gandc/lldap
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

server: Add a is_readonly attribute to the schema

Browse Source
This commit is contained in:
Valentin Tolmer 2024-08-27 22:51:34 +02:00 committed by nitnelave
parent 3ec44a58be
commit b1384818d2
10 changed files with 38 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
schema.graphql generated
View File

@ -78,6 +78,7 @@ type AttributeSchema {
isVisible: Boolean! isVisible: Boolean!
isEditable: Boolean! isEditable: Boolean!
isHardcoded: Boolean! isHardcoded: Boolean!
isReadonly: Boolean!
} }
"The fields that can be updated for a user." "The fields that can be updated for a user."

1
server/src/domain/handler.rs
View File

@ -147,6 +147,7 @@ pub struct AttributeSchema {
pub is_visible: bool, pub is_visible: bool,
pub is_editable: bool, pub is_editable: bool,
pub is_hardcoded: bool, pub is_hardcoded: bool,
pub is_readonly: bool,
} }
#[derive(PartialEq, Eq, Debug, Serialize, Deserialize, Clone)] #[derive(PartialEq, Eq, Debug, Serialize, Deserialize, Clone)]

1
server/src/domain/model/group_attribute_schema.rs
View File

@ -50,6 +50,7 @@ impl From<Model> for AttributeSchema {
is_visible: value.is_group_visible, is_visible: value.is_group_visible,
is_editable: value.is_group_editable, is_editable: value.is_group_editable,
is_hardcoded: value.is_hardcoded, is_hardcoded: value.is_hardcoded,
is_readonly: false,
} }
} }
} }

1
server/src/domain/model/user_attribute_schema.rs
View File

@ -50,6 +50,7 @@ impl From<Model> for AttributeSchema {
is_visible: value.is_user_visible, is_visible: value.is_user_visible,
is_editable: value.is_user_editable, is_editable: value.is_user_editable,
is_hardcoded: value.is_hardcoded, is_hardcoded: value.is_hardcoded,
is_readonly: false,
} }
} }
} }

9
server/src/domain/schema.rs
View File

@ -43,6 +43,7 @@ impl From<Schema> for PublicSchema {
is_visible: true, is_visible: true,
is_editable: false, is_editable: false,
is_hardcoded: true, is_hardcoded: true,
is_readonly: true,
}, },
AttributeSchema { AttributeSchema {
name: "creation_date".into(), name: "creation_date".into(),
@ -51,6 +52,7 @@ impl From<Schema> for PublicSchema {
is_visible: true, is_visible: true,
is_editable: false, is_editable: false,
is_hardcoded: true, is_hardcoded: true,
is_readonly: true,
}, },
AttributeSchema { AttributeSchema {
name: "mail".into(), name: "mail".into(),
@ -59,6 +61,7 @@ impl From<Schema> for PublicSchema {
is_visible: true, is_visible: true,
is_editable: true, is_editable: true,
is_hardcoded: true, is_hardcoded: true,
is_readonly: false,
}, },
AttributeSchema { AttributeSchema {
name: "uuid".into(), name: "uuid".into(),
@ -67,6 +70,7 @@ impl From<Schema> for PublicSchema {
is_visible: true, is_visible: true,
is_editable: false, is_editable: false,
is_hardcoded: true, is_hardcoded: true,
is_readonly: true,
}, },
AttributeSchema { AttributeSchema {
name: "display_name".into(), name: "display_name".into(),
@ -75,6 +79,7 @@ impl From<Schema> for PublicSchema {
is_visible: true, is_visible: true,
is_editable: true, is_editable: true,
is_hardcoded: true, is_hardcoded: true,
is_readonly: false,
}, },
]); ]);
schema schema
@ -89,6 +94,7 @@ impl From<Schema> for PublicSchema {
is_visible: true, is_visible: true,
is_editable: false, is_editable: false,
is_hardcoded: true, is_hardcoded: true,
is_readonly: true,
}, },
AttributeSchema { AttributeSchema {
name: "creation_date".into(), name: "creation_date".into(),
@ -97,6 +103,7 @@ impl From<Schema> for PublicSchema {
is_visible: true, is_visible: true,
is_editable: false, is_editable: false,
is_hardcoded: true, is_hardcoded: true,
is_readonly: true,
}, },
AttributeSchema { AttributeSchema {
name: "uuid".into(), name: "uuid".into(),
@ -105,6 +112,7 @@ impl From<Schema> for PublicSchema {
is_visible: true, is_visible: true,
is_editable: false, is_editable: false,
is_hardcoded: true, is_hardcoded: true,
is_readonly: true,
}, },
AttributeSchema { AttributeSchema {
name: "display_name".into(), name: "display_name".into(),
@ -113,6 +121,7 @@ impl From<Schema> for PublicSchema {
is_visible: true, is_visible: true,
is_editable: true, is_editable: true,
is_hardcoded: true, is_hardcoded: true,
is_readonly: false,
}, },
]); ]);
schema schema

