diff --git a/src/main/java/org/jenkinsci/account/Application.java b/src/main/java/org/jenkinsci/account/Application.java index 3986905..4687a32 100644 --- a/src/main/java/org/jenkinsci/account/Application.java +++ b/src/main/java/org/jenkinsci/account/Application.java @@ -26,11 +26,18 @@ import javax.naming.directory.SearchControls; import javax.naming.directory.SearchResult; import javax.naming.ldap.InitialLdapContext; import javax.naming.ldap.LdapContext; +import java.io.File; +import java.io.FileInputStream; +import java.io.IOException; +import java.util.HashSet; import java.util.Hashtable; +import java.util.List; import java.util.Properties; +import java.util.Set; import java.util.logging.Logger; import static javax.naming.directory.DirContext.*; +import static javax.naming.directory.SearchControls.SUBTREE_SCOPE; /** * @author Kohsuke Kawaguchi @@ -44,7 +51,11 @@ public class Application { } public Application(Properties config) { - this(ConfigurationProxy.create(config,Parameters.class)); + this(ConfigurationProxy.create(config, Parameters.class)); + } + + public Application(File config) throws IOException { + this(ConfigurationProxy.create(config, Parameters.class)); } public ReCaptcha createRecaptcha() { @@ -157,13 +168,28 @@ public class Application { LdapContext context = connect(dn, password); // make sure the password is valid try { Stapler.getCurrentRequest().getSession().setAttribute(Myself.class.getName(), - new Myself(this,dn, context.getAttributes(dn))); + new Myself(this,dn, context.getAttributes(dn), getGroups(dn, context))); } finally { context.close(); } return new HttpRedirect("myself/"); } + /** + * Obtains the group of the user specified by the given DN. + */ + Set getGroups(String dn, LdapContext context) throws NamingException { + Set groups = new HashSet(); + SearchControls c = new SearchControls(); + c.setReturningAttributes(new String[]{"cn"}); + c.setSearchScope(SUBTREE_SCOPE); + NamingEnumeration e = context.search("dc=jenkins-ci,dc=org", "(& (objectClass=groupOfNames) (member={0}))", new Object[]{dn}, c); + while (e.hasMore()) { + groups.add(e.nextElement().getAttributes().get("cn").get().toString()); + } + return groups; + } + public HttpResponse doLogout(StaplerRequest req) { req.getSession().invalidate(); return HttpResponses.redirectToDot(); diff --git a/src/main/java/org/jenkinsci/account/Myself.java b/src/main/java/org/jenkinsci/account/Myself.java index f21cb57..77b8082 100644 --- a/src/main/java/org/jenkinsci/account/Myself.java +++ b/src/main/java/org/jenkinsci/account/Myself.java @@ -10,6 +10,7 @@ import javax.naming.directory.Attributes; import javax.naming.directory.BasicAttributes; import javax.naming.directory.DirContext; import javax.naming.ldap.LdapContext; +import java.util.Set; import java.util.logging.Logger; /** @@ -20,10 +21,12 @@ public class Myself { private final String dn; public String firstName, lastName, email, userId; public String githubId, sshKeys; + private final Set groups; - public Myself(Application parent, String dn, Attributes attributes) throws NamingException { + public Myself(Application parent, String dn, Attributes attributes, Set groups) throws NamingException { this.parent = parent; this.dn = dn; + this.groups = groups; firstName = getAttribute(attributes,"givenName"); lastName = getAttribute(attributes,"sn"); @@ -33,6 +36,13 @@ public class Myself { sshKeys = getAttribute(attributes,"preferredLanguage"); } + /** + * Is this an admin user? + */ + public boolean isAdmin() { + return groups.contains("admins"); + } + private String getAttribute(Attributes attributes, String name) throws NamingException { Attribute att = attributes.get(name); return att!=null ? (String) att.get() : null; diff --git a/src/main/java/org/jenkinsci/account/WebAppMain.java b/src/main/java/org/jenkinsci/account/WebAppMain.java index 86f2908..d867fdf 100644 --- a/src/main/java/org/jenkinsci/account/WebAppMain.java +++ b/src/main/java/org/jenkinsci/account/WebAppMain.java @@ -2,6 +2,7 @@ package org.jenkinsci.account; import org.kohsuke.stapler.framework.AbstractWebAppMain; +import java.io.File; import java.io.FileInputStream; import java.util.Properties; @@ -20,13 +21,6 @@ public class WebAppMain extends AbstractWebAppMain { @Override public Application createApplication() throws Exception { - Properties config = new Properties(); - FileInputStream in = new FileInputStream("config.properties"); - try { - config.load(in); - return new Application(config); - } finally { - in.close(); - } + return new Application(new File("config.properties")); } } diff --git a/src/test/java/org/jenkinsci/account/Foo.java b/src/test/java/org/jenkinsci/account/Foo.java new file mode 100644 index 0000000..fe9bdff --- /dev/null +++ b/src/test/java/org/jenkinsci/account/Foo.java @@ -0,0 +1,12 @@ +package org.jenkinsci.account; + +/** + * @author Kohsuke Kawaguchi + */ +public class Foo { + public static void main(String[] args) throws Exception { + Application a = new WebAppMain().createApplication(); + String kohsuke = "cn=kohsuke,ou=people,dc=jenkins-ci,dc=org"; + System.out.println(a.getGroups(kohsuke, a.connect())); + } +}