wobauth 3.4.4

data/app/controllers/wobauth/users/authorities_controller.rb

@@ -0,0 +1,11 @@
+module Wobauth
+  class Users::AuthoritiesController < AuthoritiesController
+    before_action :set_authorizable
+
+  private
+
+    def set_authorizable
+      @authorizable = User.find(params[:user_id])
+    end
+  end
+end

data/app/controllers/wobauth/users/memberships_controller.rb

@@ -0,0 +1,11 @@
+module Wobauth
+  class Users::MembershipsController < MembershipsController
+    before_action :set_membershipable
+
+  private
+
+    def set_membershipable
+      @membershipable = User.find(params[:user_id])
+    end
+  end
+end

data/app/controllers/wobauth/users_controller.rb

@@ -0,0 +1,76 @@
+require_dependency "wobauth/application_controller"
+
+module Wobauth
+  class UsersController < ApplicationController
+    before_action :set_user, only: [:show, :edit, :update, :destroy]
+    before_action :add_breadcrumb_show, only: [:show]
+
+    # GET /users
+    def index
+      @users = User.all
+      respond_with(@users)
+    end
+
+    # GET /users/1
+    def show
+      respond_with(@user)
+    end
+
+    # GET /users/new
+    def new
+      @user = User.new(new_user_params)
+      respond_with(@user)
+    end
+
+    # GET /users/1/edit
+    def edit
+    end
+
+    # POST /users
+    def create
+      @user = User.new(user_params)
+
+      @user.save
+      respond_with(@user)
+    end
+
+    # PATCH/PUT /users/1
+    def update
+      @user.update(user_params)
+      respond_with(@user)
+    end
+
+    # DELETE /users/1
+    def destroy
+      @user.destroy
+      respond_with(@user)
+    end
+
+    private
+      # Use callbacks to share common setup or constraints between actions.
+      def set_user
+        @user = User.find(params[:id])
+      end
+
+      # Only allow a trusted parameter "white list" through.
+      def user_params
+        if params[:user][:password].blank? && action_name == 'update'
+          params[:user].delete(:password)
+          params[:user].delete(:password_confirmation)
+        end
+        params.require(:user).permit(
+          :username, :gruppen, :sn, :givenname, :displayname, 
+          :telephone, :email, :password, :password_confirmation,
+          :title, :position, :department, :company
+         )
+      end
+
+      def new_user_params
+        params.slice(
+          :username, :gruppen, :sn, :givenname, :displayname, 
+          :telephone, :email, :password, :password_confirmation,
+          :title, :position, :department, :company
+        ).permit!
+      end
+  end
+end

data/app/helpers/wobauth/ad_users_helper.rb

@@ -0,0 +1,60 @@
+module Wobauth
+  module AdUsersHelper
+    def new_from_aduser_link(model, aduser)
+      return unless (aduser.present? && model.present?)
+      case aduser_class(model, aduser)
+      when "table-danger"
+        if can? :create, model
+	  link_to icon_new, new_polymorphic_path([wobauth, model], aduser_attributes(aduser)),
+		class: 'btn btn-danger',
+		data: {
+		  confirm: "Der Eintrag enthält keine E-Mail-Adresse. Wenn es einen ähnlichen Eintrag mit gepflegter E-Mail-Adresse gibt, ist dies hier womöglich der falsche Eintrag. Wollen Sie dennoch weitermachen? Sie können die Daten im folgenden Formular noch korrigieren."
+		}
+        end
+      when "table-primary"
+        if can? :create, model
+	  link_to icon_new, new_polymorphic_path([wobauth, model], aduser_attributes(aduser)),
+		class: 'btn btn-primary'
+        end
+      when "table-success"
+	show_link([wobauth, model.where(email: aduser.mail).first])
+      end
+    end
+
+    def aduser_class(model, aduser)
+      return unless (aduser.present? && model.present?)
+      if aduser.mail.blank?
+	"table-danger"
+      elsif model.exists?(email: aduser.mail)
+	"table-success"
+      else
+	"table-primary"
+      end
+    end
+
+  private
+
+    def aduser_attributes(aduser)
+      {
+	username: aduser.username,
+	sn: aduser.sn,
+	givenname: aduser.givenname,
+	displayname: aduser.displayname,
+	cn: aduser.cn,
+	dn: aduser.dn,
+	email: aduser.mail,
+	position: aduser.title,
+	telephone: aduser.telephonenumber,
+	telefax: aduser.facsimiletelephonenumber,
+	mobile: aduser.mobile,
+	description: aduser.description,
+	department: aduser.department,
+	company: aduser.company,
+	plz: aduser.postalcode,
+	ort: aduser.l,
+	streetaddress: aduser.streetaddress,
+      }
+    end
+
+  end
+end

