From b9c43a74399634245deadb1e4cbdfeeadc3a8c66 Mon Sep 17 00:00:00 2001
From: Simon Leary <simon.leary42@proton.me>
Date: Wed, 26 Nov 2025 18:08:20 -0500
Subject: [PATCH 1/5] optimize fetching of group member attributes

---
 resources/lib/UnityGroup.php             |  9 +++++
 resources/lib/UnityLDAP.php              | 48 ++++++++++++++++++++++++
 webroot/admin/ajax/get_group_members.php | 21 ++++++-----
 webroot/panel/ajax/get_group_members.php | 17 +++++----
 4 files changed, 77 insertions(+), 18 deletions(-)

diff --git a/resources/lib/UnityGroup.php b/resources/lib/UnityGroup.php
index 3517a022..85a096e5 100644
--- a/resources/lib/UnityGroup.php
+++ b/resources/lib/UnityGroup.php
@@ -470,4 +470,13 @@ public static function ownerMail2GID(string $email): string
         $ownerUid = $entry->getAttribute("cn")[0];
         return self::PI_PREFIX . $ownerUid;
     }
+
+    public function getGroupMembersAttributes(array $attributes, array $default_values = [])
+    {
+        return $this->LDAP->getUsersAttributes(
+            $this->getGroupMemberUIDs(),
+            $attributes,
+            $default_values,
+        );
+    }
 }
diff --git a/resources/lib/UnityLDAP.php b/resources/lib/UnityLDAP.php
index fe630b52..eb1823a7 100644
--- a/resources/lib/UnityLDAP.php
+++ b/resources/lib/UnityLDAP.php
@@ -2,6 +2,8 @@
 
 namespace UnityWebPortal\lib;
 
+use UnityWebPortal\lib\exceptions\EntryNotFoundException;
+use ValueError;
 use PHPOpenLDAPer\LDAPConn;
 use PHPOpenLDAPer\LDAPEntry;
 
@@ -487,4 +489,50 @@ public function getSortedGroupsForRedis(): array
         sort($groups);
         return $groups;
     }
+
+    /**
+     * returns an array with each UID as an array key
+     * @throws \UnityWebPortal\lib\exceptions\EntryNotFoundException
+     */
+    public function getUsersAttributes(
+        array $uids,
+        array $attributes,
+        array $default_values = [],
+    ): array {
+        if (count($uids) === 0) {
+            throw new ValueError("uids cannot be empty");
+        }
+        $attributes = array_map("strtolower", $attributes);
+        if (in_array("uid", $attributes)) {
+            $asked_for_uid_attribute = true;
+        } else {
+            $asked_for_uid_attribute = false;
+            array_push($attributes, "uid");
+        }
+        $uids = array_map(fn($x) => ldap_escape($x, "", LDAP_ESCAPE_FILTER), $uids);
+        $filter =
+            "(&(objectClass=posixAccount)(|" .
+            implode("", array_map(fn($x) => "(uid=$x)", $uids)) .
+            "))";
+        $entries = $this->baseOU->getChildrenArrayStrict(
+            $attributes,
+            true,
+            $filter,
+            $default_values,
+        );
+        $output = [];
+        foreach ($entries as $entry) {
+            $uid = $entry["uid"][0];
+            if (!$asked_for_uid_attribute) {
+                unset($entry["uid"]);
+            }
+            $output[$uid] = $entry;
+        }
+        $uids_not_found = array_diff($uids, array_keys($output));
+        if (count($uids_not_found) > 0) {
+            throw new EntryNotFoundException(jsonEncode($uids_not_found));
+        }
+        ksort($output);
+        return $output;
+    }
 }
diff --git a/webroot/admin/ajax/get_group_members.php b/webroot/admin/ajax/get_group_members.php
index 9d98e44e..d557e15b 100644
--- a/webroot/admin/ajax/get_group_members.php
+++ b/webroot/admin/ajax/get_group_members.php
@@ -14,13 +14,13 @@
 }
 
 $group = new UnityGroup($_GET["gid"], $LDAP, $SQL, $MAILER, $REDIS, $WEBHOOK);
-$members = $group->getGroupMembers();
+$members = $group->getGroupMembersAttributes(["gecos", "mail"]);
 $requests = $group->getRequests();
 
 $i = 0;
 $count = count($members) + count($requests);
-foreach ($members as $member) {
-    if ($member->uid == $group->getOwner()->uid) {
+foreach ($members as $uid => $attributes) {
+    if ($uid == $group->getOwner()->uid) {
         continue;
     }
 
@@ -29,22 +29,23 @@
     } else {
         echo "<tr class='expanded $i'>";
     }
-
-    echo "<td>" . $member->getFullname() . "</td>";
-    echo "<td>" . $member->uid . "</td>";
-    echo "<td><a href='mailto:" . $member->getMail() . "'>" . $member->getMail() . "</a></td>";
+    $fullname = $attributes["gecos"][0];
+    $mail = $attributes["mail"][0];
+    echo "<td>$fullname</td>";
+    echo "<td>$uid</td>";
+    echo "<td><a href='mailto:$mail'>$mail</a></td>";
     echo "<td>";
     echo "
         <form
             action=''
             method='POST'
             onsubmit='
-                return confirm(\"Are you sure you want to remove $member->uid from this group?\");
+                return confirm(\"Are you sure you want to remove $uid from this group?\");
             '
         >
         <input type='hidden' name='form_type' value='remUserChild'>
-        <input type='hidden' name='uid' value='" . $member->uid . "'>
-        <input type='hidden' name='pi' value='" . $group->gid . "'>
+        <input type='hidden' name='uid' value='$uid'>
+        <input type='hidden' name='pi' value='$group->gid'>
         <input type='submit' value='Remove'>
         </form>
     ";
diff --git a/webroot/panel/ajax/get_group_members.php b/webroot/panel/ajax/get_group_members.php
index 878f703a..d77f0aeb 100644
--- a/webroot/panel/ajax/get_group_members.php
+++ b/webroot/panel/ajax/get_group_members.php
@@ -13,10 +13,10 @@
 if (!$group->memberExists($USER)) {
     UnityHTTPD::forbidden("not a group member");
 }
-$members = $group->getGroupMembers();
+$members = $group->getGroupMembersAttributes(["gecos", "mail"]);
 $count = count($members);
-foreach ($members as $key => $member) {
-    if ($member->uid == $group->getOwner()->uid) {
+foreach ($members as $uid => $attributes) {
+    if ($uid == $group->getOwner()->uid) {
         continue;
     }
 
@@ -25,10 +25,11 @@
     } else {
         echo "<tr class='expanded $key'>";
     }
-
-    echo "<td>" . $member->getFullname() . "</td>";
-    echo "<td>" . $member->uid . "</td>";
-    echo "<td><a href='mailto:" . $member->getMail() . "'>" . $member->getMail() . "</a></td>";
-    echo "<td><input type='hidden' name='uid' value='" . $member->uid . "'></td>";
+    $fullname = $attributes["gecos"][0];
+    $mail = $attributes["mail"][0];
+    echo "<td>$fullname</td>";
+    echo "<td>$uid</td>";
+    echo "<td><a href='mailto:$mail'>$mail</a></td>";
+    echo "<td><input type='hidden' name='uid' value='$uid'></td>";
     echo "</tr>";
 }

From 73da1aacb376bfd558c41aac1ed9d54eb300cea1 Mon Sep 17 00:00:00 2001
From: simonLeary42 <71396965+simonLeary42@users.noreply.github.com>
Date: Wed, 26 Nov 2025 18:20:40 -0500
Subject: [PATCH 2/5] Update resources/lib/UnityGroup.php

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---
 resources/lib/UnityGroup.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/resources/lib/UnityGroup.php b/resources/lib/UnityGroup.php
index 85a096e5..e2084906 100644
--- a/resources/lib/UnityGroup.php
+++ b/resources/lib/UnityGroup.php
@@ -471,7 +471,7 @@ public static function ownerMail2GID(string $email): string
         return self::PI_PREFIX . $ownerUid;
     }
 
-    public function getGroupMembersAttributes(array $attributes, array $default_values = [])
+    public function getGroupMembersAttributes(array $attributes, array $default_values = []): array
     {
         return $this->LDAP->getUsersAttributes(
             $this->getGroupMemberUIDs(),

From 5ddcf51421773b1900eb78d49c8b7fab0835eb8e Mon Sep 17 00:00:00 2001
From: Simon Leary <simon.leary42@proton.me>
Date: Wed, 26 Nov 2025 18:14:20 -0500
Subject: [PATCH 3/5] $key => $i

---
 webroot/admin/ajax/get_group_members.php | 3 ---
 webroot/panel/ajax/get_group_members.php | 9 +++++----
 2 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/webroot/admin/ajax/get_group_members.php b/webroot/admin/ajax/get_group_members.php
index d557e15b..d2434e55 100644
--- a/webroot/admin/ajax/get_group_members.php
+++ b/webroot/admin/ajax/get_group_members.php
@@ -23,7 +23,6 @@
     if ($uid == $group->getOwner()->uid) {
         continue;
     }
-
     if ($i >= $count - 1) {
         echo "<tr class='expanded $i last'>";
     } else {
@@ -51,7 +50,6 @@
     ";
     echo "</td>";
     echo "</tr>";
-
     $i++;
 }
 
@@ -77,6 +75,5 @@
     <input type='submit' name='action' value='Deny'></form>";
     echo "</td>";
     echo "</tr>";
-
     $i++;
 }
diff --git a/webroot/panel/ajax/get_group_members.php b/webroot/panel/ajax/get_group_members.php
index d77f0aeb..920b0ab2 100644
--- a/webroot/panel/ajax/get_group_members.php
+++ b/webroot/panel/ajax/get_group_members.php
@@ -15,15 +15,15 @@
 }
 $members = $group->getGroupMembersAttributes(["gecos", "mail"]);
 $count = count($members);
+$i = 0;
 foreach ($members as $uid => $attributes) {
     if ($uid == $group->getOwner()->uid) {
         continue;
     }
-
-    if ($key >= $count - 1) {
-        echo "<tr class='expanded $key last'>";
+    if ($i >= $count - 1) {
+        echo "<tr class='expanded $i last'>";
     } else {
-        echo "<tr class='expanded $key'>";
+        echo "<tr class='expanded $i'>";
     }
     $fullname = $attributes["gecos"][0];
     $mail = $attributes["mail"][0];
@@ -32,4 +32,5 @@
     echo "<td><a href='mailto:$mail'>$mail</a></td>";
     echo "<td><input type='hidden' name='uid' value='$uid'></td>";
     echo "</tr>";
+    $i++;
 }

From c7ff8fac1af26913c47feeaf95754066633c8312 Mon Sep 17 00:00:00 2001
From: Simon Leary <simon.leary42@proton.me>
Date: Wed, 26 Nov 2025 18:24:16 -0500
Subject: [PATCH 4/5] keep original unescaped UIDs

---
 resources/lib/UnityLDAP.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/resources/lib/UnityLDAP.php b/resources/lib/UnityLDAP.php
index eb1823a7..aa8c496e 100644
--- a/resources/lib/UnityLDAP.php
+++ b/resources/lib/UnityLDAP.php
@@ -509,10 +509,10 @@ public function getUsersAttributes(
             $asked_for_uid_attribute = false;
             array_push($attributes, "uid");
         }
-        $uids = array_map(fn($x) => ldap_escape($x, "", LDAP_ESCAPE_FILTER), $uids);
+        $uids_escaped = array_map(fn($x) => ldap_escape($x, "", LDAP_ESCAPE_FILTER), $uids);
         $filter =
             "(&(objectClass=posixAccount)(|" .
-            implode("", array_map(fn($x) => "(uid=$x)", $uids)) .
+            implode("", array_map(fn($x) => "(uid=$x)", $uids_escaped)) .
             "))";
         $entries = $this->baseOU->getChildrenArrayStrict(
             $attributes,

From ab698877f071fad6ee4d3cc34ad9e8d3c005c9b2 Mon Sep 17 00:00:00 2001
From: Simon Leary <simon.leary42@proton.me>
Date: Wed, 26 Nov 2025 18:25:42 -0500
Subject: [PATCH 5/5] allow empty uids

---
 resources/lib/UnityLDAP.php | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/resources/lib/UnityLDAP.php b/resources/lib/UnityLDAP.php
index aa8c496e..0b7ede67 100644
--- a/resources/lib/UnityLDAP.php
+++ b/resources/lib/UnityLDAP.php
@@ -3,7 +3,6 @@
 namespace UnityWebPortal\lib;
 
 use UnityWebPortal\lib\exceptions\EntryNotFoundException;
-use ValueError;
 use PHPOpenLDAPer\LDAPConn;
 use PHPOpenLDAPer\LDAPEntry;
 
@@ -500,7 +499,7 @@ public function getUsersAttributes(
         array $default_values = [],
     ): array {
         if (count($uids) === 0) {
-            throw new ValueError("uids cannot be empty");
+            return [];
         }
         $attributes = array_map("strtolower", $attributes);
         if (in_array("uid", $attributes)) {