Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit9cc1768

Browse files
committed
feat: groupsync autos to default org
Groupsync made to work with default org.
1 parent86c605c commit9cc1768

File tree

1 file changed

+40
-12
lines changed

1 file changed

+40
-12
lines changed

‎coderd/userauth.go

Lines changed: 40 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -1217,8 +1217,10 @@ type oauthLoginParams struct {
12171217
// to the Groups provided.
12181218
UsingGroupsbool
12191219
CreateMissingGroupsbool
1220-
Groupsmap[uuid.UUID][]string
1221-
GroupFilter*regexp.Regexp
1220+
// These are the group names from the IDP. Internally, they will map to
1221+
// some organization groups.
1222+
Groups []string
1223+
GroupFilter*regexp.Regexp
12221224
// Is UsingRoles is true, then the user will be assigned
12231225
// the roles provided.
12241226
UsingRolesbool
@@ -1301,7 +1303,6 @@ func (api *API) oauthLogin(r *http.Request, params *oauthLoginParams) ([]*http.C
13011303
link database.UserLink
13021304
errerror
13031305
)
1304-
13051306
user=params.User
13061307
link=params.Link
13071308

@@ -1457,23 +1458,50 @@ func (api *API) oauthLogin(r *http.Request, params *oauthLoginParams) ([]*http.C
14571458
}
14581459

14591460
// Ensure groups are correct.
1461+
// This places all groups into the default organization.
1462+
// To go multi-org, we need to add a mapping feature here to know which
1463+
// groups go to which orgs.
14601464
ifparams.UsingGroups {
14611465
filtered:=params.Groups
14621466
ifparams.GroupFilter!=nil {
1463-
// For each org, filter the groups.
1464-
fororgID,groups:=rangefiltered {
1465-
filteredList:=make([]string,0,len(groups))
1466-
for_,group:=rangegroups {
1467-
ifparams.GroupFilter.MatchString(group) {
1468-
filteredList=append(filteredList,group)
1469-
}
1467+
filtered=make([]string,0,len(params.Groups))
1468+
for_,group:=rangeparams.Groups {
1469+
ifparams.GroupFilter.MatchString(group) {
1470+
filtered=append(filtered,group)
14701471
}
1471-
filtered[orgID]=filteredList
14721472
}
14731473
}
14741474

1475+
//nolint:gocritic // No user present in the context.
1476+
defaultOrganization,err:=tx.GetDefaultOrganization(dbauthz.AsSystemRestricted(ctx))
1477+
iferr!=nil {
1478+
// If there is no default org, then we can't assign groups.
1479+
// By default, we assume all groups belong to the default org.
1480+
returnxerrors.Errorf("get default organization: %w",err)
1481+
}
1482+
1483+
//nolint:gocritic // No user present in the context.
1484+
memberships,err:=tx.GetOrganizationMembershipsByUserID(dbauthz.AsSystemRestricted(ctx),user.ID)
1485+
iferr!=nil {
1486+
returnxerrors.Errorf("get organization memberships: %w",err)
1487+
}
1488+
1489+
inDefault:=false
1490+
for_,membership:=rangememberships {
1491+
ifmembership.OrganizationID==defaultOrganization.ID {
1492+
inDefault=true
1493+
break
1494+
}
1495+
}
1496+
1497+
if!inDefault {
1498+
returnxerrors.Errorf("user %s is not a member of the default organization, cannot assign to groups in the org",user.ID)
1499+
}
1500+
14751501
//nolint:gocritic
1476-
err:=api.Options.SetUserGroups(dbauthz.AsSystemRestricted(ctx),logger,tx,user.ID,filtered,params.CreateMissingGroups)
1502+
err=api.Options.SetUserGroups(dbauthz.AsSystemRestricted(ctx),logger,tx,user.ID,map[uuid.UUID][]string{
1503+
defaultOrganization.ID:filtered,
1504+
},params.CreateMissingGroups)
14771505
iferr!=nil {
14781506
returnxerrors.Errorf("set user groups: %w",err)
14791507
}

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp