hongming
@@ -53,10 +53,16 @@ var (
|
||||
adminEmail string
|
||||
adminPassword string
|
||||
tokenExpireTime time.Duration
|
||||
initUsers []initUser
|
||||
)
|
||||
|
||||
type initUser struct {
|
||||
models.User
|
||||
Hidden bool `json:"hidden"`
|
||||
}
|
||||
|
||||
const (
|
||||
userInitFile = "/etc/ks-iam/users.json"
|
||||
userInitFile = "/Users/hongming/users.json"
|
||||
)
|
||||
|
||||
func Init(email, password string, t time.Duration) error {
|
||||
@@ -121,11 +127,11 @@ func checkAndCreateDefaultUser(conn ldap.Client) error {
|
||||
ldapclient.UserSearchBase,
|
||||
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
|
||||
"(&(objectClass=inetOrgPerson))",
|
||||
nil,
|
||||
[]string{"uid"},
|
||||
nil,
|
||||
)
|
||||
|
||||
users, err := conn.Search(userSearchRequest)
|
||||
result, err := conn.Search(userSearchRequest)
|
||||
|
||||
if ldap.IsErrorWithCode(err, ldap.LDAPResultNoSuchObject) {
|
||||
err = createUserBaseDN(conn)
|
||||
@@ -139,16 +145,16 @@ func checkAndCreateDefaultUser(conn ldap.Client) error {
|
||||
}
|
||||
|
||||
data, err := ioutil.ReadFile(userInitFile)
|
||||
var initUsers []models.User
|
||||
if err == nil {
|
||||
json.Unmarshal(data, &initUsers)
|
||||
}
|
||||
initUsers = append(initUsers, models.User{Username: constants.AdminUserName, Email: adminEmail, Password: adminPassword, Description: "Administrator account that was always created by default.", ClusterRole: constants.ClusterAdmin})
|
||||
initUsers = append(initUsers, initUser{User: models.User{Username: constants.AdminUserName, Email: adminEmail, Password: adminPassword, Description: "Administrator account that was always created by default.", ClusterRole: constants.ClusterAdmin}})
|
||||
|
||||
if users == nil || len(users.Entries) < len(initUsers) {
|
||||
for _, user := range initUsers {
|
||||
_, err = CreateUser(&user)
|
||||
for _, user := range initUsers {
|
||||
if result == nil || !containsUser(result.Entries, user) {
|
||||
_, err = CreateUser(&user.User)
|
||||
if err != nil && !ldap.IsErrorWithCode(err, ldap.LDAPResultEntryAlreadyExists) {
|
||||
glog.Errorln("user init failed", user.Username, err)
|
||||
return fmt.Errorf("user %s init failed: %s\n", user.Username, err)
|
||||
}
|
||||
}
|
||||
@@ -157,6 +163,16 @@ func checkAndCreateDefaultUser(conn ldap.Client) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func containsUser(entries []*ldap.Entry, user initUser) bool {
|
||||
for _, entry := range entries {
|
||||
uid := entry.GetAttributeValue("uid")
|
||||
if uid == user.Username {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
func createUserBaseDN(conn ldap.Client) error {
|
||||
|
||||
conn, err := ldapclient.Client()
|
||||
@@ -314,7 +330,9 @@ func ListUsers(conditions *params.Conditions, orderBy string, reverse bool, limi
|
||||
|
||||
user := models.User{Username: uid, Email: email, Description: description, Lang: lang, CreateTime: createTimestamp}
|
||||
|
||||
users = append(users, user)
|
||||
if !shouldHidden(user) {
|
||||
users = append(users, user)
|
||||
}
|
||||
}
|
||||
|
||||
updatedControl := ldap.FindControl(response.Controls, ldap.ControlTypePaging)
|
||||
@@ -362,6 +380,15 @@ func ListUsers(conditions *params.Conditions, orderBy string, reverse bool, limi
|
||||
return &models.PageableResponse{Items: items, TotalCount: len(users)}, nil
|
||||
}
|
||||
|
||||
func shouldHidden(user models.User) bool {
|
||||
for _, initUser := range initUsers {
|
||||
if initUser.Username == user.Username {
|
||||
return initUser.Hidden
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
func DescribeUser(username string) (*models.User, error) {
|
||||
|
||||
user, err := GetUserInfo(username)
|
||||
|
||||
Reference in New Issue
Block a user