Merge pull request #13139 from Budibase/feat/BUDI-8046

Allow SCIM and internal users at the same time
This commit is contained in:
Adria Navarro 2024-03-11 10:49:04 +01:00 committed by GitHub
commit 600d593bdd
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
22 changed files with 297 additions and 109 deletions

View File

@ -1,22 +1,41 @@
<script> <script>
import Icon from "./Icon.svelte" import Icon from "./Icon.svelte"
import Tooltip from "../Tooltip/Tooltip.svelte"
import { fade } from "svelte/transition"
export let icon export let icon
export let background export let background
export let color export let color
export let size = "M" export let size = "M"
export let tooltip
let showTooltip = false
</script> </script>
<!-- svelte-ignore a11y-no-static-element-interactions -->
<!-- svelte-ignore a11y-click-events-have-key-events -->
<div <div
class="icon size--{size}" class="icon size--{size}"
style="background: {background || `transparent`};" style="background: {background || `transparent`};"
class:filled={!!background} class:filled={!!background}
on:mouseover={() => (showTooltip = true)}
on:mouseleave={() => (showTooltip = false)}
on:focus={() => (showTooltip = true)}
on:blur={() => (showTooltip = false)}
on:click={() => (showTooltip = false)}
> >
<Icon name={icon} color={background ? "white" : color} /> <Icon name={icon} color={background ? "white" : color} />
{#if tooltip && showTooltip}
<div class="tooltip" in:fade={{ duration: 130, delay: 250 }}>
<Tooltip textWrapping direction="right" text={tooltip} />
</div>
{/if}
</div> </div>
<style> <style>
.icon { .icon {
position: relative;
width: 28px; width: 28px;
height: 28px; height: 28px;
flex: 0 0 28px; flex: 0 0 28px;
@ -32,6 +51,15 @@
width: 16px; width: 16px;
height: 16px; height: 16px;
} }
.icon.size--XS {
width: 18px;
height: 18px;
flex: 0 0 18px;
}
.icon.size--XS :global(.spectrum-Icon) {
width: 10px;
height: 10px;
}
.icon.size--S { .icon.size--S {
width: 22px; width: 22px;
height: 22px; height: 22px;
@ -58,4 +86,14 @@
width: 22px; width: 22px;
height: 22px; height: 22px;
} }
.tooltip {
position: absolute;
pointer-events: none;
left: calc(50% + 8px);
bottom: calc(-50% + 6px);
/* transform: translateY(-50%); */
text-align: center;
z-index: 1;
}
</style> </style>

View File

@ -470,6 +470,7 @@
--table-border: 1px solid var(--spectrum-alias-border-color-mid); --table-border: 1px solid var(--spectrum-alias-border-color-mid);
--cell-padding: var(--spectrum-global-dimension-size-250); --cell-padding: var(--spectrum-global-dimension-size-250);
overflow: auto; overflow: auto;
display: contents;
} }
.wrapper--quiet { .wrapper--quiet {
--table-bg: var(--spectrum-alias-background-color-transparent); --table-bg: var(--spectrum-alias-background-color-transparent);

View File

@ -0,0 +1,23 @@
<script>
import { IconAvatar } from "@budibase/bbui"
export let text = ""
export let iconSize = "S"
</script>
<div class="scim-banner">
<IconAvatar
icon="Sync"
size={iconSize}
background={"var(--spectrum-global-color-gray-500)"}
tooltip="Synced from your AD"
/>
{text}
</div>
<style>
.scim-banner {
display: flex;
gap: var(--spacing-s);
}
</style>

View File

@ -1,15 +0,0 @@
<script>
import { Icon } from "@budibase/bbui"
</script>
<div class="scim-banner">
<Icon name="Info" size="S" />
Users are synced from your AD
</div>
<style>
.scim-banner {
display: flex;
gap: var(--spacing-s);
}
</style>

View File

@ -13,7 +13,7 @@
import ConfirmDialog from "components/common/ConfirmDialog.svelte" import ConfirmDialog from "components/common/ConfirmDialog.svelte"
import { Breadcrumb, Breadcrumbs } from "components/portal/page" import { Breadcrumb, Breadcrumbs } from "components/portal/page"
import { roles } from "stores/builder" import { roles } from "stores/builder"
import { apps, auth, features, groups } from "stores/portal" import { apps, auth, groups } from "stores/portal"
import { onMount, setContext } from "svelte" import { onMount, setContext } from "svelte"
import AppNameTableRenderer from "../users/_components/AppNameTableRenderer.svelte" import AppNameTableRenderer from "../users/_components/AppNameTableRenderer.svelte"
import AppRoleTableRenderer from "../users/_components/AppRoleTableRenderer.svelte" import AppRoleTableRenderer from "../users/_components/AppRoleTableRenderer.svelte"
@ -47,9 +47,9 @@
let loaded = false let loaded = false
let editModal, deleteModal let editModal, deleteModal
$: scimEnabled = $features.isScimEnabled
$: readonly = !sdk.users.isAdmin($auth.user) || scimEnabled
$: group = $groups.find(x => x._id === groupId) $: group = $groups.find(x => x._id === groupId)
$: isScimGroup = group?.scimInfo?.isSync
$: readonly = !sdk.users.isAdmin($auth.user) || isScimGroup
$: groupApps = $apps $: groupApps = $apps
.filter(app => .filter(app =>
groups.actions groups.actions
@ -119,7 +119,6 @@
<div class="header"> <div class="header">
<GroupIcon {group} size="L" /> <GroupIcon {group} size="L" />
<Heading>{group?.name}</Heading> <Heading>{group?.name}</Heading>
{#if !readonly}
<ActionMenu align="right"> <ActionMenu align="right">
<span slot="control"> <span slot="control">
<Icon hoverable name="More" /> <Icon hoverable name="More" />
@ -127,15 +126,20 @@
<MenuItem icon="Refresh" on:click={() => editModal.show()}> <MenuItem icon="Refresh" on:click={() => editModal.show()}>
Edit Edit
</MenuItem> </MenuItem>
<MenuItem icon="Delete" on:click={() => deleteModal.show()}> <div title={isScimGroup && "Group synced from your AD"}>
<MenuItem
icon="Delete"
on:click={() => deleteModal.show()}
disabled={isScimGroup}
>
Delete Delete
</MenuItem> </MenuItem>
</div>
</ActionMenu> </ActionMenu>
{/if}
</div> </div>
<Layout noPadding gap="S"> <Layout noPadding gap="S">
<GroupUsers {groupId} /> <GroupUsers {groupId} {readonly} />
</Layout> </Layout>
<Layout noPadding gap="S"> <Layout noPadding gap="S">

View File

@ -11,6 +11,8 @@
export let group export let group
export let saveGroup export let saveGroup
let readonlyTitle = group?.scimInfo?.isSync
let nameError let nameError
</script> </script>
@ -26,7 +28,12 @@
title={group?._rev ? "Edit group" : "Create group"} title={group?._rev ? "Edit group" : "Create group"}
confirmText="Save" confirmText="Save"
> >
<Input bind:value={group.name} label="Name" error={nameError} /> <Input
bind:value={group.name}
label="Name"
error={nameError}
disabled={readonlyTitle}
/>
<div class="modal-format"> <div class="modal-format">
<div class="modal-inner"> <div class="modal-inner">
<Body size="XS">Icon</Body> <Body size="XS">Icon</Body>

