2023-11-17 03:25:16 +00:00
|
|
|
package logic
|
|
|
|
|
|
|
|
import (
|
2023-11-17 07:06:03 +00:00
|
|
|
"fmt"
|
2023-11-17 03:25:16 +00:00
|
|
|
"fusenapi/utils/basic"
|
2023-11-17 07:06:03 +00:00
|
|
|
"github.com/go-ldap/ldap/v3"
|
2023-11-21 10:10:30 +00:00
|
|
|
"net/http"
|
2023-11-17 03:25:16 +00:00
|
|
|
"strings"
|
|
|
|
|
|
|
|
"context"
|
|
|
|
|
|
|
|
"fusenapi/server/ldap-admin/internal/svc"
|
|
|
|
"fusenapi/server/ldap-admin/internal/types"
|
|
|
|
|
|
|
|
"github.com/zeromicro/go-zero/core/logx"
|
|
|
|
)
|
|
|
|
|
|
|
|
type GetLdapOrganizationMembersLogic struct {
|
|
|
|
logx.Logger
|
|
|
|
ctx context.Context
|
|
|
|
svcCtx *svc.ServiceContext
|
|
|
|
}
|
|
|
|
|
|
|
|
func NewGetLdapOrganizationMembersLogic(ctx context.Context, svcCtx *svc.ServiceContext) *GetLdapOrganizationMembersLogic {
|
|
|
|
return &GetLdapOrganizationMembersLogic{
|
|
|
|
Logger: logx.WithContext(ctx),
|
|
|
|
ctx: ctx,
|
|
|
|
svcCtx: svcCtx,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// 处理进入前逻辑w,r
|
|
|
|
// func (l *GetLdapOrganizationMembersLogic) BeforeLogic(w http.ResponseWriter, r *http.Request) {
|
|
|
|
// }
|
|
|
|
|
2023-11-21 10:10:30 +00:00
|
|
|
func (l *GetLdapOrganizationMembersLogic) GetLdapOrganizationMembers(req *types.GetLdapOrganizationMembersReq, r *http.Request) (resp *basic.Response) {
|
2023-11-22 02:12:46 +00:00
|
|
|
|
2023-11-22 02:19:27 +00:00
|
|
|
if !l.svcCtx.Ldap.VerifyAuthority(r) {
|
2023-11-21 10:10:30 +00:00
|
|
|
return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限,请联系管理员开通")
|
|
|
|
}
|
2023-11-17 03:25:16 +00:00
|
|
|
req.OrganizationDN = strings.Trim(req.OrganizationDN, " ")
|
|
|
|
if len(req.OrganizationDN) <= 3 || req.OrganizationDN[:3] != "ou=" {
|
|
|
|
return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "参数错误,无效的组织DN")
|
|
|
|
}
|
2023-11-17 07:06:03 +00:00
|
|
|
//先获取组织成员
|
|
|
|
//获取跟用户dn筛选排除该用户
|
|
|
|
rootDNSlice := strings.Split(l.svcCtx.Config.Ldap.RootDN, ",")
|
|
|
|
if len(rootDNSlice) == 0 {
|
|
|
|
return resp.SetStatusWithMessage(basic.CodeServiceErr, "根用户DN未设置")
|
|
|
|
}
|
|
|
|
rootCn := rootDNSlice[0]
|
|
|
|
filter := "(&(objectClass=groupOfUniqueNames)(!(" + rootCn + ")))"
|
|
|
|
fields := []string{"uniqueMember"} //只是查询成员
|
2023-11-22 02:12:46 +00:00
|
|
|
result, err := l.svcCtx.Ldap.Search(req.OrganizationDN, ldap.ScopeWholeSubtree, filter, fields, nil)
|
2023-11-17 07:06:03 +00:00
|
|
|
if err != nil {
|
|
|
|
logx.Error(err)
|
|
|
|
return resp.SetStatusWithMessage(basic.CodeServiceErr, "查询ldap组织成员错误,"+err.Error())
|
|
|
|
}
|
2023-11-17 08:44:08 +00:00
|
|
|
//遍历成员提取cn用于从用户基础组中获取用户信息列表
|
