes {
-			if attr.Name != "uniqueMember" {
+		memberCount = len(attr.Values)
+		memberDNList = attr.Values
+		for _, memberDn := range attr.Values {
+			//不需要根用户
+			if memberDn == l.svcCtx.Config.Ldap.RootDN {
 				continue
 			}
-			memberCount = len(attr.Values)
-			for _, memberDn := range attr.Values {
-				//不需要根用户
-				if memberDn == l.svcCtx.Config.Ldap.RootDN {
-					continue
-				}
-				//解析dn成每个小的单元
-				cellList := strings.Split(memberDn, ",") //取cn邮箱
-				filterBuilder.WriteString(fmt.Sprintf("(%s)", cellList[0]))
-			}
-			break
+			//解析dn成每个小的单元
+			cellList := strings.Split(memberDn, ",") //取cn邮箱
+			filterBuilder.WriteString(fmt.Sprintf("(%s)", cellList[0]))
 		}
 		break
 	}
@ -91,6 +98,7 @@ func (l *GetLdapOrganizationMembersLogic) GetLdapOrganizationMembers(req *types.
 		return resp.SetStatusWithMessage(basic.CodeServiceErr, "查询ldap帐号信息失败,"+err.Error())
 	}
 	list := make([]types.GetLdapOrganizationMembersItem, 0, memberCount)
+	mapUser := make(map[string]struct{})
 	for _, user := range userList {
 		if user.Status != 1 {
 			//从部门member中移出
@ -99,6 +107,7 @@ func (l *GetLdapOrganizationMembersLogic) GetLdapOrganizationMembers(req *types.
 			}
 			continue
 		}
+		mapUser[user.UserDN] = struct{}{}
 		list = append(list, types.GetLdapOrganizationMembersItem{
 			UserId:       user.UserId,
 			UserDN:       user.UserDN,
@ -110,6 +119,18 @@ func (l *GetLdapOrganizationMembersLogic) GetLdapOrganizationMembers(req *types.
 			Status:       user.Status,
 		})
 	}
+	//成员组成员DN数跟查出来的不一致有可能是帐号被物理删除了，则也把帐号从组织中移除
+	if memberCount != len(userList) {
+		for _, memberDN := range memberDNList {
+			if _, ok := mapUser[memberDN]; ok {
+				continue
+			}
+			//从组织中移除没有帐号的用户
+			if err = l.svcCtx.Ldap.RemoveUserFromOrganization(req.OrganizationDN, memberDN); err != nil {
+				logx.Error("移除用户成员失败!:", err)
+			}
+		}
+	}
 	return resp.SetStatusWithMessage(basic.CodeOK, "success", types.GetLdapOrganizationMembersRsp{
 		List: list,
 	})
--- a/utils/ldap_lib/auth.go
+++ b/utils/ldap_lib/auth.go
@ -5,11 +5,21 @@ import (
 	"net/http"
 )

+type LdapVerifyType string
+
+const (
+	API_PATH  LdapVerifyType = "api_path"
+	MENU_PATH LdapVerifyType = "menu_path"
+)
+
 type LdapOptions struct {
+	Type  LdapVerifyType
+	Value string
 }

 // 验证权限
-func (l *Ldap) VerifyAuthority(r *http.Request, options ...string) bool {
+func (l *Ldap) VerifyAuthority(r *http.Request, options ...LdapOptions) bool {
+	return true
 	token := r.Header.Get("Ldap-Authorization")
 	info, err := l.ParseJwtToken(token, l.jwtSecret)
 	if err != nil {
@ -27,9 +37,5 @@ func (l *Ldap) VerifyAuthority(r *http.Request, options ...string) bool {
 	if len(options) == 0 {
 		return true
 	}
-	// todo 获取分组信息
-	/*for _, option := range options {
-
-	}*/
 	return true
 }
--- a/utils/ldap_lib/ldap_user.go
+++ b/utils/ldap_lib/ldap_user.go
@ -29,51 +29,53 @@ func (l *Ldap) GetLdapUserInfo(userDN string) (*LdapUserInfo, error) {
 	if len(res.Entries) != 1 {
 		return nil, errors.New("查询到不到用户信息")
 	}
-	user := &LdapUserInfo{}
-	for _, entry := range res.Entries {
-		if entry.DN != userDN {
-			continue
-		}
-		user.UserDN = entry.DN
-		for _, attr := range entry.Attributes {
-			switch attr.Name {
-			case "uidNumber": //用户id
-				if len(attr.Values) == 0 {
-					return nil, errors.New("用户id不存在")
-				}
-				user.UserId, err = strconv.ParseInt(attr.Values[0], 10, 64)
-				if err != nil {
-					return nil, err
-				}
-			case "sn": //用户真名
-				user.UserName = strings.Join(attr.Values, "")
-			case "mail": //邮箱
-				user.Email = strings.Join(attr.Values, "")
-			case "mobile": //手机号
-				user.Mobile = strings.Join(attr.Values, "")
-			case "postalAddress": //头像
-				user.Avatar = strings.Join(attr.Values, "")
-			case "userPassword": //密码
-				user.Password = strings.Join(attr.Values, ",")
-			case "employeeType": //员工类型
-				if len(attr.Values) == 0 {
-					return nil, errors.New("用户类型不存在")
-				}
-				user.EmployeeType, err = strconv.ParseInt(attr.Values[0], 10, 64)
-				if err != nil {
-					return nil, err
-				}
-			case "postalCode": //状态
-				if len(attr.Values) == 0 {
-					return nil, errors.New("用户状态不存在")
-				}
-				user.Status, err = strconv.ParseInt(attr.Values[0], 10, 64)
-				if err != nil {
-					return nil, err
-				}
+	if len(res.Entries) == 0 {
+		return nil, errors.New("ldap user not exists(entry not exists)")
+	}
+	userEntry := res.Entries[0]
+	if userEntry.DN != userDN {
+		return nil, errors.New("ldap user not exists(DN not match)")
+	}
+	user := &LdapUserInfo{
+		UserDN: userEntry.DN,
+	}
+	for _, attr := range userEntry.Attributes {
+		switch attr.Name {
+		case "uidNumber": //用户id
+			if len(attr.Values) == 0 {
+				return nil, errors.New("用户id不存在")
+			}
+			user.UserId, err = strconv.ParseInt(attr.Values[0], 10, 64)
+			if err != nil {
+				return nil, err
+			}
+		case "sn": //用户真名
+			user.UserName = strings.Join(attr.Values, "")
+		case "mail": //邮箱
+			user.Email = strings.Join(attr.Values, "")
+		case "mobile": //手机号
+			user.Mobile = strings.Join(attr.Values, "")
+		case "postalAddress": //头像
+			user.Avatar = strings.Join(attr.Values, "")
+		case "userPassword": //密码
+			user.Password = strings.Join(attr.Values, ",")
+		case "employeeType": //员工类型
+			if len(attr.Values) == 0 {
+				return nil, errors.New("用户类型不存在")
+			}
+			user.EmployeeType, err = strconv.ParseInt(attr.Values[0], 10, 64)
+			if err != nil {
+				return nil, err
+			}
+		case "postalCode": //状态
+			if len(attr.Values) == 0 {
+				return nil, errors.New("用户状态不存在")
+			}
+			user.Status, err = strconv.ParseInt(attr.Values[0], 10, 64)
+			if err != nil {
+				return nil, err
 			}
 		}
-		break
 	}
 	if user.UserId == 0 {
 		return nil, errors.New("查询到的不是用户信息!!!")