wip assign groups via oidc
This commit is contained in:
parent
ad8d831f0e
commit
47fe28c354
|
@ -18,6 +18,7 @@ package models
|
|||
|
||||
import (
|
||||
"code.vikunja.io/api/pkg/events"
|
||||
"code.vikunja.io/api/pkg/log"
|
||||
user2 "code.vikunja.io/api/pkg/user"
|
||||
"code.vikunja.io/web"
|
||||
"xorm.io/xorm"
|
||||
|
@ -54,7 +55,7 @@ func (tm *TeamMember) Create(s *xorm.Session, a web.Auth) (err error) {
|
|||
|
||||
// Check if that user is already part of the team
|
||||
exists, err := s.
|
||||
Where("team_id = ? AND user_id = ?", tm.TeamID, tm.UserID).
|
||||
Where("team_id = ? AND user_name = ?", tm.TeamID, tm.UserID).
|
||||
Get(&TeamMember{})
|
||||
if err != nil {
|
||||
return
|
||||
|
@ -109,6 +110,25 @@ func (tm *TeamMember) Delete(s *xorm.Session, _ web.Auth) (err error) {
|
|||
return
|
||||
}
|
||||
|
||||
func (tm *TeamMember) CheckMembership(s *xorm.Session) (err error) {
|
||||
member, err := user2.GetUserByUsername(s, tm.Username)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
tm.UserID = member.ID
|
||||
exists, err := s.
|
||||
Where("team_id = ? AND user_id = ?", tm.TeamID, tm.UserID).
|
||||
Get(&TeamMember{})
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
if exists {
|
||||
log.Errorf("Team member already exists %v", ErrUserIsMemberOfTeam{tm.UserID, tm.UserID})
|
||||
return ErrUserIsMemberOfTeam{tm.UserID, tm.UserID}
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
// Update toggles a team member's admin status
|
||||
// @Summary Toggle a team member's admin status
|
||||
// @Description If a user is team admin, this will make them member and vise-versa.
|
||||
|
|
|
@ -119,6 +119,8 @@ func GetTeamByID(s *xorm.Session, id int64) (team *Team, err error) {
|
|||
|
||||
return
|
||||
}
|
||||
|
||||
// GetTeamByID gets teams by name
|
||||
func GetTeamsByName(s *xorm.Session, name string) (teams []*Team, err error) {
|
||||
if name == "" {
|
||||
return teams, ErrTeamsDoNotExist{name}
|
||||
|
@ -135,14 +137,6 @@ func GetTeamsByName(s *xorm.Session, name string) (teams []*Team, err error) {
|
|||
if len(ts) == 0 {
|
||||
return ts, ErrTeamsDoNotExist{name}
|
||||
}
|
||||
|
||||
// //for each ts
|
||||
// teamSlice := []*Team{ts}
|
||||
// err = addMoreInfoToTeams(s, teamSlice)
|
||||
// if err != nil {
|
||||
// return
|
||||
// }
|
||||
|
||||
teams = ts
|
||||
|
||||
return
|
||||
|
@ -298,8 +292,9 @@ func (t *Team) Create(s *xorm.Session, a web.Auth) (err error) {
|
|||
return
|
||||
}
|
||||
|
||||
// Insert the current user as member and admin
|
||||
tm := TeamMember{TeamID: t.ID, Username: doer.Username, Admin: true}
|
||||
var admin bool = true
|
||||
// }
|
||||
tm := TeamMember{TeamID: t.ID, Username: doer.Username, Admin: admin}
|
||||
if err = tm.Create(s, doer); err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -310,35 +305,9 @@ func (t *Team) Create(s *xorm.Session, a web.Auth) (err error) {
|
|||
})
|
||||
}
|
||||
|
||||
func (t *Team) CreateNoAdmin(s *xorm.Session, a web.Auth) (err error) {
|
||||
doer, err := user.GetFromAuth(a)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// Check if we have a name
|
||||
if t.Name == "" {
|
||||
return ErrTeamNameCannotBeEmpty{}
|
||||
}
|
||||
|
||||
t.CreatedByID = doer.ID
|
||||
t.CreatedBy = doer
|
||||
|
||||
_, err = s.Insert(t)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
func (t *Team) ManageAdminRight(teamMember TeamMember, admin bool) {
|
||||
// Insert the current user as member and admin
|
||||
tm := TeamMember{TeamID: t.ID, Username: doer.Username, Admin: false}
|
||||
if err = tm.Create(s, doer); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return events.Dispatch(&TeamCreatedEvent{
|
||||
Team: t,
|
||||
Doer: a,
|
||||
})
|
||||
teamMember.Admin = admin
|
||||
}
|
||||
|
||||
// Delete deletes a team
|
||||
|
|
|
@ -62,7 +62,7 @@ type claims struct {
|
|||
Name string `json:"name"`
|
||||
PreferredUsername string `json:"preferred_username"`
|
||||
Nickname string `json:"nickname"`
|
||||
Group []string `json:"groups"`
|
||||
Teams []string `json:"groups"`
|
||||
}
|
||||
|
||||
func init() {
|
||||
|
@ -191,34 +191,28 @@ func HandleCallback(c echo.Context) error {
|
|||
// Check if we have seen this user before
|
||||
u, err := getOrCreateUser(s, cl, idToken.Issuer, idToken.Subject)
|
||||
|
||||
log.Errorf("Issuer %s: %v", idToken.Issuer, err)
|
||||
|
||||
if err != nil {
|
||||
_ = s.Rollback()
|
||||
log.Errorf("Error creating new user for provider %s: %v", provider.Name, err)
|
||||
return handler.HandleHTTPError(err, c)
|
||||
}
|
||||
|
||||
// Check if we have seen this user before
|
||||
teams, err := GetOrCreateTeamsByNames(s, cl.Group, u)
|
||||
if err != nil {
|
||||
log.Errorf("Error verifying team for name %v, got %v", cl.Name, teams, err)
|
||||
return err
|
||||
} else {
|
||||
for _, team := range teams {
|
||||
tm := models.TeamMember{TeamID: team.ID, Username: u.Username}
|
||||
if err = tm.Create(s, u); err != nil {
|
||||
switch t := err.(type) {
|
||||
case *models.ErrUserIsMemberOfTeam:
|
||||
log.Errorf("ErrUserIsMemberOfTeam", t)
|
||||
break
|
||||
default:
|
||||
log.Errorf("Error assigning User to team", t)
|
||||
// Check if we have seen these teams before
|
||||
if len(cl.Teams) > 0 {
|
||||
teams, err := GetOrCreateTeamsByNames(s, cl.Teams, u)
|
||||
if err != nil {
|
||||
log.Errorf("Error verifying team for name %v, got %v", cl.Name, teams, err)
|
||||
return err
|
||||
} else {
|
||||
for _, team := range teams {
|
||||
tm := models.TeamMember{TeamID: team.ID, Username: u.Username}
|
||||
err := tm.CheckMembership(s)
|
||||
if err == nil {
|
||||
tm.Create(s, u)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
err = s.Commit()
|
||||
if err != nil {
|
||||
return handler.HandleHTTPError(err, c)
|
||||
|
@ -232,12 +226,13 @@ func GetOrCreateTeamsByNames(s *xorm.Session, teamNames []string, u *user.User)
|
|||
for _, t := range teamNames {
|
||||
team, err := models.GetTeamsByName(s, t)
|
||||
|
||||
// if team does not exists, create it
|
||||
if models.IsErrTeamsDoNotExist(err) {
|
||||
log.Errorf("No such Team: %v, got %v", t, team, err)
|
||||
log.Debugf("No such Team: %v, create %v ..", t, team)
|
||||
tea := &models.Team{
|
||||
Name: t,
|
||||
}
|
||||
err := tea.CreateNoAdmin(s, u)
|
||||
err := tea.Create(s, u)
|
||||
if err != nil {
|
||||
log.Errorf("Teams: %v, err: %v", tea, err)
|
||||
} else {
|
||||
|
@ -246,9 +241,10 @@ func GetOrCreateTeamsByNames(s *xorm.Session, teamNames []string, u *user.User)
|
|||
} else {
|
||||
// if multiple teams with same name are found,
|
||||
if len(team) == 1 {
|
||||
// append team to return value
|
||||
te = append(te, *team[len(team)-1])
|
||||
} else {
|
||||
log.Errorf("Multiple Teams have the same name: %v, ", team[len(team)-1].Name)
|
||||
log.Debugf("Multiple Teams have the same name: %v, ignore assignment of %v", team[len(team)-1].Name, u.Name)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue