graphql: Add a filter by group

This commit is contained in:
Valentin Tolmer 2021-09-24 22:35:31 +02:00 committed by nitnelave
parent 09a23a1e59
commit eb974e781c
5 changed files with 31 additions and 10 deletions

View file

@ -29,6 +29,8 @@ input RequestFilter {
all: [RequestFilter!]
not: RequestFilter
eq: EqualityConstraint
memberOf: String
memberOfId: Int
}
"DateTime"

View file

@ -48,8 +48,10 @@ pub enum RequestFilter {
Or(Vec<RequestFilter>),
Not(Box<RequestFilter>),
Equality(String, String),
// Check if a user belongs to a group.
// Check if a user belongs to a group identified by name.
MemberOf(String),
// Same, by id.
MemberOfId(GroupId),
}
#[derive(PartialEq, Eq, Debug, Serialize, Deserialize, Clone, Default)]

View file

@ -65,6 +65,10 @@ fn get_filter_expr(filter: RequestFilter) -> (RequiresGroup, SimpleExpr) {
RequiresGroup(true),
Expr::col((Groups::Table, Groups::DisplayName)).eq(group),
),
MemberOfId(group_id) => (
RequiresGroup(true),
Expr::col((Groups::Table, Groups::GroupId)).eq(group_id),
),
}
}

View file

@ -1,4 +1,4 @@
use crate::domain::handler::{BackendHandler, GroupIdAndName};
use crate::domain::handler::{BackendHandler, GroupId, GroupIdAndName};
use juniper::{graphql_object, FieldResult, GraphQLInputObject};
use serde::{Deserialize, Serialize};
use std::convert::TryInto;
@ -16,6 +16,8 @@ pub struct RequestFilter {
all: Option<Vec<RequestFilter>>,
not: Option<Box<RequestFilter>>,
eq: Option<EqualityConstraint>,
member_of: Option<String>,
member_of_id: Option<i32>,
}
impl TryInto<DomainRequestFilter> for RequestFilter {
@ -34,6 +36,12 @@ impl TryInto<DomainRequestFilter> for RequestFilter {
if self.eq.is_some() {
field_count += 1;
}
if self.member_of.is_some() {
field_count += 1;
}
if self.member_of_id.is_some() {
field_count += 1;
}
if field_count == 0 {
return Err("No field specified in request filter".to_string());
}
@ -60,6 +68,12 @@ impl TryInto<DomainRequestFilter> for RequestFilter {
if let Some(c) = self.not {
return Ok(DomainRequestFilter::Not(Box::new((*c).try_into()?)));
}
if let Some(group) = self.member_of {
return Ok(DomainRequestFilter::MemberOf(group));
}
if let Some(group_id) = self.member_of_id {
return Ok(DomainRequestFilter::MemberOfId(GroupId(group_id)));
}
unreachable!();
}
}
@ -239,10 +253,7 @@ impl<Handler: BackendHandler> From<DomainGroup> for Group<Handler> {
#[cfg(test)]
mod tests {
use super::*;
use crate::{
domain::handler::{GroupId, GroupIdAndName, MockTestBackendHandler},
infra::auth_service::ValidationResults,
};
use crate::{domain::handler::MockTestBackendHandler, infra::auth_service::ValidationResults};
use juniper::{
execute, graphql_value, DefaultScalarValue, EmptyMutation, EmptySubscription, GraphQLType,
RootNode, Variables,

View file

@ -318,8 +318,7 @@ impl<Backend: BackendHandler + LoginHandler> LdapHandler<Backend> {
#[cfg(test)]
mod tests {
use super::*;
use crate::domain::handler::BindRequest;
use crate::domain::handler::MockTestBackendHandler;
use crate::domain::handler::{BindRequest, MockTestBackendHandler};
use mockall::predicate::eq;
use tokio;
@ -665,14 +664,17 @@ mod tests {
msgid: 2,
base: "ou=people,dc=example,dc=com".to_string(),
scope: LdapSearchScope::Base,
filter: LdapFilter::Present("uid".to_string()),
filter: LdapFilter::Substring(
"uid".to_string(),
ldap3_server::proto::LdapSubstringFilter::default(),
),
attrs: vec!["objectClass".to_string()],
};
assert_eq!(
ldap_handler.do_search(&request).await,
vec![request.gen_error(
LdapResultCode::UnwillingToPerform,
"Unsupported filter".to_string()
"Unsupported filter: Unsupported filter: Substring(\"uid\", LdapSubstringFilter { initial: None, any: [], final_: None })".to_string()
)]
);
}