data/app/helpers/wobauth/application_helper.rb

@@ -0,0 +1,53 @@
+module Wobauth
+  module ApplicationHelper
+    include Wobapphelpers::Helpers::All
+
+    def polymorphic_selector(form, poly, types, group_method = :all)
+      msg = ""
+      # -- object available?
+      if form.object.send(poly).present?
+	msg += poly_type_display(form, poly)
+	msg += poly_id_select(form, poly, form.object.send("#{poly}_type"), :all)
+      else
+	msg += poly_type_select(form, poly, types)
+	msg += poly_id_select(form, poly, types, group_method)
+      end
+      msg.html_safe
+    end
+
+    def navigation_admin_links
+      render partial: 'wobauth/shared/admin'
+    end
+
+    def navigation_account_links
+      render partial: 'wobauth/shared/accounting'
+    end
+
+    def admin_active_class
+      if [:users, :groups, :memberships, :roles, :authorities].include?(controller.controller_name.to_sym)
+        "active"
+      end
+    end
+
+  private
+
+    def poly_type_select(f, poly, types)
+      f.input "#{poly}_type".to_sym, collection: types,
+              label_method: lambda {|x| t('activerecord.models.' + x.underscore)}
+    end
+
+    def poly_type_display(f, poly)
+     f.input("#{poly}_type".to_sym, collection: Array(f.object.send("#{poly}_type")),
+       label_method: lambda {|x| t('activerecord.models.' + x.underscore)},
+       disabled: true) +
+     f.hidden_field("#{poly}_type".to_sym, value: f.object.send("#{poly}_type"))
+    end
+
+    def poly_id_select(f, poly, types, group_method)
+      collections = Array(types).map {|t| t.constantize}
+      f.input "#{poly}_id".to_sym, collection: collections,
+                 as: :grouped_select, group_method: group_method
+    end
+
+  end
+end

data/app/helpers/wobauth/authorities_helper.rb

@@ -0,0 +1,9 @@
+module Wobauth
+  module AuthoritiesHelper
+    def authorized_for_link(authorized_for)
+      unless authorized_for.nil?
+        link_to authorized_for, main_app.polymorphic_path(authorized_for)
+      end
+    end
+  end
+end

