admin group check

janeczku · May 28, 2023 · 59828f1 · 59828f1
1 parent 5db81bf
commit 59828f1
Showing 1 changed file with 16 additions and 9 deletions.
diff --git a/cps/web.py b/cps/web.py
@@ -1353,7 +1353,7 @@ def login_post():
     user = ub.session.query(ub.User).filter(func.lower(ub.User.name) == form.get('username', "").strip().lower()) \
         .first()
     remember_me = bool(form.get('remember_me'))
-    if config.config_login_type == constants.LOGIN_LDAP and services.ldap and form['password'] != "":
+    if config.config_login_type == constants.LOGIN_LDAP and services.ldap and (user or os.environ.get("CALIBRE_LDAP_AUTO_CREATE", None)) and form['password'] != "":
         login_result, error = services.ldap.bind_user(form['username'], form['password'])
         if login_result:
             log.debug(u"You are now logged in as: '{}'".format(form['username']))
@@ -1418,15 +1418,22 @@ def create_user(username):
         message = _(u'Failed to get LDAP User details')
         return None, message
 
-    admin_group_name = os.environ.get("CALIBRE_LDAP_ADMIN_GROUP_NAME", None)
     admin_group_filter = os.environ.get("CALIBRE_LDAP_ADMIN_GROUP_FILTER", None)
-    role = 0
-    try:
-        group_data = services.ldap.get_object_details(group=admin_group_name, query_filter=admin_group_filter)
-    except Exception as e:
-        log.error('LDAP user details failed: %s', e)
-        message = _(u'Failed to get LDAP User details')
-        return None, message
+    role = constants.ROLE_USER
+    if admin_group_filter:
+        try:
+            log.debug(u"LDAP admin group filter: '{}'".format(admin_group_filter))
+            group_data = services.ldap.get_object_details(user=username, query_filter=admin_group_filter)
+            if group_data:
+                log.debug(u"LDAP admin group is found: '{}'".format(group_data))
+                role = constants.ROLE_ADMIN
+            else:
+                log.debug(u"LDAP admin group is not found")
+
+        except Exception as e:
+            log.error('LDAP admin group lookup failed: %s', e)
+            message = _(u'Failed to get LDAP admin group details')
+            return None, message
     user, error = ldap_create_user(username, user_data, role)
     return user, error