View File

@ -2,8 +2,7 @@
import { Button, Popover, notifications } from "@budibase/bbui" import { Button, Popover, notifications } from "@budibase/bbui"
import UserGroupPicker from "components/settings/UserGroupPicker.svelte" import UserGroupPicker from "components/settings/UserGroupPicker.svelte"
import { createPaginationStore } from "helpers/pagination" import { createPaginationStore } from "helpers/pagination"
import { auth, groups, users } from "stores/portal" import { groups, users } from "stores/portal"
import { sdk } from "@budibase/shared-core"
export let groupId export let groupId
export let onUsersUpdated export let onUsersUpdated
@ -14,7 +13,6 @@
let prevSearch = undefined let prevSearch = undefined
let pageInfo = createPaginationStore() let pageInfo = createPaginationStore()
$: readonly = !sdk.users.isAdmin($auth.user)
$: page = $pageInfo.page $: page = $pageInfo.page
$: searchUsers(page, searchTerm) $: searchUsers(page, searchTerm)
$: group = $groups.find(x => x._id === groupId) $: group = $groups.find(x => x._id === groupId)
@ -43,7 +41,7 @@
</script> </script>
<div bind:this={popoverAnchor}> <div bind:this={popoverAnchor}>
<Button disabled={readonly} on:click={popover.show()} cta>Add user</Button> <Button on:click={popover.show()} cta>Add user</Button>
</div> </div>
<Popover align="right" bind:this={popover} anchor={popoverAnchor}> <Popover align="right" bind:this={popover} anchor={popoverAnchor}>
<UserGroupPicker <UserGroupPicker

View File

@ -5,4 +5,12 @@
export let size = "M" export let size = "M"
</script> </script>
<IconAvatar icon={group?.icon} background={group?.color} {size} /> <div class="icon-group">
<IconAvatar icon={group?.icon} background={group?.color} {size} />
</div>
<style>
.icon-group {
position: relative;
}
</style>

View File

@ -1,5 +1,6 @@
<script> <script>
import GroupIcon from "./GroupIcon.svelte" import GroupIcon from "./GroupIcon.svelte"
import ActiveDirectoryInfo from "../../_components/ActiveDirectoryInfo.svelte"
export let value export let value
export let row export let row
@ -14,13 +15,16 @@
{:else} {:else}
<div class="text">-</div> <div class="text">-</div>
{/if} {/if}
{#if row.scimInfo?.isSync}
<ActiveDirectoryInfo iconSize="XS" />
{/if}
</div> </div>
<style> <style>
.align { .align {
display: flex; display: flex;
align-items: center; align-items: center;
overflow: hidden; overflow: visible;
gap: var(--spacing-m); gap: var(--spacing-m);
max-width: var(--max-cell-width); max-width: var(--max-cell-width);
flex: 1 1 auto; flex: 1 1 auto;

View File

@ -5,13 +5,14 @@
import { fetchData } from "@budibase/frontend-core" import { fetchData } from "@budibase/frontend-core"
import { goto } from "@roxi/routify" import { goto } from "@roxi/routify"
import { API } from "api" import { API } from "api"
import { auth, features, groups } from "stores/portal" import { groups } from "stores/portal"
import { setContext } from "svelte" import { setContext } from "svelte"
import ScimBanner from "../../_components/SCIMBanner.svelte"
import RemoveUserTableRenderer from "../_components/RemoveUserTableRenderer.svelte" import RemoveUserTableRenderer from "../_components/RemoveUserTableRenderer.svelte"
import { sdk } from "@budibase/shared-core" import ActiveDirectoryInfo from "../../_components/ActiveDirectoryInfo.svelte"
export let groupId export let groupId
export let readonly
let emailSearch let emailSearch
let fetchGroupUsers let fetchGroupUsers
@ -49,9 +50,6 @@
}, },
] ]
$: scimEnabled = $features.isScimEnabled
$: readonly = !sdk.users.isAdmin($auth.user) || scimEnabled
const removeUser = async id => { const removeUser = async id => {
await groups.actions.removeUser(groupId, id) await groups.actions.removeUser(groupId, id)
fetchGroupUsers.refresh() fetchGroupUsers.refresh()
@ -63,10 +61,10 @@
</script> </script>
<div class="header"> <div class="header">
{#if !scimEnabled} {#if !readonly}
<EditUserPicker {groupId} onUsersUpdated={fetchGroupUsers.getInitialData} /> <EditUserPicker {groupId} onUsersUpdated={fetchGroupUsers.getInitialData} />
{:else} {:else}
<ScimBanner /> <ActiveDirectoryInfo text="Users synced from your AD" />
{/if} {/if}
<div class="controls-right"> <div class="controls-right">

