From 270bb216468820419c4cddbcedb666f777fecdb1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sybren=20A=2E=20St=C3=BCvel?= <sybren@stuvel.eu>
Date: Wed, 24 Jan 2018 13:00:09 +0100
Subject: [PATCH] Support IP range editing in Organization view_embed

---
 pillar/web/organizations/routes.py         |  1 +
 src/styles/_organizations.sass             |  4 ++++
 src/templates/organizations/view_embed.pug | 15 +++++++++++++++
 tests/test_api/test_organizations.py       |  2 +-
 4 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/pillar/web/organizations/routes.py b/pillar/web/organizations/routes.py
index 0c4e5aa9..d33c3465 100644
--- a/pillar/web/organizations/routes.py
+++ b/pillar/web/organizations/routes.py
@@ -54,6 +54,7 @@ def view_embed(organization_id: str):
 
     # Make sure it's never None
     organization.unknown_members = organization.unknown_members or []
+    organization.human_ip_ranges = [ipr['human'] for ipr in (organization.ip_ranges or [])]
 
     can_super_edit = current_user.has_cap('admin')
     can_edit = can_super_edit or om.user_is_admin(organization_oid)
diff --git a/src/styles/_organizations.sass b/src/styles/_organizations.sass
index c4fcda42..583a8250 100644
--- a/src/styles/_organizations.sass
+++ b/src/styles/_organizations.sass
@@ -32,3 +32,7 @@ body.organizations
 	.org-admin
 		#admin-name
 			padding: 10px 0
+
+	.help-block
+		font-size: 0.9em
+		color: $color-text-dark-secondary
diff --git a/src/templates/organizations/view_embed.pug b/src/templates/organizations/view_embed.pug
index 759a444f..7c3d3fd5 100644
--- a/src/templates/organizations/view_embed.pug
+++ b/src/templates/organizations/view_embed.pug
@@ -29,6 +29,19 @@
 				type="text",
 				placeholder="Organization's location",
 				value="{{ organization.location | hide_none }}")
+		.input-group
+			label(for='org-ip-ranges-field') IP Ranges
+			textarea.item-ip-ranges#org-ip-ranges-field(
+				name="ip_ranges",
+				type="text",
+				rows="{{ organization.human_ip_ranges|length|default(1, true) }}",
+				placeholder="IP ranges in CIDR notation, one on each line",
+				title="IPv6 like 2a01:1234:abcd:3b::0/64\nIPv4 like 172.16.0.0/16")
+				| {{ organization.human_ip_ranges | join('\n') }}
+			p.help-block.
+				Clients with a matching IP address will be considered part of the organization. IPv4
+				ranges are always normalized to IPv6 prior to saving. Changes to IP Ranges take up
+				to an hour to affect already logged-in users.
 
 		| {% if can_super_edit %}
 		.input-group
@@ -38,6 +51,7 @@
 				type="text",
 				placeholder="Seat count",
 				value="{{ organization.seat_count | hide_none }}")
+			p.help-block Users covered by the IP Ranges do not count towards the seat count.
 		.input-group
 			label(for='org-roles-field') Roles
 			input.item-location.input-transparent#org-roles-field(
@@ -292,6 +306,7 @@ script.
 			description: $form.find('*[name="description"]').val(),
 			website: $form.find('*[name="website"]').val(),
 			location: $form.find('*[name="location"]').val(),
+			ip_ranges: $form.find('*[name="ip_ranges"]').val().trim().split('\n'),
 			{% if can_super_edit %}
 			seat_count: parseInt($form.find('*[name="seat_count"]').val()),
 			org_roles: org_roles,
diff --git a/tests/test_api/test_organizations.py b/tests/test_api/test_organizations.py
index 0dfd11cd..4d688e63 100644
--- a/tests/test_api/test_organizations.py
+++ b/tests/test_api/test_organizations.py
@@ -818,7 +818,7 @@ class IPRangeTest(AbstractOrgTest):
         # IP ranges should be saved as integers for fast matching.
         db_org = self._patch({'ip_ranges': [
             '192.168.3.0/24',
-            '192.168.3.1/32',
+            ' 192.168.3.1/32 \r\n ',  # Whitespace should be ignored
             '2a03:b0c0:0:1010::8fe:6ef1/120',
         ]})