1 files changed, 70 insertions, 62 deletions

diff --git a/lib/FPanel/Interface.pm b/lib/FPanel/Interface.pm
index 72fa29f..6781ae5 100644
--- a/lib/FPanel/Interface.pm
+++ b/lib/FPanel/Interface.pm
@@ -7,75 +7,63 @@ use utf8;
 use lib 'lib';
 use base 'FPanel::Login';
 
-sub cgiapp_init {
-  my $self = shift;
-
-  $self->SUPER::cgiapp_init;
 
-  # define runmodes (pages) that require successful login:
-  $self->authen->protected_runmodes( ':all' );
+# This method is called right before the 'setup' method below. It
+# inherits the configuration from the super class.
+sub cgiapp_init {
+    my $self = shift;
+  
+    $self->SUPER::cgiapp_init;
+  
+    # Every single Run Mode here is protected
+    $self->authen->protected_runmodes( ':all' );
 }
 
-sub index : Runmode {
-  my $self = shift;
-  my $template = $self->load_tmpl('index.html'
-                                 , cache => 1
-                                 , utf8 => 1 );
-  my $domain = (split /\//, $ENV{PATH_INFO},3)[1];
-  $template->param({
-      NAME  => 'INDEX',
-      URL => $self->query->url(),
-      MYDOMAIN => $domain,
-      USER  => $self->authen->username,
-  });
-  return $template->output;
-}
 
+# This is the first page an authenticated user sees. It lists the known
+# domains.
 sub DomainList : StartRunmode {
-  my $self = shift;
-
-  my ($u,$d) = split /@/, $self->authen->username, 2;
-  my $dn = "fvu=$u,fvd=$d,ou=virtual,o=mailHosting,dc=fripost,dc=dev";
-
-  my $ldap = Net::LDAP->new( 'ldap://127.0.0.1:389',
-                           , async => 1,
-                           , onerror => 'die'
-                           );
-  my $sasl = Authen::SASL->new( mechanism => 'DIGEST-MD5'
-                              , callback => { user => 'FPanel'
-                                            , pass => 'panel'
-                                            , authname => "dn:$dn" }
-                              );
-  my $mesg = $ldap->bind( sasl => $sasl ) ;
-  die $mesg->error if $mesg->code;
-
-  my $domains = $ldap->search( base => "ou=virtual,o=mailHosting,dc=fripost,dc=dev"
-                             , scope  => 'one'
-                             , filter => 'objectClass=FripostVirtualDomain'
-                             , deref => 'never'
-                             );
-  die $domains->error if $domains->code;
-
-
-  my $template = $self->load_tmpl('domain-list.html'
-                                 , cache => 1
-                                 , utf8 => 1
-                                 , loop_context_vars => 1
-                                 , global_vars => 1 );
-  $template->param( URL => $self->query->url );
-  $template->param( USER_LOCALPART => $u, USER_DOMAINPART => $d);
-  $template->param( DOMAINS => [
-          map { { DOMAIN => $_->get_value('fvd')
-                , PERMS => &list_perms($_, $dn)
-                , DESCRIPTION => join ("\n", $_->get_value('description'))
-                , ISACTIVE => $_->get_value('fripostIsStatusActive') eq 'TRUE' ? 1 : 0
-                };
-              }
-              $domains->sorted('fvd') 
-  ]);
-  return $template->output;
+    my $self = shift;
+    my %CFG = $self->cfg;
+    my $suffix = join ',', @{$CFG{ldap_suffix}};
+  
+    my ($l,$d) = split /@/, $self->authen->username, 2;
+    my $authzDN = "fvu=$l,fvd=$d,". $suffix;
+    my $ldap = $self->ldap_from_auth_user($authzDN);
+  
+    my $domains = $ldap->search( base => $suffix
+                               , scope => 'one'
+                               , filter => 'objectClass=FripostVirtualDomain'
+                               , deref => 'never'
+                               );
+    die $domains->error if $domains->code;
+  
+  
+    my $template = $self->load_tmpl( 'domain-list.html', cache => 1, utf8 => 1
+                                   , loop_context_vars => 1
+                                   , global_vars => 1 );
+    $template->param( URL => $self->query->url );
+    $template->param( USER_LOCALPART => $l, USER_DOMAINPART => $d);
+    $template->param( DOMAINS => [
+        map { { DOMAIN => $_->get_value('fvd')
+              , PERMS => &list_perms($_, $authzDN)
+              , DESCRIPTION => join ("\n", $_->get_value('description'))
+              , ISACTIVE => $_->get_value('fripostIsStatusActive') eq 'TRUE' ? 1 : 0
+              };
+            }
+            $domains->sorted('fvd') 
+    ]);
+    return $template->output;
 }
 
+
+# This subroutine displays the access that the given DN has on the entry.
+# Possible values are :
+# - "can create aliases" (a)
+# - "can create lists" (l)
+# - "can create aliases & lists" (al)
+# - "owner" (o)
+# - "postmaster" (p)
 sub list_perms {
     my ($entry, $dn) = @_;
     my $perms = '';
@@ -115,5 +103,25 @@ sub list_perms {
     }
 }
 
+
+# This method SASL binds the web application and uses the provided
+# authorization DN.
+sub ldap_from_auth_user {
+    my $self = shift;
+    my $authzDN = shift;
+
+    my $ldap = Net::LDAP->new( $self->cfg('ldap_uri'), async => 1, onerror => 'die' );
+    my $sasl = Authen::SASL->new( mechanism => 'DIGEST-MD5'
+                                , callback => { user => $self->cfg('ldap_authcID')
+                                              , pass => $self->cfg('ldap_authcPW')
+                                              , authname => "dn:$authzDN" }
+                                );
+    my $mesg = $ldap->bind( sasl => $sasl ) ;
+    die $mesg->error if $mesg->code;
+
+    return $ldap;
+}
+
+
 1;