wip assign groups via oidc

pkg/models/team_members.go

@@ -18,6 +18,7 @@ package models
 
 import (
 	"code.vikunja.io/api/pkg/events"
+	"code.vikunja.io/api/pkg/log"
 	user2 "code.vikunja.io/api/pkg/user"
 	"code.vikunja.io/web"
 	"xorm.io/xorm"
@@ -54,7 +55,7 @@ func (tm *TeamMember) Create(s *xorm.Session, a web.Auth) (err error) {
 
 	// Check if that user is already part of the team
 	exists, err := s.
-		Where("team_id = ? AND user_id = ?", tm.TeamID, tm.UserID).
+		Where("team_id = ? AND user_name = ?", tm.TeamID, tm.UserID).
 		Get(&TeamMember{})
 	if err != nil {
 		return
@@ -109,6 +110,25 @@ func (tm *TeamMember) Delete(s *xorm.Session, a web.Auth) (err error) {
 	return
 }
 
+func (tm *TeamMember) CheckMembership(s *xorm.Session) (err error) {
+	member, err := user2.GetUserByUsername(s, tm.Username)
+	if err != nil {
+		return
+	}
+	tm.UserID = member.ID
+	exists, err := s.
+		Where("team_id = ? AND user_id = ?", tm.TeamID, tm.UserID).
+		Get(&TeamMember{})
+	if err != nil {
+		return
+	}
+	if exists {
+		log.Errorf("Team member already exists %v", ErrUserIsMemberOfTeam{tm.UserID, tm.UserID})
+		return ErrUserIsMemberOfTeam{tm.UserID, tm.UserID}
+	}
+	return
+}
+
 // Update toggles a team member's admin status
 // @Summary Toggle a team member's admin status
 // @Description If a user is team admin, this will make them member and vise-versa.

pkg/models/teams.go

@@ -119,6 +119,8 @@ func GetTeamByID(s *xorm.Session, id int64) (team *Team, err error) {
 
 	return
 }
+
+// GetTeamByID gets teams by name
 func GetTeamsByName(s *xorm.Session, name string) (teams []*Team, err error) {
 	if name == "" {
 		return teams, ErrTeamsDoNotExist{name}
@@ -135,14 +137,6 @@ func GetTeamsByName(s *xorm.Session, name string) (teams []*Team, err error) {
 	if len(ts) == 0 {
 		return ts, ErrTeamsDoNotExist{name}
 	}
-
-	// //for each ts
-	// teamSlice := []*Team{ts}
-	// err = addMoreInfoToTeams(s, teamSlice)
-	// if err != nil {
-	// 	return
-	// }
-
 	teams = ts
 
 	return
@@ -298,8 +292,9 @@ func (t *Team) Create(s *xorm.Session, a web.Auth) (err error) {
 		return
 	}
 
-	// Insert the current user as member and admin
-	tm := TeamMember{TeamID: t.ID, Username: doer.Username, Admin: true}
+	var admin bool = true
+	// }
+	tm := TeamMember{TeamID: t.ID, Username: doer.Username, Admin: admin}
 	if err = tm.Create(s, doer); err != nil {
 		return err
 	}
@@ -310,35 +305,9 @@ func (t *Team) Create(s *xorm.Session, a web.Auth) (err error) {
 	})
 }
 
-func (t *Team) CreateNoAdmin(s *xorm.Session, a web.Auth) (err error) {
-	doer, err := user.GetFromAuth(a)
-	if err != nil {
-		return err
-	}
-
-	// Check if we have a name
-	if t.Name == "" {
-		return ErrTeamNameCannotBeEmpty{}
-	}
-
-	t.CreatedByID = doer.ID
-	t.CreatedBy = doer
-
-	_, err = s.Insert(t)
-	if err != nil {
-		return
-	}
-
+func (t *Team) ManageAdminRight(teamMember TeamMember, admin bool) {
 	// Insert the current user as member and admin
-	tm := TeamMember{TeamID: t.ID, Username: doer.Username, Admin: false}
-	if err = tm.Create(s, doer); err != nil {
-		return err
-	}
-
-	return events.Dispatch(&TeamCreatedEvent{
-		Team: t,
-		Doer: a,
-	})
+	teamMember.Admin = admin
 }
 
 // Delete deletes a team

pkg/modules/auth/openid/openid.go

@@ -64,7 +64,7 @@ type claims struct {
 	Name              string   `json:"name"`
 	PreferredUsername string   `json:"preferred_username"`
 	Nickname          string   `json:"nickname"`
-	Group             []string `json:"groups"`
+	Teams             []string `json:"groups"`
 }
 
 func init() {
@@ -192,34 +192,28 @@ func HandleCallback(c echo.Context) error {
 	// Check if we have seen this user before
 	u, err := getOrCreateUser(s, cl, idToken.Issuer, idToken.Subject)
 
-	log.Errorf("Issuer %s: %v", idToken.Issuer, err)
-
 	if err != nil {
 		_ = s.Rollback()
 		log.Errorf("Error creating new user for provider %s: %v", provider.Name, err)
 		return handler.HandleHTTPError(err, c)
 	}
 
-	// Check if we have seen this user before
-	teams, err := GetOrCreateTeamsByNames(s, cl.Group, u)
-	if err != nil {
-		log.Errorf("Error verifying team for name %v, got %v", cl.Name, teams, err)
-		return err
-	} else {
-		for _, team := range teams {
-			tm := models.TeamMember{TeamID: team.ID, Username: u.Username}
-			if err = tm.Create(s, u); err != nil {
-				switch t := err.(type) {
-				case *models.ErrUserIsMemberOfTeam:
-					log.Errorf("ErrUserIsMemberOfTeam", t)
-					break
-				default:
-					log.Errorf("Error assigning User to team", t)
+	// Check if we have seen these teams before
+	if len(cl.Teams) > 0 {
+		teams, err := GetOrCreateTeamsByNames(s, cl.Teams, u)
+		if err != nil {
+			log.Errorf("Error verifying team for name %v, got %v", cl.Name, teams, err)
+			return err
+		} else {
+			for _, team := range teams {
+				tm := models.TeamMember{TeamID: team.ID, Username: u.Username}
+				err := tm.CheckMembership(s)
+				if err == nil {
+					tm.Create(s, u)
 				}
 			}
 		}
 	}
-
 	err = s.Commit()
 	if err != nil {
 		return handler.HandleHTTPError(err, c)
@@ -233,12 +227,13 @@ func GetOrCreateTeamsByNames(s *xorm.Session, teamNames []string, u *user.User)
 	for _, t := range teamNames {
 		team, err := models.GetTeamsByName(s, t)
 
+		// if team does not exists, create it
 		if models.IsErrTeamsDoNotExist(err) {
-			log.Errorf("No such Team: %v, got %v", t, team, err)
+			log.Debugf("No such Team: %v, create %v ..", t, team)
 			tea := &models.Team{
 				Name: t,
 			}
-			err := tea.CreateNoAdmin(s, u)
+			err := tea.Create(s, u)
 			if err != nil {
 				log.Errorf("Teams: %v, err: %v", tea, err)
 			} else {
@@ -247,9 +242,10 @@ func GetOrCreateTeamsByNames(s *xorm.Session, teamNames []string, u *user.User)
 		} else {
 			// if multiple teams with same name are found,
 			if len(team) == 1 {
+				// append team to return value
 				te = append(te, *team[len(team)-1])
 			} else {
-				log.Errorf("Multiple Teams have the same name: %v, ", team[len(team)-1].Name)
+				log.Debugf("Multiple Teams have the same name: %v, ignore assignment of %v", team[len(team)-1].Name, u.Name)
 			}
 		}
 	}