add functionality for deleting user only from oidc teams which are not present in the current token
This commit is contained in:
parent
274dbecae5
commit
12242d9c6f
|
@ -1081,33 +1081,7 @@ func (err ErrTeamDoesNotExist) HTTPError() web.HTTPError {
|
|||
return web.HTTPError{HTTPCode: http.StatusNotFound, Code: ErrCodeTeamDoesNotExist, Message: "This team does not exist."}
|
||||
}
|
||||
|
||||
<<<<<<< HEAD
|
||||
// ErrTeamAlreadyHasAccess represents an error where a team already has access to a project
|
||||
=======
|
||||
type ErrTeamsDoNotExist struct {
|
||||
Name string
|
||||
}
|
||||
|
||||
// IsErrTeamDoNotExist checks if an error is ErrTeamDoesNotExist.
|
||||
func IsErrTeamsDoNotExist(err error) bool {
|
||||
_, ok := err.(ErrTeamsDoNotExist)
|
||||
return ok
|
||||
}
|
||||
|
||||
func (err ErrTeamsDoNotExist) Error() string {
|
||||
return fmt.Sprintf("Team does not exist [Team Name: %v]", err.Name)
|
||||
}
|
||||
|
||||
// ErrCodeTeamDoesNotExist holds the unique world-error code of this error
|
||||
const ErrCodeTeamsDoNotExist = 6002
|
||||
|
||||
// HTTPError holds the http error description
|
||||
func (err ErrTeamsDoNotExist) HTTPError() web.HTTPError {
|
||||
return web.HTTPError{HTTPCode: http.StatusNotFound, Code: ErrCodeTeamDoesNotExist, Message: "No team with given name exists."}
|
||||
}
|
||||
|
||||
// ErrTeamAlreadyHasAccess represents an error where a team already has access to a list/namespace
|
||||
>>>>>>> 2715a556... introduce functionality to assign/create team via group claim
|
||||
type ErrTeamAlreadyHasAccess struct {
|
||||
TeamID int64
|
||||
ID int64
|
||||
|
@ -1251,6 +1225,51 @@ func (err ErrOIDCTeamsDoNotExistForUser) HTTPError() web.HTTPError {
|
|||
return web.HTTPError{HTTPCode: http.StatusNotFound, Code: ErrCodeTeamDoesNotExist, Message: "No Teams with property oidcId could be found for User."}
|
||||
}
|
||||
|
||||
type ErrTeamsDoNotExist struct {
|
||||
Name string
|
||||
}
|
||||
|
||||
// IsErrTeamDoNotExist checks if an error is ErrTeamDoesNotExist.
|
||||
func IsErrTeamsDoNotExist(err error) bool {
|
||||
_, ok := err.(ErrTeamsDoNotExist)
|
||||
return ok
|
||||
}
|
||||
|
||||
func (err ErrTeamsDoNotExist) Error() string {
|
||||
return fmt.Sprintf("Team does not exist [Team Name: %v]", err.Name)
|
||||
}
|
||||
|
||||
// ErrCodeTeamDoesNotExist holds the unique world-error code of this error
|
||||
const ErrCodeTeamsDoNotExist = 6008
|
||||
|
||||
// HTTPError holds the http error description
|
||||
func (err ErrTeamsDoNotExist) HTTPError() web.HTTPError {
|
||||
return web.HTTPError{HTTPCode: http.StatusNotFound, Code: ErrCodeTeamDoesNotExist, Message: "No team with given name exists."}
|
||||
}
|
||||
|
||||
// ErrOIDCTeamsDoNotExistForUser represents an error where an oidcTeam does not exist for the user
|
||||
type ErrOIDCTeamsDoNotExistForUser struct {
|
||||
UserID int64
|
||||
}
|
||||
|
||||
// IsErrOIDCTeamsDoNotExistForUser checks if an error is ErrOIDCTeamsDoNotExistForUser.
