Class: GitHub::Ldap::Group

Inherits:
Object
  • Object
show all
Includes:
Filter
Defined in:
lib/github/ldap/group.rb

Overview

This class represents an LDAP group. It encapsulates operations that you can perform against a group, like retrieving its members.

To get a group, you’ll need to create a ‘Ldap` object and then call the method `group` with the name of its base.

For example:

domain = GitHub::Ldap.new(options).group(“cn=enterprise,dc=github,dc=com”)

Direct Known Subclasses

PosixGroup, VirtualGroup

Constant Summary collapse

GROUP_CLASS_NAMES = 
%w(groupOfNames groupOfUniqueNames posixGroup group)

Constants included from Filter

Filter::ALL_GROUPS_FILTER, Filter::MEMBERSHIP_NAMES

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Methods included from Filter

#all_members_by_uid, #group_contains_filter, #group_filter, #login_filter, #member_filter, #members_of_group, #posix_member_filter, #subgroups_of_group

Constructor Details

#initialize(ldap, entry) ⇒ Group

Returns a new instance of Group.



19
20
21
 
# File 'lib/github/ldap/group.rb', line 19

def initialize(ldap, entry)
  @ldap, @entry = ldap, entry
end

Instance Attribute Details

#entryObject (readonly)

Returns the value of attribute entry.



17
18
19
 
# File 'lib/github/ldap/group.rb', line 17

def entry
  @entry
end

#ldapObject (readonly)

Returns the value of attribute ldap.



17
18
19
 
# File 'lib/github/ldap/group.rb', line 17

def ldap
  @ldap
end

Class Method Details

.group?(object_class) ⇒ Boolean

Internal - Check if an object class includes the member names Use ‘&` rathen than `include?` because both are arrays.

NOTE: object classes are downcased by default in Net::LDAP, so this will fail to match correctly unless we also downcase our group classes.

Returns true if the object class includes one of the group class names.

Returns:

  • (Boolean) 


84
85
86
 
# File 'lib/github/ldap/group.rb', line 84

def self.group?(object_class)
  !(GROUP_CLASS_NAMES.map(&:downcase) & object_class.map(&:downcase)).empty?
end

Instance Method Details

#group?(object_class) ⇒ Boolean

Internal: Returns true if the object class(es) provided match a group’s.

Returns:

  • (Boolean) 


73
74
75
 
# File 'lib/github/ldap/group.rb', line 73

def group?(object_class)
  self.class.group?(object_class)
end

#group_and_member_entriesObject

Internal - Inspect the ldap server searching for group and member entries.

Returns two arrays, the first one with subgroups and the second one with users.



127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
 
# File 'lib/github/ldap/group.rb', line 127

def group_and_member_entries
  groups, members = groups_and_members
  @all_members = members
  @all_groups  = groups

  cache = load_cache(groups)

  loop_cached_groups(groups, cache) do |subgroups, users|
    @all_groups.concat subgroups
    @all_members.concat users
  end

  @all_members.uniq! {|m| m.dn }

  [@all_groups, @all_members]
end

#groups_and_membersObject

Internal - Divide members of a group in user and subgroups.

Returns two arrays, the first one with subgroups and the second one with users.



120
121
122
 
# File 'lib/github/ldap/group.rb', line 120

def groups_and_members
  member_entries.partition {|e| group?(e[:objectclass])}
end

#is_member?(user_entry) ⇒ Boolean

Public - Check if a user dn is included in the members of this group and its subgroups.

user_entry: is the user entry to check the membership.

Returns true if the dn is in the list of members.

Returns:

  • (Boolean) 


47
48
49
50
 
# File 'lib/github/ldap/group.rb', line 47

def is_member?(user_entry)
  member_names.include?(user_entry.dn) ||
    members.detect {|entry| entry.dn == user_entry.dn}
end

#load_cache(groups) ⇒ Object

Internal - Generate a hash with all the group DNs for caching purposes.

groups: is an array of group entries.

Returns a hash with the cache groups.



93
94
95
 
# File 'lib/github/ldap/group.rb', line 93

def load_cache(groups)
  groups.each_with_object({}) {|entry, h| h[entry.dn] = true }
end

#loop_cached_groups(groups, cache, &block) ⇒ Object

Internal - Iterate over a collection of groups recursively. Remove groups already inspected before iterating over subgroups.

groups: is an array of group entries. cache: is a hash where the keys are group dns. block: is a block to call with the groups and members of subgroups.

Returns nothing.



105
106
107
108
109
110
111
112
113
114
115
 
# File 'lib/github/ldap/group.rb', line 105

def loop_cached_groups(groups, cache, &block)
  groups.each do |result|
    subgroups, members = @ldap.group(result.dn).groups_and_members

    subgroups.delete_if {|entry| cache[entry.dn]}
    subgroups.each {|entry| cache[entry.dn] = true}

    block.call(subgroups, members)
    loop_cached_groups(subgroups, cache, &block)
  end
end

#member_entriesObject

Internal - Get all the member entries for a group.

Returns an array of Net::LDAP::Entry.



56
57
58
59
60
61
 
# File 'lib/github/ldap/group.rb', line 56

def member_entries
  @member_entries ||= member_names.each_with_object([]) do |m, a|
    entry = @ldap.domain(m).bind
    a << entry if entry
  end
end

#member_namesObject

Internal - Get all the names under ‘member` and `uniqueMember`.

Returns an array with all the DN members.



66
67
68
69
70
 
# File 'lib/github/ldap/group.rb', line 66

def member_names
  MEMBERSHIP_NAMES.each_with_object([]) do |n, cache|
    cache.concat @entry[n]
  end
end

#membersObject

Public - Get all members that belong to a group. This list also includes the members of subgroups.

Returns an array with all the member entries.



27
28
29
30
31
 
# File 'lib/github/ldap/group.rb', line 27

def members
  return @all_members if @all_members
  group_and_member_entries
  @all_members
end

#subgroupsObject

Public - Get all the subgroups from a group recursively.

Returns an array with all the subgroup entries.



36
37
38
39
40
 
# File 'lib/github/ldap/group.rb', line 36

def subgroups
  return @all_groups if @all_groups
  group_and_member_entries
  @all_groups
end