lib/cratus/user.rb in cratus-0.4.0 vs lib/cratus/user.rb in cratus-0.5.0

@@ -5,15 +5,11 @@
     attr_reader :username, :search_base
 
     def initialize(username)
       @username = username
       @search_base = self.class.ldap_search_base
-      @raw_ldap_data = Cratus::LDAP.search(
-        "(#{self.class.ldap_dn_attribute}=#{@username})",
-        basedn: @search_base,
-        attrs: self.class.ldap_return_attributes
-      ).last
+      refresh
     end
 
     # Add a user to a group
     def add_to_group(group)
       raise 'InvalidGroup' unless group.respond_to?(:add_user)
@@ -30,18 +26,56 @@
 
     def department
       @raw_ldap_data[Cratus.config.user_department_attribute].last
     end
 
+    # Disables an enabled user
+    def disable
+      if enabled?
+        Cratus::LDAP.replace_attribute(
+          dn,
+          Cratus.config.user_account_control_attribute,
+          ['514']
+        )
+        refresh
+      else
+        true
+      end
+    end
+
+    def disabled?
+      status = @raw_ldap_data[Cratus.config.user_account_control_attribute].last
+      status.to_s == '514'
+    end
+
     def dn
       @raw_ldap_data[:dn].last
     end
 
     def email
       @raw_ldap_data[Cratus.config.user_mail_attribute].last
     end
 
+    # Enables a disabled user
+    def enable
+      if disabled?
+        Cratus::LDAP.replace_attribute(
+          dn,
+          Cratus.config.user_account_control_attribute,
+          ['512']
+        )
+        refresh
+      else
+        true
+      end
+    end
+
+    def enabled?
+      status = @raw_ldap_data[Cratus.config.user_account_control_attribute].last
+      status.to_s == '512'
+    end
+
     def fullname
       @raw_ldap_data[Cratus.config.user_displayname_attribute].last
     end
 
     def lockouttime
@@ -88,10 +122,36 @@
       all_the_groups.uniq(&:name)
     end
 
     alias groups member_of
 
+    def refresh
+      @raw_ldap_data = Cratus::LDAP.search(
+        "(#{self.class.ldap_dn_attribute}=#{@username})",
+        basedn: @search_base,
+        attrs: self.class.ldap_return_attributes
+      ).last
+    end
+
+    # Unlocks a user
+    # @return `true` on success (or if user is already unlocked)
+    # @return `false` when the account is disabled (unlocking not permitted)
+    def unlock
+      if locked? && enabled?
+        Cratus::LDAP.replace_attribute(
+          dn,
+          Cratus.config.user_lockout_attribute,
+          ['0']
+        )
+        refresh
+      elsif disabled?
+        false
+      else
+        true
+      end
+    end
+
     def <=>(other)
       @username <=> other.username
     end
 
     # All the LDAP Users
@@ -119,10 +179,11 @@
         Cratus.config.user_dn_attribute.to_s,
         Cratus.config.user_department_attribute.to_s,
         Cratus.config.user_mail_attribute.to_s,
         Cratus.config.user_displayname_attribute.to_s,
         Cratus.config.user_memberof_attribute.to_s,
-        Cratus.config.user_lockout_attribute.to_s
+        Cratus.config.user_lockout_attribute.to_s,
+        Cratus.config.user_account_control_attribute.to_s
       ]
     end
 
     def self.ldap_search_base
       Cratus.config.user_basedn.to_s