|
||||
func IsErrOIDCTeamsDoNotExistForUser(err error) bool {
|
||||
_, ok := err.(ErrTeamDoesNotExist)
|
||||
return ok
|
||||
}
|
||||
|
||||
func (err ErrOIDCTeamsDoNotExistForUser) Error() string {
|
||||
return fmt.Sprintf("No Oidc exists for User [User ID: %d]", err.UserID)
|
||||
}
|
||||
|
||||
// ErrCodeTeamDoesNotExist holds the unique world-error code of this error
|
||||
const ErrCodeOIDCTeamsDoNotExistForUser = 6009
|
||||
|
||||
// HTTPError holds the http error description
|
||||
func (err ErrOIDCTeamsDoNotExistForUser) HTTPError() web.HTTPError {
|
||||
return web.HTTPError{HTTPCode: http.StatusNotFound, Code: ErrCodeTeamDoesNotExist, Message: "This team does not exist."}
|
||||
}
|
||||
|
||||
// ====================
|
||||
// User <-> Project errors
|
||||
// ====================
|
||||
|
|
|
@ -150,16 +150,30 @@ func GetTeamsByName(s *xorm.Session, name string) (teams []*Team, err error) {
|
|||
|
||||
// GetTeamByOidcIDAndName gets teams where oidc_id and name match parameters
|
||||
// For oidc team creation oidcID and Name need to be set
|
||||
func GetTeamByOidcIDAndName(s *xorm.Session, id string, name string) (team Team, err error) {
|
||||
func GetTeamByOidcIDAndName(s *xorm.Session, oidcID string, teamName string) (team Team, err error) {
|
||||
exists, err := s.
|
||||
Table("teams").
|
||||
Where("oidc_id = ? AND name = ?", id, name).
|
||||
Where("oidc_id = ? AND name = ?", oidcID, teamName).
|
||||
Get(&team)
|
||||
log.Debugf("GetTeamByOidcIDAndName: %v, exists: %v", team.Name, exists)
|
||||
if exists && err == nil {
|
||||
return team, nil
|
||||
}
|
||||
return team, ErrTeamsDoNotExist{id}
|
||||
return team, ErrTeamsDoNotExist{oidcID}
|
||||
}
|
||||
|
||||
func FindAllOidcTeamIDsForUser(s *xorm.Session, userID int64) (ts []int64, err error) {
|
||||
err = s.
|
||||
Table("team_members").
|
||||
Where("user_id = ? ", userID).
|
||||
Join("RIGHT", "teams", "teams.id = team_members.team_id").
|
||||
Where("teams.oidc_id != ?", "").
|
||||
Cols("teams.id").
|
||||
Find(&ts)
|
||||
if ts == nil || err != nil {
|
||||
return ts, ErrOIDCTeamsDoNotExistForUser{userID}
|
||||
}
|
||||
return ts, nil
|
||||
}
|
||||
|
||||
// GetTeamByOidcIDAndName gets teams where oidc_id and name match parameters
|
||||
|
|
|
@ -213,9 +213,16 @@ func HandleCallback(c echo.Context) error {
|
|||
log.Errorf("Error creating teams for user and vikunja groups %s: %v", cl.VikunjaGroups, err)
|
||||
return handler.HandleHTTPError(err, c)
|
||||
}
|
||||
// check if we have seen these teams before.
|
||||
// find or create Teams and assign user as teammember.
|
||||
|
||||
//TODO: fix this error check
|
||||
// nil is no problem
|
||||
|
||||
if len(teamData) > 0 {
|
||||
//find old teams for user through oidc
|
||||
oldOidcTeams, _ := models.FindAllOidcTeamIDsForUser(s, u.ID)
|
||||
// check if we have seen these teams before.
|
||||
// find or create Teams and assign user as teammember.
|
||||
var oidcTeams []int64
|
||||
log.Debugf("TeamData is set %v", teamData)
|
||||
teams, err := GetOrCreateTeamsByOIDCAndNames(s, teamData, u)
|
||||
if err != nil {
|
||||
|
@ -236,8 +243,8 @@ func HandleCallback(c echo.Context) error {
|
|||
for _, err := range errs {
|
||||
log.Errorf("Found Error while signing out from teams %v", err)
|
||||
}
|
||||
SignOutFromOrDeleteTeamsByID(s, u, notIn(oldOidcTeams, oidcTeams))
|
||||
}
|
||||
|
||||
err = s.Commit()
|
||||
if err != nil {
|
||||
_ = s.Rollback()
|
||||
|
@ -430,3 +437,23 @@ func getOrCreateUser(s *xorm.Session, cl *claims, issuer, subject string) (u *us
|
|||
|
||||
return
|
||||
}
|
||||
|
||||
// find the elements which appear in slice1,but not in slice2
|
||||
func notIn(slice1 []int64, slice2 []int64) []int64 {
|
||||
var diff []int64
|
||||
|
||||
for _, s1 := range slice1 {
|
||||
found := false
|
||||
for _, s2 := range slice2 {
|
||||
if s1 == s2 {
|
||||
found = true
|
||||
break
|
||||
}
|
||||
}
|
||||
// String not found. We add it to return slice
|
||||
if !found {
|
||||
diff = append(diff, s1)
|
||||
}
|
||||
}
|
||||
return diff
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue
Block a user