Merge pull request #13233 from Budibase/fix/group-fields-protection
Group fields protection
This commit is contained in:
commit
4f30c45ed6
|
@ -49,7 +49,8 @@
|
|||
|
||||
$: group = $groups.find(x => x._id === groupId)
|
||||
$: isScimGroup = group?.scimInfo?.isSync
|
||||
$: readonly = !sdk.users.isAdmin($auth.user) || isScimGroup
|
||||
$: isAdmin = sdk.users.isAdmin($auth.user)
|
||||
$: readonly = !isAdmin || isScimGroup
|
||||
$: groupApps = $apps
|
||||
.filter(app =>
|
||||
groups.actions
|
||||
|
@ -123,14 +124,18 @@
|
|||
<span slot="control">
|
||||
<Icon hoverable name="More" />
|
||||
</span>
|
||||
<MenuItem icon="Refresh" on:click={() => editModal.show()}>
|
||||
<MenuItem
|
||||
icon="Refresh"
|
||||
on:click={() => editModal.show()}
|
||||
disabled={!isAdmin}
|
||||
>
|
||||
Edit
|
||||
</MenuItem>
|
||||
<div title={isScimGroup && "Group synced from your AD"}>
|
||||
<MenuItem
|
||||
icon="Delete"
|
||||
on:click={() => deleteModal.show()}
|
||||
disabled={isScimGroup}
|
||||
disabled={readonly}
|
||||
>
|
||||
Delete
|
||||
</MenuItem>
|
||||
|
@ -139,7 +144,7 @@
|
|||
</div>
|
||||
|
||||
<Layout noPadding gap="S">
|
||||
<GroupUsers {groupId} {readonly} />
|
||||
<GroupUsers {groupId} {readonly} {isScimGroup} />
|
||||
</Layout>
|
||||
|
||||
<Layout noPadding gap="S">
|
||||
|
|
|
@ -13,6 +13,7 @@
|
|||
|
||||
export let groupId
|
||||
export let readonly
|
||||
export let isScimGroup
|
||||
|
||||
let emailSearch
|
||||
let fetchGroupUsers
|
||||
|
@ -61,10 +62,10 @@
|
|||
</script>
|
||||
|
||||
<div class="header">
|
||||
{#if !readonly}
|
||||
<EditUserPicker {groupId} onUsersUpdated={fetchGroupUsers.getInitialData} />
|
||||
{:else}
|
||||
{#if isScimGroup}
|
||||
<ActiveDirectoryInfo text="Users synced from your AD" />
|
||||
{:else if !readonly}
|
||||
<EditUserPicker {groupId} onUsersUpdated={fetchGroupUsers.getInitialData} />
|
||||
{/if}
|
||||
|
||||
<div class="controls-right">
|
||||
|
|
|
@ -35,7 +35,9 @@ export function createGroupsStore() {
|
|||
get: getGroup,
|
||||
|
||||
save: async group => {
|
||||
const { _scimInfo, ...dataToSave } = group
|
||||
const { ...dataToSave } = group
|
||||
delete dataToSave.scimInfo
|
||||
delete dataToSave.userGroups
|
||||
const response = await API.saveGroup(dataToSave)
|
||||
group._id = response._id
|
||||
group._rev = response._rev
|
||||
|
|
|
@ -1 +1 @@
|
|||
Subproject commit e565db07f6c51868087e88dfebde0328493443e6
|
||||
Subproject commit c4c98ae70f2e936009250893898ecf11f4ddf2c3
|
|
@ -104,19 +104,81 @@ describe("/api/global/groups", () => {
|
|||
expect(events.group.permissionsEdited).not.toBeCalled()
|
||||
})
|
||||
|
||||
describe("scim", () => {
|
||||
async function createScimGroup() {
|
||||
mocks.licenses.useScimIntegration()
|
||||
await config.setSCIMConfig(true)
|
||||
|
||||
const scimGroup = await config.api.scimGroupsAPI.post({
|
||||
body: structures.scim.createGroupRequest({
|
||||
displayName: generator.word(),
|
||||
}),
|
||||
})
|
||||
|
||||
const { body: group } = await config.api.groups.find(scimGroup.id)
|
||||
|
||||
expect(group).toBeDefined()
|
||||
return group
|
||||
}
|
||||
|
||||
it("update will not allow sending SCIM fields", async () => {
|
||||
const group = await createScimGroup()
|
||||
|
||||
const updatedGroup: UserGroup = {
|
||||
...group,
|
||||
name: generator.word(),
|
||||
}
|
||||
await config.api.groups.saveGroup(updatedGroup, {
|
||||
expect: {
|
||||
message: 'Invalid body - "scimInfo" is not allowed',
|
||||
status: 400,
|
||||
},
|
||||
})
|
||||
|
||||
expect(events.group.updated).not.toBeCalled()
|
||||
})
|
||||
|
||||
it("update will not amend the SCIM fields", async () => {
|
||||
const group: UserGroup = await createScimGroup()
|
||||
|
||||
const updatedGroup: UserGroup = {
|
||||
...group,
|
||||
name: generator.word(),
|
||||
scimInfo: undefined,
|
||||
}
|
||||
|
||||
await config.api.groups.saveGroup(updatedGroup, {
|
||||
expect: 200,
|
||||
})
|
||||
|
||||
expect(events.group.updated).toBeCalledTimes(1)
|
||||
expect(
|
||||
(
|
||||
await config.api.groups.find(group._id!, {
|
||||
expect: 200,
|
||||
})
|
||||
).body
|
||||
).toEqual(
|
||||
expect.objectContaining({
|
||||
...group,
|
||||
name: updatedGroup.name,
|
||||
scimInfo: group.scimInfo,
|
||||
_rev: expect.any(String),
|
||||
})
|
||||
)
|
||||
})
|
||||
})
|
||||
})
|
||||
|
||||
describe("destroy", () => {
|
||||
it("should be able to delete a basic group", async () => {
|
||||
const group = structures.groups.UserGroup()
|
||||
let oldGroup = await config.api.groups.saveGroup(group)
|
||||
await config.api.groups.deleteGroup(
|
||||
oldGroup.body._id,
|
||||
oldGroup.body._rev
|
||||
)
|
||||
await config.api.groups.deleteGroup(oldGroup.body._id, oldGroup.body._rev)
|
||||
|
||||
expect(events.group.deleted).toBeCalledTimes(1)
|
||||
})
|
||||
})
|
||||
})
|
||||
|
||||
describe("find users", () => {
|
||||
describe("without users", () => {
|
||||
|
@ -147,7 +209,7 @@ describe("/api/global/groups", () => {
|
|||
|
||||
await Promise.all(
|
||||
Array.from({ length: 30 }).map(async (_, i) => {
|
||||
const email = `user${i}@example.com`
|
||||
const email = `user${i}+${generator.guid()}@example.com`
|
||||
const user = await config.api.users.saveUser({
|
||||
...structures.users.user(),
|
||||
email,
|
||||
|
@ -257,12 +319,16 @@ describe("/api/global/groups", () => {
|
|||
})
|
||||
})
|
||||
|
||||
it("update should return 200", async () => {
|
||||
it("update should return forbidden", async () => {
|
||||
await config.withUser(builder, async () => {
|
||||
await config.api.groups.updateGroupUsers(group._id!, {
|
||||
await config.api.groups.updateGroupUsers(
|
||||
group._id!,
|
||||
{
|
||||
add: [builder._id!],
|
||||
remove: [],
|
||||
})
|
||||
},
|
||||
{ expect: 403 }
|
||||
)
|
||||
})
|
||||
})
|
||||
})
|
||||
|
|
|
@ -7,7 +7,10 @@ export class GroupsAPI extends TestAPI {
|
|||
super(config)
|
||||
}
|
||||
|
||||
saveGroup = (group: UserGroup, { expect } = { expect: 200 }) => {
|
||||
saveGroup = (
|
||||
group: UserGroup,
|
||||
{ expect }: { expect: number | object } = { expect: 200 }
|
||||
) => {
|
||||
return this.request
|
||||
.post(`/api/global/groups`)
|
||||
.send(group)
|
||||
|
@ -44,14 +47,15 @@ export class GroupsAPI extends TestAPI {
|
|||
|
||||
updateGroupUsers = (
|
||||
id: string,
|
||||
body: { add: string[]; remove: string[] }
|
||||
body: { add: string[]; remove: string[] },
|
||||
{ expect } = { expect: 200 }
|
||||
) => {
|
||||
return this.request
|
||||
.post(`/api/global/groups/${id}/users`)
|
||||
.send(body)
|
||||
.set(this.config.defaultHeaders())
|
||||
.expect("Content-Type", /json/)
|
||||
.expect(200)
|
||||
.expect(expect)
|
||||
}
|
||||
|
||||
fetch = ({ expect } = { expect: 200 }) => {
|
||||
|
@ -61,4 +65,12 @@ export class GroupsAPI extends TestAPI {
|
|||
.expect("Content-Type", /json/)
|
||||
.expect(expect)
|
||||
}
|
||||
|
||||
find = (id: string, { expect } = { expect: 200 }) => {
|
||||
return this.request
|
||||
.get(`/api/global/groups/${id}`)
|
||||
.set(this.config.defaultHeaders())
|
||||
.expect("Content-Type", /json/)
|
||||
.expect(expect)
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue