Commit 0320baeb by Torkel Ödegaard

feat(ldap): user org role sync working

parent 42670c27
......@@ -27,7 +27,7 @@ func init() {
SearchFilter: "(cn=%s)",
SearchBaseDNs: []string{"dc=grafana,dc=org"},
LdapGroups: []*LdapGroupToOrgRole{
{GroupDN: "cn=users,dc=grafana,dc=org", OrgRole: m.ROLE_EDITOR},
{GroupDN: "cn=users,dc=grafana,dc=org", OrgId: 1, OrgRole: m.ROLE_VIEWER},
},
},
}
......@@ -143,16 +143,29 @@ func (a *ldapAuther) syncOrgRoles(user *m.User, ldapUser *ldapUserInfo) error {
// remove or update org roles
for _, org := range orgsQuery.Result {
for _, group := range a.server.LdapGroups {
if group.OrgId == org.OrgId && ldapUser.isMemberOf(group.GroupDN) {
if org.OrgId != group.OrgId {
continue
}
if ldapUser.isMemberOf(group.GroupDN) {
if org.Role != group.OrgRole {
// update role
cmd := m.UpdateOrgUserCommand{OrgId: org.OrgId, UserId: user.Id, Role: group.OrgRole}
if err := bus.Dispatch(&cmd); err != nil {
return err
}
}
} else {
// remove role
cmd := m.RemoveOrgUserCommand{OrgId: org.OrgId, UserId: user.Id}
if err := bus.Dispatch(&cmd); err != nil {
return err
}
}
}
}
// add missing org roles
for _, group := range a.server.LdapGroups {
if !ldapUser.isMemberOf(group.GroupDN) {
continue
......
......@@ -97,10 +97,48 @@ func TestLdapAuther(t *testing.T) {
Convey("Should create new org user", func() {
So(err, ShouldBeNil)
So(sc.addOrgUserCommand, ShouldNotBeNil)
So(sc.addOrgUserCommand.Role, ShouldEqual, m.ROLE_ADMIN)
So(sc.addOrgUserCmd, ShouldNotBeNil)
So(sc.addOrgUserCmd.Role, ShouldEqual, m.ROLE_ADMIN)
})
})
ldapAutherScenario("given different current org role", func(sc *scenarioContext) {
ldapAuther := NewLdapAuthenticator(&LdapServerConf{
LdapGroups: []*LdapGroupToOrgRole{
{GroupDN: "cn=users", OrgId: 1, OrgRole: "Admin"},
},
})
sc.userOrgsQueryReturns([]*m.UserOrgDTO{{OrgId: 1, Role: m.ROLE_EDITOR}})
err := ldapAuther.syncOrgRoles(&m.User{}, &ldapUserInfo{
MemberOf: []string{"cn=users"},
})
Convey("Should update org role", func() {
So(err, ShouldBeNil)
So(sc.updateOrgUserCmd, ShouldNotBeNil)
So(sc.updateOrgUserCmd.Role, ShouldEqual, m.ROLE_ADMIN)
})
})
ldapAutherScenario("given current org role is removed in ldap", func(sc *scenarioContext) {
ldapAuther := NewLdapAuthenticator(&LdapServerConf{
LdapGroups: []*LdapGroupToOrgRole{
{GroupDN: "cn=users", OrgId: 1, OrgRole: "Admin"},
},
})
sc.userOrgsQueryReturns([]*m.UserOrgDTO{{OrgId: 1, Role: m.ROLE_EDITOR}})
err := ldapAuther.syncOrgRoles(&m.User{}, &ldapUserInfo{
MemberOf: []string{"cn=other"},
})
Convey("Should remove org role", func() {
So(err, ShouldBeNil)
So(sc.removeOrgUserCmd, ShouldNotBeNil)
})
})
})
}
......@@ -117,7 +155,17 @@ func ldapAutherScenario(desc string, fn scenarioFunc) {
})
bus.AddHandler("test", func(cmd *m.AddOrgUserCommand) error {
sc.addOrgUserCommand = cmd
sc.addOrgUserCmd = cmd
return nil
})
bus.AddHandler("test", func(cmd *m.UpdateOrgUserCommand) error {
sc.updateOrgUserCmd = cmd
return nil
})
bus.AddHandler("test", func(cmd *m.RemoveOrgUserCommand) error {
sc.removeOrgUserCmd = cmd
return nil
})
......@@ -127,7 +175,9 @@ func ldapAutherScenario(desc string, fn scenarioFunc) {
type scenarioContext struct {
createUserCmd *m.CreateUserCommand
addOrgUserCommand *m.AddOrgUserCommand
addOrgUserCmd *m.AddOrgUserCommand
updateOrgUserCmd *m.UpdateOrgUserCommand
removeOrgUserCmd *m.RemoveOrgUserCommand
}
func (sc *scenarioContext) userQueryReturns(user *m.User) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment