From fb9bcbcad0b522b131682ebbffb78ff87abd0bdd Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Mon, 18 Jun 2018 11:10:41 +0200
Subject: Add support for filtering by LDAP values from file

This is a temporary solution until we can do server-side
filtering.
---
 src/userldapdata.cpp | 78 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 src/userldapdata.h   | 16 +++++++++++
 src/vsession.cpp     | 26 +++++++++++++++---
 3 files changed, 116 insertions(+), 4 deletions(-)
 create mode 100644 src/userldapdata.cpp
 create mode 100644 src/userldapdata.h

(limited to 'src')

diff --git a/src/userldapdata.cpp b/src/userldapdata.cpp
new file mode 100644
index 0000000..4382800
--- /dev/null
+++ b/src/userldapdata.cpp
@@ -0,0 +1,78 @@
+#include "userldapdata.h"
+
+#include <QSet>
+#include <QFile>
+#include <QDebug>
+#include <QDir>
+
+#define INCBREAK if (++i >= len) break
+
+namespace {
+
+QSet<QString> _entries;
+
+}
+
+namespace UserLdapData {
+
+bool init(QString inputFile)
+{
+    _entries.clear();
+    if (inputFile.isEmpty()) {
+        inputFile = QDir::homePath() + "/.openslx/ldap";
+    }
+    QFile file(inputFile);
+    if (!file.open(QIODevice::ReadOnly | QIODevice::Text)) {
+        qDebug() << "Cannot read" << file.fileName();
+        return false;
+    }
+    while (!file.atEnd()) {
+        QByteArray ba = file.readLine();
+        const char *p = ba.constData();
+        const int len = ba.size();
+        bool b64 = false;
+        int dataStart = -1;
+        int keyEnd = -1;
+        for (int i = 1; i < len; ++i) {
+            if (p[i] != ':')
+                continue;
+            keyEnd = i;
+            INCBREAK;
+            if (p[i] == ':') {
+                INCBREAK;
+                b64 = true;
+            }
+            if (p[i] != ' ')
+                continue;
+            dataStart = i + 1;
+            break;
+        }
+        if (dataStart == -1)
+            continue;
+        int dataLen = len - dataStart;
+        while (dataLen > 0 && p[dataStart + dataLen - 1] == '\n') {
+            dataLen--;
+        }
+        QString value = QString::fromUtf8(p, keyEnd).toLower() + ":";
+        if (b64) {
+            value += QString::fromUtf8(QByteArray::fromBase64(QByteArray(p + dataStart, dataLen)));
+        } else {
+            value += QString::fromUtf8(p + dataStart, dataLen);
+        }
+        _entries.insert(value);
+    }
+    return true;
+}
+
+bool isEmpty()
+{
+    return _entries.isEmpty();
+}
+
+bool isAllowed(const QString& attribute, const QString& value)
+{
+    const QString keyLow(attribute.toLower() + ":" + value);
+    return _entries.contains(keyLow);
+}
+
+}
diff --git a/src/userldapdata.h b/src/userldapdata.h
new file mode 100644
index 0000000..dd8c066
--- /dev/null
+++ b/src/userldapdata.h
@@ -0,0 +1,16 @@
+#ifndef USERLDAPDATA_H_
+#define USERLDAPDATA_H_
+
+#include <QString>
+
+namespace UserLdapData {
+
+bool init(QString inputFile = QString());
+
+bool isEmpty();
+
+bool isAllowed(const QString& attribute, const QString& value);
+
+}
+
+#endif /* USERLDAPDATA_H_ */
diff --git a/src/vsession.cpp b/src/vsession.cpp
index 05b84a1..04d0ac2 100644
--- a/src/vsession.cpp
+++ b/src/vsession.cpp
@@ -14,6 +14,7 @@
 #include "globals.h"
 #include "vsession.h"
 #include "sessionsiconholder.h"
+#include "userldapdata.h"
 
 static QProcess _process;
 
@@ -43,7 +44,7 @@ void VSession::addNodeWithAttribute(const QString& nodeName,
 QIcon VSession::icon() const {
     QString icon(getAttribute("icon"));
     SessionsIconHolder *iconHolder = SessionsIconHolder::get();
-    if (icon.startsWith("http://")) {
+    if (icon.startsWith("http://") || icon.startsWith("https://")) {
        // try to load icon from url
        QIcon url_icon(iconHolder->getIcon(QUrl(icon)));
        if (!url_icon.isNull()) {
@@ -169,11 +170,13 @@ ImgType VSession::imgtype() const {
 
 bool VSession::isActive() const {
     QString value(getAttribute("active"));
-
+    // Is disabled completely
     if (value.compare("false") == 0) {
         if (g_debugMode) qDebug() << "'" << shortDescription() << "' not active. Reason: active == false";
         return false;
-    } else if (value.count("/") == 1) {
+    }
+    // Check for date range
+    if (value.count("/") == 1) {
         // try to interpret value as date range
         // [YYYY-MM-DD]/[YYYY-MM-DD]
         // eg. "1970-01-01/1971-01-01" from Jan 1st 1970 till Jan 1st 1971
@@ -202,7 +205,7 @@ bool VSession::isActive() const {
             return false;
         }
     }
-
+    // Filtering by pool name
     if (!g_currentPoolName.isEmpty()) {
         QStringList pools = getAttribute("pools").split("\\s*,\\s*");
         if (!pools.isEmpty() && !pools.contains(g_currentPoolName)) {
@@ -211,6 +214,19 @@ bool VSession::isActive() const {
             return false;
         }
     }
+    // Filter by LDAP data
+    if (!UserLdapData::isEmpty()) {
+        QDomNode keywordsNode = eintrag_.namedItem("filters");
+        for (QDomElement el(keywordsNode.firstChildElement("filter"));
+                !el.isNull();
+                el = el.nextSiblingElement("filter")) {
+            if (el.attribute("type") != "LDAP")
+                continue;
+            if (UserLdapData::isAllowed(el.firstChildElement("key").text(), el.firstChildElement("value").text()))
+                return true;
+        }
+        return false;
+    }
 
     return true;
 }
@@ -337,6 +353,8 @@ QList<Session*> VSession::readXmlFile(const QString& filepath) {
         }
     }
 
+    UserLdapData::init();
+
     QDomElement settingsNode = doc.firstChildElement("settings");
     for (QDomElement el(settingsNode.firstChildElement("eintrag"));
             !el.isNull();
-- 
cgit v1.2.3-55-g7522