View File

@ -13,7 +13,7 @@
Search, Search,
notifications, notifications,
} from "@budibase/bbui" } from "@budibase/bbui"
import { groups, auth, licensing, admin, features } from "stores/portal" import { groups, auth, licensing, admin } from "stores/portal"
import { onMount } from "svelte" import { onMount } from "svelte"
import CreateEditGroupModal from "./_components/CreateEditGroupModal.svelte" import CreateEditGroupModal from "./_components/CreateEditGroupModal.svelte"
import { cloneDeep } from "lodash/fp" import { cloneDeep } from "lodash/fp"
@ -21,7 +21,6 @@
import UsersTableRenderer from "./_components/UsersTableRenderer.svelte" import UsersTableRenderer from "./_components/UsersTableRenderer.svelte"
import GroupNameTableRenderer from "./_components/GroupNameTableRenderer.svelte" import GroupNameTableRenderer from "./_components/GroupNameTableRenderer.svelte"
import { goto } from "@roxi/routify" import { goto } from "@roxi/routify"
import ScimBanner from "../_components/SCIMBanner.svelte"
import { sdk } from "@budibase/shared-core" import { sdk } from "@budibase/shared-core"
const DefaultGroup = { const DefaultGroup = {
@ -110,14 +109,10 @@
<div class="controls"> <div class="controls">
<ButtonGroup> <ButtonGroup>
{#if $licensing.groupsEnabled} {#if $licensing.groupsEnabled}
{#if !$features.isScimEnabled}
<!--Show the group create button--> <!--Show the group create button-->
<Button disabled={readonly} cta on:click={showCreateGroupModal}> <Button disabled={readonly} cta on:click={showCreateGroupModal}>
Add group Add group
</Button> </Button>
{:else}
<ScimBanner />
{/if}
{:else} {:else}
<Button <Button
primary primary

View File

@ -18,7 +18,7 @@
Table, Table,
} from "@budibase/bbui" } from "@budibase/bbui"
import { onMount, setContext } from "svelte" import { onMount, setContext } from "svelte"
import { users, auth, groups, apps, licensing, features } from "stores/portal" import { users, auth, groups, apps, licensing } from "stores/portal"
import { roles } from "stores/builder" import { roles } from "stores/builder"
import ForceResetPasswordModal from "./_components/ForceResetPasswordModal.svelte" import ForceResetPasswordModal from "./_components/ForceResetPasswordModal.svelte"
import UserGroupPicker from "components/settings/UserGroupPicker.svelte" import UserGroupPicker from "components/settings/UserGroupPicker.svelte"
@ -30,8 +30,8 @@
import GroupNameTableRenderer from "../groups/_components/GroupNameTableRenderer.svelte" import GroupNameTableRenderer from "../groups/_components/GroupNameTableRenderer.svelte"
import AppNameTableRenderer from "./_components/AppNameTableRenderer.svelte" import AppNameTableRenderer from "./_components/AppNameTableRenderer.svelte"
import AppRoleTableRenderer from "./_components/AppRoleTableRenderer.svelte" import AppRoleTableRenderer from "./_components/AppRoleTableRenderer.svelte"
import ScimBanner from "../_components/SCIMBanner.svelte"
import { sdk } from "@budibase/shared-core" import { sdk } from "@budibase/shared-core"
import ActiveDirectoryInfo from "../_components/ActiveDirectoryInfo.svelte"
export let userId export let userId
@ -87,12 +87,13 @@
let user let user
let loaded = false let loaded = false
$: scimEnabled = $features.isScimEnabled $: internalGroups = $groups?.filter(g => !g?.scimInfo?.isSync)
$: isSSO = !!user?.provider $: isSSO = !!user?.provider
$: readonly = !sdk.users.isAdmin($auth.user) || scimEnabled $: readonly = !sdk.users.isAdmin($auth.user) || user?.scimInfo?.isSync
$: privileged = sdk.users.isAdminOrGlobalBuilder(user) $: privileged = sdk.users.isAdminOrGlobalBuilder(user)
$: nameLabel = getNameLabel(user) $: nameLabel = getNameLabel(user)
$: filteredGroups = getFilteredGroups($groups, searchTerm) $: filteredGroups = getFilteredGroups(internalGroups, searchTerm)
$: availableApps = getAvailableApps($apps, privileged, user?.roles) $: availableApps = getAvailableApps($apps, privileged, user?.roles)
$: userGroups = $groups.filter(x => { $: userGroups = $groups.filter(x => {
return x.users?.find(y => { return x.users?.find(y => {
@ -274,8 +275,8 @@
<Layout noPadding gap="S"> <Layout noPadding gap="S">
<div class="details-title"> <div class="details-title">
<Heading size="S">Details</Heading> <Heading size="S">Details</Heading>
{#if scimEnabled} {#if user?.scimInfo?.isSync}
<ScimBanner /> <ActiveDirectoryInfo text="User synced from your AD" />
{/if} {/if}
</div> </div>
<div class="fields"> <div class="fields">
@ -321,11 +322,11 @@
<Layout gap="S" noPadding> <Layout gap="S" noPadding>
<div class="tableTitle"> <div class="tableTitle">
<Heading size="S">Groups</Heading> <Heading size="S">Groups</Heading>
{#if internalGroups?.length}
<div bind:this={popoverAnchor}> <div bind:this={popoverAnchor}>
<Button disabled={readonly} on:click={popover.show()} secondary> <Button on:click={popover.show()} secondary>Add to group</Button>
Add to group
</Button>
</div> </div>
{/if}
<Popover align="right" bind:this={popover} anchor={popoverAnchor}> <Popover align="right" bind:this={popover} anchor={popoverAnchor}>
<UserGroupPicker <UserGroupPicker
labelKey="name" labelKey="name"

