add functionality for deleting user only from oidc teams which are not present in the current token

pkg/models/error.go

@@ -1081,33 +1081,7 @@ func (err ErrTeamDoesNotExist) HTTPError() web.HTTPError {
 	return web.HTTPError{HTTPCode: http.StatusNotFound, Code: ErrCodeTeamDoesNotExist, Message: "This team does not exist."}
 }
 
-<<<<<<< HEAD
-// ErrTeamAlreadyHasAccess represents an error where a team already has access to a project
-=======
-type ErrTeamsDoNotExist struct {
-	Name string
-}
-
-// IsErrTeamDoNotExist checks if an error is ErrTeamDoesNotExist.
-func IsErrTeamsDoNotExist(err error) bool {
-	_, ok := err.(ErrTeamsDoNotExist)
-	return ok
-}
-
-func (err ErrTeamsDoNotExist) Error() string {
-	return fmt.Sprintf("Team does not exist [Team Name: %v]", err.Name)
-}
-
-// ErrCodeTeamDoesNotExist holds the unique world-error code of this error
-const ErrCodeTeamsDoNotExist = 6002
-
-// HTTPError holds the http error description
-func (err ErrTeamsDoNotExist) HTTPError() web.HTTPError {
-	return web.HTTPError{HTTPCode: http.StatusNotFound, Code: ErrCodeTeamDoesNotExist, Message: "No team with given name exists."}
-}
-
 // ErrTeamAlreadyHasAccess represents an error where a team already has access to a list/namespace
->>>>>>> 2715a556... introduce functionality to assign/create team via group claim
 type ErrTeamAlreadyHasAccess struct {
 	TeamID int64
 	ID     int64
@@ -1251,6 +1225,51 @@ func (err ErrOIDCTeamsDoNotExistForUser) HTTPError() web.HTTPError {
 	return web.HTTPError{HTTPCode: http.StatusNotFound, Code: ErrCodeTeamDoesNotExist, Message: "No Teams with property oidcId could be found for User."}
 }
 
+type ErrTeamsDoNotExist struct {
+	Name string
+}
+
+// IsErrTeamDoNotExist checks if an error is ErrTeamDoesNotExist.
+func IsErrTeamsDoNotExist(err error) bool {
+	_, ok := err.(ErrTeamsDoNotExist)
+	return ok
+}
+
+func (err ErrTeamsDoNotExist) Error() string {
+	return fmt.Sprintf("Team does not exist [Team Name: %v]", err.Name)
+}
+
+// ErrCodeTeamDoesNotExist holds the unique world-error code of this error
+const ErrCodeTeamsDoNotExist = 6008
+
+// HTTPError holds the http error description
+func (err ErrTeamsDoNotExist) HTTPError() web.HTTPError {
+	return web.HTTPError{HTTPCode: http.StatusNotFound, Code: ErrCodeTeamDoesNotExist, Message: "No team with given name exists."}
+}
+
+// ErrOIDCTeamsDoNotExistForUser represents an error where an oidcTeam does not exist for the user
+type ErrOIDCTeamsDoNotExistForUser struct {
+	UserID int64
+}
+
+// IsErrOIDCTeamsDoNotExistForUser checks if an error is ErrOIDCTeamsDoNotExistForUser.
+func IsErrOIDCTeamsDoNotExistForUser(err error) bool {
+	_, ok := err.(ErrTeamDoesNotExist)
+	return ok
+}
+
+func (err ErrOIDCTeamsDoNotExistForUser) Error() string {
+	return fmt.Sprintf("No Oidc exists for User [User ID: %d]", err.UserID)
+}
+
+// ErrCodeTeamDoesNotExist holds the unique world-error code of this error
+const ErrCodeOIDCTeamsDoNotExistForUser = 6009
+
+// HTTPError holds the http error description
+func (err ErrOIDCTeamsDoNotExistForUser) HTTPError() web.HTTPError {
+	return web.HTTPError{HTTPCode: http.StatusNotFound, Code: ErrCodeTeamDoesNotExist, Message: "This team does not exist."}
+}
+
 // ====================
 // User <-> Project errors
 // ====================

pkg/models/teams.go

@@ -150,16 +150,30 @@ func GetTeamsByName(s *xorm.Session, name string) (teams []*Team, err error) {
 
 // GetTeamByOidcIDAndName gets teams where oidc_id and name match parameters
 // For oidc team creation oidcID and Name need to be set
-func GetTeamByOidcIDAndName(s *xorm.Session, id string, name string) (team Team, err error) {
+func GetTeamByOidcIDAndName(s *xorm.Session, oidcID string, teamName string) (team Team, err error) {
 	exists, err := s.
 		Table("teams").
-		Where("oidc_id = ? AND name = ?", id, name).
+		Where("oidc_id = ? AND name = ?", oidcID, teamName).
 		Get(&team)
 	log.Debugf("GetTeamByOidcIDAndName: %v, exists: %v", team.Name, exists)
 	if exists && err == nil {
 		return team, nil
 	}
-	return team, ErrTeamsDoNotExist{id}
+	return team, ErrTeamsDoNotExist{oidcID}
+}
+
+func FindAllOidcTeamIDsForUser(s *xorm.Session, userID int64) (ts []int64, err error) {
+	err = s.
+		Table("team_members").
+		Where("user_id = ? ", userID).
+		Join("RIGHT", "teams", "teams.id = team_members.team_id").
+		Where("teams.oidc_id != ?", "").
+		Cols("teams.id").
+		Find(&ts)
+	if ts == nil || err != nil {
+		return ts, ErrOIDCTeamsDoNotExistForUser{userID}
+	}
+	return ts, nil
 }
 
 // GetTeamByOidcIDAndName gets teams where oidc_id and name match parameters

pkg/modules/auth/openid/openid.go

@@ -213,9 +213,16 @@ func HandleCallback(c echo.Context) error {
 		log.Errorf("Error creating teams for user and vikunja groups %s: %v", cl.VikunjaGroups, err)
 		return handler.HandleHTTPError(err, c)
 	}
-	// check if we have seen these teams before.
-	// find or create Teams and assign user as teammember.
+
+	//TODO: fix this error check
+	// nil is no problem
+
 	if len(teamData) > 0 {
+		//find old teams for user through oidc
+		oldOidcTeams, _ := models.FindAllOidcTeamIDsForUser(s, u.ID)
+		// check if we have seen these teams before.
+		// find or create Teams and assign user as teammember.
+		var oidcTeams []int64
 		log.Debugf("TeamData is set %v", teamData)
 		teams, err := GetOrCreateTeamsByOIDCAndNames(s, teamData, u)
 		if err != nil {
@@ -236,8 +243,8 @@ func HandleCallback(c echo.Context) error {
 		for _, err := range errs {
 			log.Errorf("Found Error while signing out from teams %v", err)
 		}
+		SignOutFromOrDeleteTeamsByID(s, u, notIn(oldOidcTeams, oidcTeams))
 	}
-
 	err = s.Commit()
 	if err != nil {
 		_ = s.Rollback()
@@ -430,3 +437,23 @@ func getOrCreateUser(s *xorm.Session, cl *claims, issuer, subject string) (u *us
 
 	return
 }
+
+// find the elements which appear in slice1,but not in slice2
+func notIn(slice1 []int64, slice2 []int64) []int64 {
+	var diff []int64
+
+	for _, s1 := range slice1 {
+		found := false
+		for _, s2 := range slice2 {
+			if s1 == s2 {
+				found = true
+				break
+			}
+		}
+		// String not found. We add it to return slice
+		if !found {
+			diff = append(diff, s1)
+		}
+	}
+	return diff
+}