e81ccc406b
Change all license headers to comply with REUSE specification. Fix #16132 Co-authored-by: flynnnnnnnnnn <flynnnnnnnnnn@github> Co-authored-by: John Olheiser <john.olheiser@gmail.com>
95 lines
3.4 KiB
Go
95 lines
3.4 KiB
Go
// Copyright 2021 The Gitea Authors. All rights reserved.
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
package ldap
|
|
|
|
import (
|
|
"code.gitea.io/gitea/models"
|
|
"code.gitea.io/gitea/models/db"
|
|
"code.gitea.io/gitea/models/organization"
|
|
user_model "code.gitea.io/gitea/models/user"
|
|
"code.gitea.io/gitea/modules/log"
|
|
)
|
|
|
|
// SyncLdapGroupsToTeams maps LDAP groups to organization and team memberships
|
|
func (source *Source) SyncLdapGroupsToTeams(user *user_model.User, ldapTeamAdd, ldapTeamRemove map[string][]string, orgCache map[string]*organization.Organization, teamCache map[string]*organization.Team) {
|
|
var err error
|
|
if source.GroupsEnabled && source.GroupTeamMapRemoval {
|
|
// when the user is not a member of configs LDAP group, remove mapped organizations/teams memberships
|
|
removeMappedMemberships(user, ldapTeamRemove, orgCache, teamCache)
|
|
}
|
|
for orgName, teamNames := range ldapTeamAdd {
|
|
org, ok := orgCache[orgName]
|
|
if !ok {
|
|
org, err = organization.GetOrgByName(orgName)
|
|
if err != nil {
|
|
// organization must be created before LDAP group sync
|
|
log.Warn("LDAP group sync: Could not find organisation %s: %v", orgName, err)
|
|
continue
|
|
}
|
|
orgCache[orgName] = org
|
|
}
|
|
|
|
for _, teamName := range teamNames {
|
|
team, ok := teamCache[orgName+teamName]
|
|
if !ok {
|
|
team, err = org.GetTeam(teamName)
|
|
if err != nil {
|
|
// team must be created before LDAP group sync
|
|
log.Warn("LDAP group sync: Could not find team %s: %v", teamName, err)
|
|
continue
|
|
}
|
|
teamCache[orgName+teamName] = team
|
|
}
|
|
if isMember, err := organization.IsTeamMember(db.DefaultContext, org.ID, team.ID, user.ID); !isMember && err == nil {
|
|
log.Trace("LDAP group sync: adding user [%s] to team [%s]", user.Name, org.Name)
|
|
} else {
|
|
continue
|
|
}
|
|
err := models.AddTeamMember(team, user.ID)
|
|
if err != nil {
|
|
log.Error("LDAP group sync: Could not add user to team: %v", err)
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
// remove membership to organizations/teams if user is not member of corresponding LDAP group
|
|
// e.g. lets assume user is member of LDAP group "x", but LDAP group team map contains LDAP groups "x" and "y"
|
|
// then users membership gets removed for all organizations/teams mapped by LDAP group "y"
|
|
func removeMappedMemberships(user *user_model.User, ldapTeamRemove map[string][]string, orgCache map[string]*organization.Organization, teamCache map[string]*organization.Team) {
|
|
var err error
|
|
for orgName, teamNames := range ldapTeamRemove {
|
|
org, ok := orgCache[orgName]
|
|
if !ok {
|
|
org, err = organization.GetOrgByName(orgName)
|
|
if err != nil {
|
|
// organization must be created before LDAP group sync
|
|
log.Warn("LDAP group sync: Could not find organisation %s: %v", orgName, err)
|
|
continue
|
|
}
|
|
orgCache[orgName] = org
|
|
}
|
|
for _, teamName := range teamNames {
|
|
team, ok := teamCache[orgName+teamName]
|
|
if !ok {
|
|
team, err = org.GetTeam(teamName)
|
|
if err != nil {
|
|
// team must must be created before LDAP group sync
|
|
log.Warn("LDAP group sync: Could not find team %s: %v", teamName, err)
|
|
continue
|
|
}
|
|
}
|
|
if isMember, err := organization.IsTeamMember(db.DefaultContext, org.ID, team.ID, user.ID); isMember && err == nil {
|
|
log.Trace("LDAP group sync: removing user [%s] from team [%s]", user.Name, org.Name)
|
|
} else {
|
|
continue
|
|
}
|
|
err = models.RemoveTeamMember(team, user.ID)
|
|
if err != nil {
|
|
log.Error("LDAP group sync: Could not remove user from team: %v", err)
|
|
}
|
|
}
|
|
}
|
|
}
|