data/app/models/wobauth/ad_user.rb

@@ -0,0 +1,4 @@
+module Wobauth
+  class AdUser
+  end
+end

data/app/models/wobauth/admin_ability.rb

@@ -0,0 +1,67 @@
+module Wobauth
+  # AdminAbility - abilities for wobauth
+  # Mostly you have own abilities for your application.
+  # If you need access to Wobauth models for non admin users,
+  # there are some restrictions: i.e. navigate to Wobauth::User
+  # means AdminAbility is active and your abilities from your application
+  # are not visible. Or you may overwrite the default abilities for 'Admin',
+  # 'OrgaAdmin' or 'UserAdmin'
+  # To resolve this, extend Woauth::AdminAbility
+  # Example:
+  # role 'UserAdmin' should have only read access to all Wobauth models.
+  # Add a new method :user_admin to Wobauth::AdminAbility (separate file
+  # in your application) and define abilities for 'UserAdmin' there:
+  #
+  # --- file your_application/app/models/wobauth_ability.rb
+  # require 'wobauth/admin_ability'
+  # module Wobauth
+  #   class AdminAbility
+  #     include CanCan::Ability
+  #     def user_admin(rights_for)
+  #       can :read, [Wobauth::User, Wobauth::Group, ...]
+  #       can :whateverelse ....
+  #     end
+  #   end
+  # end
+  # ---
+  # at least: don't forget to load wobauth_ability.rb
+
+  class AdminAbility
+    include CanCan::Ability
+
+    def initialize(user)
+      @user = user
+      return if @user.nil?
+      authorities = (@user.authorities + @user.group_authorities)
+      add_abilities(authorities)
+    end
+
+  private
+    def add_abilities(authorities)
+      Array(authorities).each do |authority|
+        add_ability(authority)
+      end
+    end
+
+    def add_ability(authority)
+      role = authority.role.name.underscore
+      if respond_to?(role)
+        send(role, authority.authorized_for)
+      else
+        fallback(authority)
+      end
+    end
+
+    def fallback(authority)
+     role = authority.role.to_s
+     if role == 'Admin'
+       can :manage, :all
+     elsif role == 'UserAdmin'
+       can :manage, :all
+     elsif role == 'OrgaAdmin'
+       can :read, :all
+       can :navigate, Wobauth::User
+     end
+    end
+  end
+end

data/app/models/wobauth/authority.rb

@@ -0,0 +1,17 @@
+module Wobauth
+  class Authority < ActiveRecord::Base
+    # -- associations
+    belongs_to :authorizable,   polymorphic: true
+    belongs_to :role
+    belongs_to :authorized_for, polymorphic: true, optional: true
+
+    # -- configuration
+    # -- validations and callbacks
+    validates :authorizable_id, :authorizable_type,
+              :role_id, presence: true
+
+    scope :valid, ->(date) { 
+      where('(valid_until >= ? OR valid_until is NULL) AND (valid_from <= ? OR valid_from is NULL)', date, date)
+    }
+  end
+end

data/app/models/wobauth/group.rb

@@ -0,0 +1,18 @@
+module Wobauth
+  class Group < ActiveRecord::Base
+    # -- associations
+    has_many :authorities, as: :authorizable
+    has_many :roles,       through: :authorities
+    has_many :memberships
+    has_many :users, -> { uniq }, through: :memberships,
+                     source: :user
+    # -- configuration
+    # -- validations and callbacks
+    validates :name, :presence => true, :uniqueness => true
+
+
+    def to_s
+      name
+    end
+  end
+end

data/app/models/wobauth/membership.rb

@@ -0,0 +1,11 @@
+module Wobauth
+  class Membership < ActiveRecord::Base
+    # -- associations
+    belongs_to :user
+    belongs_to :group
+
+    # -- configuration
+    # -- validations and callbacks
+    validates :user_id, :group_id, presence: true
+  end
+end

data/app/models/wobauth/role.rb

@@ -0,0 +1,19 @@
+module Wobauth
+  class Role < ActiveRecord::Base
+    # -- associations
+    has_many :authorities
+    has_many :users,  through:     :authorities,
+                      source:      :authorizable,
+                      source_type: Wobauth::User
+    has_many :groups, through:     :authorities,
+                      source:      :authorizable,
+                      source_type: Wobauth::Group
+    # -- configuration
+    # -- validations and callbacks
+    validates :name, :presence => true, :uniqueness => true
+
+    def to_s
+      name
+    end
+  end
+end

data/app/models/wobauth/user.rb

@@ -0,0 +1,11 @@
+module Wobauth
+  class User < ActiveRecord::Base
+    # dependencies within wobauth models
+    include Wobauth::Concerns::Models::User
+
+    # Include default devise modules. Others available are:
+    # :confirmable, :lockable, :timeoutable and :omniauthable
+    devise :database_authenticatable, :registerable,
+           :recoverable, :rememberable, :trackable
+  end
+end

data/app/services/wobauth/search_ad_user_service.rb

@@ -0,0 +1,53 @@
+module Wobauth
+  class SearchAdUserService
+    Result = ImmutableStruct.new( :success?, :error_messages, :ad_users )
+
+    def initialize(options = {})
+      @options = options.symbolize_keys
+      @ldap_options = options.fetch(:ldap_options, Wobauth.ldap_options)
+      if @ldap_options.blank?
+        raise RuntimeError, "ldap_options not set!"
+      end
+      @query        = options.fetch(:query, false)
+    end
+
+    def call
+      unless query
+	return Result.new(success: false, error_messages: ["no query given"], ad_users: [])
+      end
+
+      ldap = Wobaduser::LDAP.new(ldap_options: ldap_options)
+      if ldap.errors.any?
+	return Result.new(success: false, error_messages: ldap.errors, ad_users: [])
+      end
+
+      search = Wobaduser::User.search(ldap: ldap, filter: user_filter(query))
+      if search.success?
+	result = Result.new(success: true, error_messages: [], ad_users: search.entries)
+      else
+	result = Result.new(success: false, error_messages: search.errors, ad_users: [])
+       end
+    end
+
+  private
+    attr_reader :query, :ldap_options
+
+    # use filter in Wobaduser::User.search
+    # objectclass=user will be implicit added via Wobaduser::User.filter
+    def user_filter(query)
+      filter  = "(&"
+      filter += "(|(sn=#{query}*)(givenName=#{query}*)(mail=#{query}*))"
+      filter += "(!(sAMAccountname=admin*))"
+      filter += "(!(sAMAccountname=*test*))"
+      filter += "(!(sn=*test*))"
+      filter += "(!(sn=*admin*))"
+      filter += "(!(givenName=*admin*))"
+      filter += "(UserAccountControl:1.2.840.113556.1.4.803:=512)"
+      filter += "(!(UserAccountControl:1.2.840.113556.1.4.803:=2))"
+      filter += "(!(primaryGroupID=512))"
+      filter += "(!(msExchHideFromAddressLists=TRUE))"
+      filter += ")"
+      filter = Net::LDAP::Filter.construct(filter)
+    end
+  end
+end

data/app/views/devise/registrations/edit.html.erb

@@ -0,0 +1,25 @@
+<div class="container">
+<%= simple_form_for(resource, as: resource_name, url: registration_path(resource_name), html: { method: :put, class: 'card' }) do |f| %>
+  <%= f.error_notification %>
+
+  <div class="card-header">
+    <%= form_legend %>
+  </div>
+
+  <div class="card-body">
+
+    <%= f.input :email, required: true, autofocus: true %>
+
+    <% if devise_mapping.confirmable? && resource.pending_reconfirmation? %>
+      <p>Currently waiting confirmation for: <%= resource.unconfirmed_email %></p>
+    <% end %>
+
+    <%= f.input :password, autocomplete: "off", hint: "leave it blank if you don't want to change it", required: false %>
+    <%= f.input :password_confirmation, required: false %>
+    <%= f.input :current_password, hint: "we need your current password to confirm your changes", required: true %>
+
+    <%= f.button :submit, class: 'btn btn-primary' %>
+    <%= cancel_button %>
+  </div>
+<% end %>
+</div>

data/app/views/devise/sessions/new.html.erb

@@ -0,0 +1,17 @@
+<div class="container">
+<%= simple_form_for(resource, as: resource_name, url: session_path(resource_name),
+    html: { class: 'card'}) do |f| %>
+  <div class="card-header">
+    <h3>Login</h3>
+  </div>
+
+  <div class="card-body">
+    <%= f.input :username, required: true, autofocus: true %>
+    <%= f.input :password, required: true %>
+
+    <%= f.button :submit, "Log in" %>
+  </div>
+<% end %>
+
+<%= render "devise/shared/links" %>
+</div>

data/app/views/wobauth/ad_users/index.html.erb

@@ -0,0 +1,69 @@
+<div class="card col-sm-4 bg-light">
+<div class="card-body p-1 m-1">
+<%= form_tag( url_for(:action => 'index'),
+              :class => "") do -%>
+    <div class="form-group">
+      <label>Name, Vorname oder E-Mail-Adresse:</label>
+      <%= text_field_tag :query, '', class: 'form-control'-%>
+    </div>
+<% end -%>
+</div>
+</div>
+<br>
+
+<table id="adusers" class="table table-bordered table-striped dataTable" role="datatable">
+  <thead>
+    <tr>
+      <th><%= t('attributes.sn') %></th>
+      <th><%= t('attributes.givenname') %></th>
+      <th><%= t('attributes.ort') %></th>
+      <th><%= t('attributes.plz') %></th>
+      <th><%= t('attributes.streetaddress') %></th>
+      <th><%= t('attributes.department') %></th>
+      <th><%= t('attributes.company') %></th>
+      <th><%= t('attributes.mail') %></th>
+      <th><%= t('attributes.telephonenumber') %></th>
+      <th><%= t('attributes.facsimiletelephonenumber') %></th>
+      <th><%= t('attributes.mobile') %></th>
+      <th><%= t('attributes.username') %></th>
+      <th><%= t('wobauth.action') %></th>
+    </tr>
+  </thead>
+  <tfoot>
+    <tr>
+      <th></th>
+      <th></th>
+      <th></th>
+      <th></th>
+      <th></th>
+      <th></th>
+      <th></th>
+      <th></th>
+      <th></th>
+      <th></th>
+      <th></th>
+      <th></th>
+      <th></th>
+    </tr>
+  </tfoot>
+
+  <tbody>
+    <% @ad_users.each do |ad_user| %>
+      <%= content_tag(:tr, class: aduser_class(Wobauth::User, ad_user)) do %>
+	<td><%= ad_user.sn %></td>
+	<td><%= ad_user.givenname %></td>
+	<td><%= ad_user.l %></td>
+	<td><%= ad_user.postalcode %></td>
+	<td><%= ad_user.streetaddress %></td>
+	<td><%= ad_user.department %></td>
+	<td><%= ad_user.company %></td>
+	<td><%= ad_user.mail %></td>
+	<td><%= ad_user.telephonenumber %></td>
+	<td><%= ad_user.facsimiletelephonenumber %></td>
+	<td><%= ad_user.mobile %></td>
+	<td><%= ad_user.username %></td>
+	<td><%= new_from_aduser_link(Wobauth::User, ad_user) %></td>
+      <% end %>
+    <% end %>
+  </tbody>
+</table>

data/app/views/wobauth/authorities/_form.html.erb

@@ -0,0 +1,32 @@
+<div class="container">
+<%= simple_form_for([wobauth, @authorizable, @authority],
+  html: { class: 'form-horizontal card' }
+  ) do |f| %>
+
+  <div class="card-header">
+    <%= form_legend %>
+  </div>
+
+  <div class="card-body">
+    <%= polymorphic_selector(f,
+                             'authorizable',
+                              Wobauth.authorizable_types,
+                              Wobauth.authorizable_group_method) %>
+    <%= f.association :role %>
+    <%= polymorphic_selector(f,
+                             'authorized_for',
+                             Wobauth.authorized_for_types,
+                             Wobauth.authorized_for_group_method) %>
+
+    <%= f.input :valid_from, as: :string, class: 'datepicker'
+     %>
+    <%= f.input :valid_until, as: :string, class: 'datepicker'
+     %>
+
+    <%= f.button :submit, class: 'btn btn-primary' %>
+    <%= cancel_button %>
+  </div>
+<% end %>
+</div>
+
+<%= javascript_include_tag "wobauth/authorities" %>

data/app/views/wobauth/authorities/edit.html.erb

@@ -0,0 +1 @@
+<%= render 'form' %>

data/app/views/wobauth/authorities/index.html.erb

@@ -0,0 +1,41 @@
+<h1><%= t('controller.wobauth/authorities') %></h1>
+
+<%= content_tag :table, id: :wobauth_authorities, role: :wobauth_datatable,
+    class: "table table-bordered table-striped dataTable" do %>
+<thead>
+  <tr>
+    <th><%= t('attributes.authorizable') %></th>
+    <th><%= t('attributes.authorizable_type') %></th>
+    <th><%= t('attributes.role') %></th>
+    <th><%= t('attributes.authorized_for') %></th>
+    <th><%= t('attributes.authorized_for_type') %></th>
+    <th><%= t('attributes.valid_from') %></th>
+    <th><%= t('attributes.valid_until') %></th>
+    <th><%= t('wobauth.action') %></th>
+  </tr>
+</thead>
+<tbody>
+
+<% @authorities.each do |authority| %>
+  <%= content_tag_for(:tr, authority) do %>
+    <td><%= authority.authorizable %></td>
+    <td><%= authority.authorizable_type %></td>
+    <td><%= authority.role %></td>
+    <td><%= authority.authorized_for %></td>
+    <td><%= authority.authorized_for_type %></td>
+    <td><%= authority.valid_from %></td>
+    <td><%= authority.valid_until %></td>
+    <td class="nowrap">
+      <%= show_link [wobauth, authority] %>
+      <%= edit_link [wobauth, authority] %>
+      <%= delete_link [wobauth, authority] %>
+    </td>
+  <% end %>
+<% end %>
+</tbody>
+<% end %>
+
+<br />
+
+<%= back_link %>
+<%= new_link [wobauth, Wobauth::Authority] %>

data/app/views/wobauth/authorities/new.html.erb

@@ -0,0 +1 @@
+<%= render 'form' %>

data/app/views/wobauth/authorities/show.html.erb

@@ -0,0 +1,45 @@
+<div class="card">
+  <div class="card-header">
+    <h4><%= t('activerecord.models.wobauth/authority') %></h4>
+  </div>
+  <div class="card-body">
+    <table class="table table-bordered table-hover autowidth">
+      <tr>
+	<th><%= t('attributes.authorizable')%>:</th>
+	<td><%= @authority.authorizable %></td>
+      </tr>
+      <tr>
+	<th><%= t('attributes.authorizable_type')%>:</th>
+	<td><%= @authority.authorizable_type %></td>
+      </tr>
+      <tr>
+	<th><%= t('attributes.role')%>:</th>
+	<td><%= @authority.role %></td>
+      </tr>
+      <tr>
+	<th><%= t('attributes.authorized_for')%>:</th>
+	<td><%= @authority.authorized_for %></td>
+      </tr>
+      <tr>
+	<th><%= t('attributes.authorized_for_type')%>:</th>
+	<td><%= @authority.authorized_for_type %></td>
+      </tr>
+      <tr>
+	<th><%= t('attributes.valid_from')%>:</th>
+	<td><%= @authority.valid_from %></td>
+      </tr>
+      <tr>
+	<th><%= t('attributes.valid_until')%>:</th>
+	<td><%= @authority.valid_until %></td>
+      </tr>
+    </table>
+    <div role="toolbar">
+      <%= back_link %>
+      <%= edit_link([wobauth, @authority]) %>
+      <%= delete_link([wobauth, @authority]) %>
+      <%= new_link [wobauth, Wobauth::Authority] %>
+    </div>
+  </div>
+</div>
+
+