View File

@ -33,6 +33,8 @@
$: reached = licensing.usersLimitReached(userCount) $: reached = licensing.usersLimitReached(userCount)
$: exceeded = licensing.usersLimitExceeded(userCount) $: exceeded = licensing.usersLimitExceeded(userCount)
$: internalGroups = $groups?.filter(g => !g?.scimInfo?.isSync)
function removeInput(idx) { function removeInput(idx) {
userData = userData.filter((e, i) => i !== idx) userData = userData.filter((e, i) => i !== idx)
} }
@ -133,12 +135,12 @@
{/if} {/if}
</Layout> </Layout>
{#if $licensing.groupsEnabled} {#if $licensing.groupsEnabled && internalGroups?.length}
<Multiselect <Multiselect
bind:value={userGroups} bind:value={userGroups}
placeholder="No groups" placeholder="No groups"
label="Groups" label="Groups"
options={$groups} options={internalGroups}
getOptionLabel={option => option.name} getOptionLabel={option => option.name}
getOptionValue={option => option._id} getOptionValue={option => option._id}
/> />

View File

@ -0,0 +1,11 @@
<script>
import ActiveDirectoryInfo from "../../_components/ActiveDirectoryInfo.svelte"
export let value
export let row
</script>
{value}
{#if row.scimInfo?.isSync}
<ActiveDirectoryInfo iconSize="XS" />
{/if}

View File

@ -34,6 +34,8 @@
label: `${option.label} - ${option.subtitle}`, label: `${option.label} - ${option.subtitle}`,
})) }))
$: internalGroups = $groups?.filter(g => !g?.scimInfo?.isSync)
const validEmails = userEmails => { const validEmails = userEmails => {
if ($admin.cloud && userEmails.length > MAX_USERS_UPLOAD_LIMIT) { if ($admin.cloud && userEmails.length > MAX_USERS_UPLOAD_LIMIT) {
notifications.error( notifications.error(
@ -106,12 +108,12 @@
{/if} {/if}
<RadioGroup bind:value={usersRole} options={roleOptions} /> <RadioGroup bind:value={usersRole} options={roleOptions} />
{#if $licensing.groupsEnabled} {#if $licensing.groupsEnabled && internalGroups?.length}
<Multiselect <Multiselect
bind:value={userGroups} bind:value={userGroups}
placeholder="No groups" placeholder="No groups"
label="Groups" label="Groups"
options={$groups} options={internalGroups}
getOptionLabel={option => option.name} getOptionLabel={option => option.name}
getOptionValue={option => option._id} getOptionValue={option => option._id}
/> />

View File

@ -5,6 +5,7 @@
import { sdk } from "@budibase/shared-core" import { sdk } from "@budibase/shared-core"
export let value export let value
export let row
const groupContext = getContext("groups") const groupContext = getContext("groups")
@ -12,12 +13,11 @@
e.stopPropagation() e.stopPropagation()
groupContext.removeGroup(value) groupContext.removeGroup(value)
} }
$: disabled = !sdk.users.isAdmin($auth.user) || row?.scimInfo?.isSync
$: tooltip = row?.scimInfo?.isSync && "This group is managed via your AD"
</script> </script>
<ActionButton <ActionButton {disabled} size="S" on:click={onClick} {tooltip}
disabled={!sdk.users.isAdmin($auth.user)} >Remove</ActionButton
size="S"
on:click={onClick}
> >
Remove
</ActionButton>

View File

@ -19,7 +19,6 @@
auth, auth,
licensing, licensing,
organisation, organisation,
features,
admin, admin,
} from "stores/portal" } from "stores/portal"
import { onMount } from "svelte" import { onMount } from "svelte"
@ -28,6 +27,7 @@
import GroupsTableRenderer from "./_components/GroupsTableRenderer.svelte" import GroupsTableRenderer from "./_components/GroupsTableRenderer.svelte"
import AppsTableRenderer from "./_components/AppsTableRenderer.svelte" import AppsTableRenderer from "./_components/AppsTableRenderer.svelte"
import RoleTableRenderer from "./_components/RoleTableRenderer.svelte" import RoleTableRenderer from "./_components/RoleTableRenderer.svelte"
import EmailTableRenderer from "./_components/EmailTableRenderer.svelte"
import { goto } from "@roxi/routify" import { goto } from "@roxi/routify"
import OnboardingTypeModal from "./_components/OnboardingTypeModal.svelte" import OnboardingTypeModal from "./_components/OnboardingTypeModal.svelte"
import PasswordModal from "./_components/PasswordModal.svelte" import PasswordModal from "./_components/PasswordModal.svelte"
@ -37,7 +37,6 @@
import { Constants, Utils, fetchData } from "@budibase/frontend-core" import { Constants, Utils, fetchData } from "@budibase/frontend-core"
import { API } from "api" import { API } from "api"
import { OnboardingType } from "constants" import { OnboardingType } from "constants"
import ScimBanner from "../_components/SCIMBanner.svelte"
import { sdk } from "@budibase/shared-core" import { sdk } from "@budibase/shared-core"
const fetch = fetchData({ const fetch = fetchData({
@ -63,6 +62,7 @@
let selectedRows = [] let selectedRows = []
let bulkSaveResponse let bulkSaveResponse
let customRenderers = [ let customRenderers = [
{ column: "email", component: EmailTableRenderer },
{ column: "userGroups", component: GroupsTableRenderer }, { column: "userGroups", component: GroupsTableRenderer },
{ column: "apps", component: AppsTableRenderer }, { column: "apps", component: AppsTableRenderer },
{ column: "role", component: RoleTableRenderer }, { column: "role", component: RoleTableRenderer },
@ -73,7 +73,7 @@
let parsedInvites = [] let parsedInvites = []
$: isOwner = $auth.accountPortalAccess && $admin.cloud $: isOwner = $auth.accountPortalAccess && $admin.cloud
$: readonly = !sdk.users.isAdmin($auth.user) || $features.isScimEnabled $: readonly = !sdk.users.isAdmin($auth.user)
$: debouncedUpdateFetch(searchEmail) $: debouncedUpdateFetch(searchEmail)
$: schema = { $: schema = {
email: { email: {
@ -247,19 +247,25 @@
} }
} }
const deleteRows = async () => { const deleteUsers = async () => {
try { try {
let ids = selectedRows.map(user => user._id) let ids = selectedRows.map(user => user._id)
if (ids.includes(get(auth).user._id)) { if (ids.includes(get(auth).user._id)) {
notifications.error("You cannot delete yourself") notifications.error("You cannot delete yourself")
return return
} }
if (selectedRows.some(u => u.scimInfo?.isSync)) {
notifications.error("You cannot remove users created via your AD")
return
}
await users.bulkDelete(ids) await users.bulkDelete(ids)
notifications.success(`Successfully deleted ${selectedRows.length} rows`) notifications.success(`Successfully deleted ${selectedRows.length} rows`)
selectedRows = [] selectedRows = []
await fetch.refresh() await fetch.refresh()
} catch (error) { } catch (error) {
notifications.error("Error deleting rows") notifications.error("Error deleting users")
} }
} }
@ -320,8 +326,6 @@
Import Import
</Button> </Button>
</div> </div>
{:else}
<ScimBanner />
{/if} {/if}
<div class="controls-right"> <div class="controls-right">
<Search bind:value={searchEmail} placeholder="Search" /> <Search bind:value={searchEmail} placeholder="Search" />
@ -330,7 +334,7 @@
item="user" item="user"
on:updaterows on:updaterows
{selectedRows} {selectedRows}
{deleteRows} deleteRows={deleteUsers}
/> />
{/if} {/if}
</div> </div>
@ -346,6 +350,7 @@
{customRenderers} {customRenderers}
loading={!$fetch.loaded || !groupsLoaded} loading={!$fetch.loaded || !groupsLoaded}
/> />
<div class="pagination"> <div class="pagination">
<Pagination <Pagination
page={$fetch.pageNumber + 1} page={$fetch.pageNumber + 1}
@ -355,6 +360,7 @@
goToNextPage={fetch.nextPage} goToNextPage={fetch.nextPage}
/> />
</div> </div>
<Table <Table
schema={pendingSchema} schema={pendingSchema}
data={parsedInvites} data={parsedInvites}
@ -402,6 +408,7 @@
display: flex; display: flex;
flex-direction: row; flex-direction: row;
justify-content: flex-end; justify-content: flex-end;
margin-left: auto;
} }
.controls { .controls {
display: flex; display: flex;

View File

@ -35,7 +35,8 @@ export function createGroupsStore() {
get: getGroup, get: getGroup,
save: async group => { save: async group => {
const response = await API.saveGroup(group) const { _scimInfo, ...dataToSave } = group
const response = await API.saveGroup(dataToSave)
group._id = response._id group._id = response._id
group._rev = response._rev group._rev = response._rev
updateStore(group) updateStore(group)

@ -1 +1 @@
Subproject commit 80a4d8ff998895fc298ee510158a82ce7daebc67 Subproject commit 4e66a0f7042652763c238b10367310b168905f87

View File

@ -23,6 +23,6 @@
"typescript": "5.2.2" "typescript": "5.2.2"
}, },
"dependencies": { "dependencies": {
"scim-patch": "^0.7.0" "scim-patch": "^0.8.1"
} }
} }

View File

@ -10,25 +10,20 @@ import {
import { TestConfiguration } from "../../../../tests" import { TestConfiguration } from "../../../../tests"
import { events } from "@budibase/backend-core" import { events } from "@budibase/backend-core"
// this test can 409 - retries reduce issues with this
jest.retryTimes(2, { logErrorsBeforeRetry: true })
jest.setTimeout(30000) jest.setTimeout(30000)
describe("scim", () => { describe("scim", () => {
beforeAll(async () => { async function setup() {
tk.freeze(mocks.date.MOCK_DATE)
mocks.licenses.useScimIntegration()
await config.setSCIMConfig(true)
})
beforeEach(async () => {
jest.resetAllMocks() jest.resetAllMocks()
tk.freeze(mocks.date.MOCK_DATE) tk.freeze(mocks.date.MOCK_DATE)
mocks.licenses.useScimIntegration() mocks.licenses.useScimIntegration()
mocks.licenses.useGroups()
await config.setSCIMConfig(true) await config.setSCIMConfig(true)
}) }
beforeAll(setup)
beforeEach(setup)
const config = new TestConfiguration() const config = new TestConfiguration()
@ -367,13 +362,77 @@ describe("scim", () => {
}) })
}) })
it("creating an existing user name returns a conflict", async () => { it("creating an external user that conflicts an internal one syncs the existing user", async () => {
const body = structures.scim.createUserRequest() const { body: internalUser } = await config.api.users.saveUser(
structures.users.user()
)
await postScimUser({ body }) const scimUserData = {
externalId: structures.uuid(),
email: internalUser.email,
firstName: structures.generator.first(),
lastName: structures.generator.last(),
username: structures.generator.name(),
}
const scimUserRequest = structures.scim.createUserRequest(scimUserData)
const res = await postScimUser({ body }, { expect: 409 }) const res = await postScimUser(
expect((res as any).message).toBe("Email already in use") { body: scimUserRequest },
{ expect: 200 }
)
const expectedScimUser: ScimUserResponse = {
schemas: ["urn:ietf:params:scim:schemas:core:2.0:User"],
id: internalUser._id!,
externalId: scimUserRequest.externalId,
meta: {
resourceType: "User",
// @ts-ignore
created: mocks.date.MOCK_DATE.toISOString(),