2023-11-17 07:06:03 +00:00
|
|
|
filterBuilder := strings.Builder{}
|
|
|
|
memberCount := 0
|
|
|
|
for _, entry := range result.Entries {
|
|
|
|
if entry.DN != req.OrganizationDN {
|
|
|
|
continue
|
|
|
|
}
|
2023-11-17 08:44:08 +00:00
|
|
|
//查到用户信息了
|
2023-11-17 07:06:03 +00:00
|
|
|
for _, attr := range entry.Attributes {
|
|
|
|
if attr.Name != "uniqueMember" {
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
memberCount = len(attr.Values)
|
|
|
|
for _, memberDn := range attr.Values {
|
|
|
|
//不需要根用户
|
|
|
|
if memberDn == l.svcCtx.Config.Ldap.RootDN {
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
//解析dn成每个小的单元
|
|
|
|
cellList := strings.Split(memberDn, ",") //取cn邮箱
|
2023-11-21 07:14:10 +00:00
|
|
|
filterBuilder.WriteString(fmt.Sprintf("(%s)", cellList[0]))
|
2023-11-17 07:06:03 +00:00
|
|
|
}
|
|
|
|
break
|
|
|
|
}
|
|
|
|
break
|
|
|
|
}
|
|
|
|
//从新赋值filter
|
|
|
|
filter = "(&(objectClass=posixAccount)(objectClass=inetOrgPerson)(|" + filterBuilder.String() + "))"
|
|
|
|
//从用户基本组中找到员工
|
2023-11-22 02:12:46 +00:00
|
|
|
userList, err := l.svcCtx.Ldap.GetLdapBaseTeamUsersByParams(filter)
|
2023-11-17 07:06:03 +00:00
|
|
|
if err != nil {
|
|
|
|
logx.Error(err)
|
|
|
|
return resp.SetStatusWithMessage(basic.CodeServiceErr, "查询ldap帐号信息失败,"+err.Error())
|
|
|
|
}
|
2023-11-21 03:39:03 +00:00
|
|
|
list := make([]types.GetLdapOrganizationMembersItem, 0, memberCount)
|
|
|
|
for _, user := range userList {
|
2023-11-21 07:07:44 +00:00
|
|
|
if user.Status != 1 {
|
|
|
|
//从部门member中移出
|
2023-11-22 02:12:46 +00:00
|
|
|
if err = l.svcCtx.Ldap.RemoveUserFromOrganization(req.OrganizationDN, user.UserDN); err != nil {
|
2023-11-21 07:07:44 +00:00
|
|
|
logx.Error("移除用户成员失败:", err)
|
|
|
|
}
|
|
|
|
continue
|
|
|
|
}
|
2023-11-21 03:39:03 +00:00
|
|
|
list = append(list, types.GetLdapOrganizationMembersItem{
|
|
|
|
UserId: user.UserId,
|
|
|
|
UserDN: user.UserDN,
|
|
|
|
UserName: user.UserName,
|
|
|
|
Email: user.Email,
|
|
|
|
Mobile: user.Mobile,
|
|
|
|
Avatar: user.Avatar,
|
|
|
|
EmployeeType: user.EmployeeType,
|
|
|
|
Status: user.Status,
|
|
|
|
})
|
2023-11-17 07:06:03 +00:00
|
|
|
}
|
|
|
|
return resp.SetStatusWithMessage(basic.CodeOK, "success", types.GetLdapOrganizationMembersRsp{
|
2023-11-21 03:39:03 +00:00
|
|
|
List: list,
|
2023-11-17 07:06:03 +00:00
|
|
|
})
|
2023-11-17 03:25:16 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// 处理逻辑后 w,r 如:重定向, resp 必须重新处理
|
|
|
|
// func (l *GetLdapOrganizationMembersLogic) AfterLogic(w http.ResponseWriter, r *http.Request, resp *basic.Response) {
|
|
|
|
// // httpx.OkJsonCtx(r.Context(), w, resp)
|
|
|
|
// }
|