server: Add graphQL methods to manage custom LDAP object classes

2024-11-25 09:06:03 +00:00 · 2024-02-06 22:28:24 +01:00 · 2024-02-06 22:28:24 +01:00 · 96f5b31e0c
commit 96f5b31e0c
parent 4955b7fac1
3 changed files with 109 additions and 2 deletions
--- a/schema.graphql
+++ b/schema.graphql
@ -18,6 +18,10 @@ type Mutation {
  addGroupAttribute(name: String!, attributeType: AttributeType!, isList: Boolean!, isVisible: Boolean!, isEditable: Boolean!): Success!
  deleteUserAttribute(name: String!): Success!
  deleteGroupAttribute(name: String!): Success!
+  addUserObjectClass(name: String!): Success!
+  addGroupObjectClass(name: String!): Success!
+  deleteUserObjectClass(name: String!): Success!
+  deleteGroupObjectClass(name: String!): Success!
 }

 type Group {
--- a/server/src/infra/access_control.rs
+++ b/server/src/infra/access_control.rs
@ -12,7 +12,10 @@ use crate::domain::{
        UpdateUserRequest, UserBackendHandler, UserListerBackendHandler, UserRequestFilter,
    },
    schema::PublicSchema,
-    types::{AttributeName, Group, GroupDetails, GroupId, GroupName, User, UserAndGroups, UserId},
+    types::{
+        AttributeName, Group, GroupDetails, GroupId, GroupName, LdapObjectClass, User,
+        UserAndGroups, UserId,
+    },
 };

 #[derive(Clone, Copy, PartialEq, Eq, Debug)]
@ -112,6 +115,10 @@ pub trait AdminBackendHandler:
    async fn add_group_attribute(&self, request: CreateAttributeRequest) -> Result<()>;
    async fn delete_user_attribute(&self, name: &AttributeName) -> Result<()>;
    async fn delete_group_attribute(&self, name: &AttributeName) -> Result<()>;
+    async fn add_user_object_class(&self, name: &LdapObjectClass) -> Result<()>;
+    async fn add_group_object_class(&self, name: &LdapObjectClass) -> Result<()>;
+    async fn delete_user_object_class(&self, name: &LdapObjectClass) -> Result<()>;
+    async fn delete_group_object_class(&self, name: &LdapObjectClass) -> Result<()>;
 }

 #[async_trait]
@ -187,6 +194,18 @@ impl<Handler: BackendHandler> AdminBackendHandler for Handler {
    async fn delete_group_attribute(&self, name: &AttributeName) -> Result<()> {
        <Handler as SchemaBackendHandler>::delete_group_attribute(self, name).await
    }
+    async fn add_user_object_class(&self, name: &LdapObjectClass) -> Result<()> {
+        <Handler as SchemaBackendHandler>::add_user_object_class(self, name).await
+    }
+    async fn add_group_object_class(&self, name: &LdapObjectClass) -> Result<()> {
+        <Handler as SchemaBackendHandler>::add_group_object_class(self, name).await
+    }
+    async fn delete_user_object_class(&self, name: &LdapObjectClass) -> Result<()> {
+        <Handler as SchemaBackendHandler>::delete_user_object_class(self, name).await
+    }
+    async fn delete_group_object_class(&self, name: &LdapObjectClass) -> Result<()> {
+        <Handler as SchemaBackendHandler>::delete_group_object_class(self, name).await
+    }
 }

 pub struct AccessControlledBackendHandler<Handler> {
--- a/server/src/infra/graphql/mutation.rs
+++ b/server/src/infra/graphql/mutation.rs
@ -9,7 +9,7 @@ use crate::{
        },
        types::{
            AttributeName, AttributeType, AttributeValue as DomainAttributeValue, GroupId,
-            JpegPhoto, UserId,
+            JpegPhoto, LdapObjectClass, UserId,
        },
    },
    infra::{
@ -490,6 +490,90 @@ impl<Handler: BackendHandler> Mutation<Handler> {
            .await?;
        Ok(Success::new())
    }
+
+    async fn add_user_object_class(
+        context: &Context<Handler>,
+        name: String,
+    ) -> FieldResult<Success> {
+        let span = debug_span!("[GraphQL mutation] add_user_object_class");
+        span.in_scope(|| {
+            debug!(?name);
+        });
+        let handler = context
+            .get_admin_handler()
+            .ok_or_else(field_error_callback(
+                &span,
+                "Unauthorized object class addition",
+            ))?;
+        handler
+            .add_user_object_class(&LdapObjectClass::from(name))
+            .instrument(span)
+            .await?;
+        Ok(Success::new())
+    }
+
+    async fn add_group_object_class(
+        context: &Context<Handler>,
+        name: String,
+    ) -> FieldResult<Success> {
+        let span = debug_span!("[GraphQL mutation] add_group_object_class");
+        span.in_scope(|| {
+            debug!(?name);
+        });
+        let handler = context
+            .get_admin_handler()
+            .ok_or_else(field_error_callback(
+                &span,
+                "Unauthorized object class addition",
+            ))?;
+        handler
+            .add_group_object_class(&LdapObjectClass::from(name))
+            .instrument(span)
+            .await?;
+        Ok(Success::new())
+    }
+
+    async fn delete_user_object_class(
+        context: &Context<Handler>,
+        name: String,
+    ) -> FieldResult<Success> {
+        let span = debug_span!("[GraphQL mutation] delete_user_object_class");
+        span.in_scope(|| {
+            debug!(?name);
+        });
+        let handler = context
+            .get_admin_handler()
+            .ok_or_else(field_error_callback(
+                &span,
+                "Unauthorized object class deletion",
+            ))?;
+        handler
+            .delete_user_object_class(&LdapObjectClass::from(name))
+            .instrument(span)
+            .await?;
+        Ok(Success::new())
+    }
+
+    async fn delete_group_object_class(
+        context: &Context<Handler>,
+        name: String,
+    ) -> FieldResult<Success> {
+        let span = debug_span!("[GraphQL mutation] delete_group_object_class");
+        span.in_scope(|| {
+            debug!(?name);
+        });
+        let handler = context
+            .get_admin_handler()
+            .ok_or_else(field_error_callback(
+                &span,
+                "Unauthorized object class deletion",
+            ))?;
+        handler
+            .delete_group_object_class(&LdapObjectClass::from(name))
+            .instrument(span)
+            .await?;
+        Ok(Success::new())
+    }
 }

 async fn create_group_with_details<Handler: BackendHandler>(