5
server/src/domain/sql_schema_backend_handler.rs
View File

@ -196,6 +196,7 @@ mod tests {
is_visible: true, is_visible: true,
is_editable: true, is_editable: true,
is_hardcoded: true, is_hardcoded: true,
is_readonly: false,
}, },
AttributeSchema { AttributeSchema {
name: "first_name".into(), name: "first_name".into(),
@ -204,6 +205,7 @@ mod tests {
is_visible: true, is_visible: true,
is_editable: true, is_editable: true,
is_hardcoded: true, is_hardcoded: true,
is_readonly: false,
}, },
AttributeSchema { AttributeSchema {
name: "last_name".into(), name: "last_name".into(),
@ -212,6 +214,7 @@ mod tests {
is_visible: true, is_visible: true,
is_editable: true, is_editable: true,
is_hardcoded: true, is_hardcoded: true,
is_readonly: false,
} }
] ]
}, },
@ -246,6 +249,7 @@ mod tests {
is_visible: false, is_visible: false,
is_editable: false, is_editable: false,
is_hardcoded: false, is_hardcoded: false,
is_readonly: false,
}; };
assert!(fixture assert!(fixture
.handler .handler
@ -329,6 +333,7 @@ mod tests {
is_visible: true, is_visible: true,
is_editable: false, is_editable: false,
is_hardcoded: false, is_hardcoded: false,
is_readonly: false,
}; };
assert!(fixture assert!(fixture
.handler .handler

7
server/src/infra/graphql/mutation.rs
View File

@ -609,6 +609,13 @@ fn deserialize_attribute(
let attribute_schema = attribute_schema let attribute_schema = attribute_schema
.get_attribute_schema(&attribute_name) .get_attribute_schema(&attribute_name)
.ok_or_else(|| anyhow!("Attribute {} is not defined in the schema", attribute.name))?; .ok_or_else(|| anyhow!("Attribute {} is not defined in the schema", attribute.name))?;
if attribute_schema.is_readonly {
return Err(anyhow!(
"Permission denied: Attribute {} is read-only",
attribute.name
)
.into());
}
if !is_admin && !attribute_schema.is_editable { if !is_admin && !attribute_schema.is_editable {
return Err(anyhow!( return Err(anyhow!(
"Permission denied: Attribute {} is not editable by regular users", "Permission denied: Attribute {} is not editable by regular users",

9
server/src/infra/graphql/query.rs
View File

@ -498,6 +498,9 @@ impl<Handler: BackendHandler> AttributeSchema<Handler> {
fn is_hardcoded(&self) -> bool { fn is_hardcoded(&self) -> bool {
self.schema.is_hardcoded self.schema.is_hardcoded
} }
fn is_readonly(&self) -> bool {
self.schema.is_readonly
}
} }
impl<Handler: BackendHandler> Clone for AttributeSchema<Handler> { impl<Handler: BackendHandler> Clone for AttributeSchema<Handler> {
@ -745,6 +748,7 @@ mod tests {
is_visible: true, is_visible: true,
is_editable: true, is_editable: true,
is_hardcoded: true, is_hardcoded: true,
is_readonly: false,
}, },
DomainAttributeSchema { DomainAttributeSchema {
name: "last_name".into(), name: "last_name".into(),
@ -753,6 +757,7 @@ mod tests {
is_visible: true, is_visible: true,
is_editable: true, is_editable: true,
is_hardcoded: true, is_hardcoded: true,
is_readonly: false,
}, },
], ],
}, },
@ -764,6 +769,7 @@ mod tests {
is_visible: true, is_visible: true,
is_editable: true, is_editable: true,
is_hardcoded: false, is_hardcoded: false,
is_readonly: false,
}], }],
}, },
extra_user_object_classes: vec![ extra_user_object_classes: vec![
@ -1125,13 +1131,14 @@ mod tests {
mock.expect_get_schema().times(1).return_once(|| { mock.expect_get_schema().times(1).return_once(|| {
Ok(crate::domain::handler::Schema { Ok(crate::domain::handler::Schema {
user_attributes: AttributeList { user_attributes: AttributeList {
attributes: vec![crate::domain::handler::AttributeSchema { attributes: vec![DomainAttributeSchema {
name: "invisible".into(), name: "invisible".into(),
attribute_type: AttributeType::JpegPhoto, attribute_type: AttributeType::JpegPhoto,
is_list: false, is_list: false,
is_visible: false, is_visible: false,
is_editable: true, is_editable: true,
is_hardcoded: true, is_hardcoded: true,
is_readonly: false,
}], }],
}, },
group_attributes: AttributeList { group_attributes: AttributeList {

2
server/src/infra/ldap_handler.rs
View File

@ -2884,6 +2884,7 @@ mod tests {
is_visible: true, is_visible: true,
is_editable: true, is_editable: true,
is_hardcoded: false, is_hardcoded: false,
is_readonly: false,
}], }],
}, },
group_attributes: AttributeList { group_attributes: AttributeList {
@ -2894,6 +2895,7 @@ mod tests {
is_visible: true, is_visible: true,
is_editable: true, is_editable: true,
is_hardcoded: false, is_hardcoded: false,
is_readonly: false,
}], }],
}, },
extra_user_object_classes: vec![ extra_user_object_classes: vec![

3
server/src/infra/test_utils.rs
View File

@ -84,6 +84,7 @@ pub fn setup_default_schema(mock: &mut MockTestBackendHandler) {
is_visible: true, is_visible: true,
is_editable: true, is_editable: true,
is_hardcoded: true, is_hardcoded: true,
is_readonly: false,
}, },
AttributeSchema { AttributeSchema {
name: "first_name".into(), name: "first_name".into(),
@ -92,6 +93,7 @@ pub fn setup_default_schema(mock: &mut MockTestBackendHandler) {
is_visible: true, is_visible: true,
is_editable: true, is_editable: true,
is_hardcoded: true, is_hardcoded: true,
is_readonly: false,
}, },
AttributeSchema { AttributeSchema {
name: "last_name".into(), name: "last_name".into(),
@ -100,6 +102,7 @@ pub fn setup_default_schema(mock: &mut MockTestBackendHandler) {
is_visible: true, is_visible: true,
is_editable: true, is_editable: true,
is_hardcoded: true, is_hardcoded: true,
is_readonly: false,
}, },
], ],
}, },