Development

internal/api/auth/auth_service.go

@@ -2,19 +2,21 @@ package auth
 
 import (
 	"fmt"
-	"strings"
+	"slices"
 
 	"github.com/cpp-cyber/proclone/internal/ldap"
+	"github.com/cpp-cyber/proclone/internal/proxmox"
 )
 
-func NewAuthService() (*AuthService, error) {
+func NewAuthService(proxmoxService *proxmox.ProxmoxService) (*AuthService, error) {
 	ldapService, err := ldap.NewLDAPService()
 	if err != nil {
 		return nil, fmt.Errorf("failed to create LDAP service: %w", err)
 	}
 
 	return &AuthService{
-		ldapService: ldapService,
+		ldapService:    ldapService,
+		proxmoxService: proxmoxService,
 	}, nil
 }
 
@@ -51,38 +53,36 @@ func (s *AuthService) Authenticate(username string, password string) (bool, erro
 }
 
 func (s *AuthService) IsAdmin(username string) (bool, error) {
-	// Input validation
-	if username == "" {
-		return false, fmt.Errorf("username cannot be empty")
-	}
-
-	// Get user DN
-	userDN, err := s.ldapService.GetUserDN(username)
+	// Get user's groups from Proxmox
+	userGroups, err := s.proxmoxService.GetUserGroups(username)
 	if err != nil {
-		return false, fmt.Errorf("failed to get user DN: %w", err)
+		return false, fmt.Errorf("failed to get user groups: %w", err)
 	}
 
-	// Get user's groups
-	userGroups, err := s.ldapService.GetUserGroups(userDN)
-	if err != nil {
-		return false, fmt.Errorf("failed to get user groups: %w", err)
+	// Get the admin group name from config
+	adminGroupName := s.proxmoxService.Config.AdminGroupName
+
+	// Check if user is in the admin group
+	if slices.Contains(userGroups, adminGroupName) {
+		return true, nil
 	}
 
-	// Load LDAP config to get admin group DN
-	config, err := ldap.LoadConfig()
+	return false, nil
+}
+
+func (s *AuthService) IsCreator(username string) (bool, error) {
+	// Get user's groups from Proxmox
+	userGroups, err := s.proxmoxService.GetUserGroups(username)
 	if err != nil {
-		return false, fmt.Errorf("failed to load LDAP config: %w", err)
+		return false, fmt.Errorf("failed to get user groups: %w", err)
 	}
 
-	if config.AdminGroupDN == "" {
-		return false, fmt.Errorf("admin group DN not configured")
-	}
+	// Get the creator group name from config
+	creatorGroupName := s.proxmoxService.Config.CreatorGroupName
 
-	// Check if user is in the admin group
-	for _, groupDN := range userGroups {
-		if strings.EqualFold(groupDN, "Proxmox-Admins") {
-			return true, nil
-		}
+	// Check if user is in the creator group
+	if slices.Contains(userGroups, creatorGroupName) {
+		return true, nil
 	}
 
 	return false, nil

internal/api/auth/types.go

@@ -2,6 +2,7 @@ package auth
 
 import (
 	"github.com/cpp-cyber/proclone/internal/ldap"
+	"github.com/cpp-cyber/proclone/internal/proxmox"
 )
 
 // =================================================
@@ -12,20 +13,22 @@ type Service interface {
 	// Authentication
 	Authenticate(username, password string) (bool, error)
 	IsAdmin(username string) (bool, error)
+	IsCreator(username string) (bool, error)
 
 	// Health and Connection
 	HealthCheck() error
 	Reconnect() error
 }
 
 type AuthService struct {
-	ldapService ldap.Service
+	ldapService    ldap.Service
+	proxmoxService *proxmox.ProxmoxService
 }
 
 // =================================================
 // Types for Auth Service (re-exported from ldap)
 // =================================================
 
-type User = ldap.User
-type Group = ldap.Group
+type User = proxmox.User
+type Group = proxmox.Group
 type UserRegistrationInfo = ldap.UserRegistrationInfo