// @ts-ignore
lastModified: mocks.date.MOCK_DATE.toISOString(),
},
userName: scimUserData.username,
name: {
formatted: `${scimUserData.firstName} ${scimUserData.lastName}`,
familyName: scimUserData.lastName,
givenName: scimUserData.firstName,
},
active: true,
emails: [
{
value: internalUser.email,
type: "work",
primary: true,
},
],
}
expect(res).toEqual(expectedScimUser)
})
it("a user cannot be SCIM synchronised with another SCIM user", async () => {
const { body: internalUser } = await config.api.users.saveUser(
structures.users.user()
)
await postScimUser(
{
body: structures.scim.createUserRequest({
email: internalUser.email,
}),
},
{ expect: 200 }
)
await postScimUser(
{
body: structures.scim.createUserRequest({
email: internalUser.email,
}),
},
{ expect: 409 }
)
}) })
}) })
@ -656,7 +715,6 @@ describe("scim", () => {
}) })
it("can fetch groups even if internal groups exist", async () => { it("can fetch groups even if internal groups exist", async () => {
mocks.licenses.useGroups()
await config.api.groups.saveGroup(structures.userGroups.userGroup()) await config.api.groups.saveGroup(structures.userGroups.userGroup())
await config.api.groups.saveGroup(structures.userGroups.userGroup()) await config.api.groups.saveGroup(structures.userGroups.userGroup())
@ -722,6 +780,43 @@ describe("scim", () => {
) )
}) })
}) })
it("creating an external group that conflicts an internal one syncs the existing group", async () => {
const groupToSave = structures.userGroups.userGroup()
const { body: internalGroup } = await config.api.groups.saveGroup(
groupToSave
)
const scimGroupData = {
externalId: structures.uuid(),
displayName: groupToSave.name,
}
const res = await postScimGroup(
{ body: structures.scim.createGroupRequest(scimGroupData) },
{ expect: 200 }
)
expect(res).toEqual(
expect.objectContaining({
id: internalGroup._id!,
externalId: scimGroupData.externalId,
displayName: scimGroupData.displayName,
})
)
})
it("a group cannot be SCIM synchronised with another SCIM group", async () => {
const groupToSave = structures.userGroups.userGroup()
await config.api.groups.saveGroup(groupToSave)
const createGroupRequest = structures.scim.createGroupRequest({
displayName: groupToSave.name,
})
await postScimGroup({ body: createGroupRequest }, { expect: 200 })
await postScimGroup({ body: createGroupRequest }, { expect: 409 })
})
}) })
describe("GET /api/global/scim/v2/groups/:id", () => { describe("GET /api/global/scim/v2/groups/:id", () => {

View File

@ -5666,6 +5666,13 @@
dependencies: dependencies:
undici-types "~5.26.4" undici-types "~5.26.4"
"@types/node@^20.4.5":
version "20.11.25"
resolved "https://registry.yarnpkg.com/@types/node/-/node-20.11.25.tgz#0f50d62f274e54dd7a49f7704cc16bfbcccaf49f"
integrity sha512-TBHyJxk2b7HceLVGFcpAUjsa5zIdsPWlR6XHfyGzd0SFu+/NFgQgMAl96MSDZgQDvJAvV6BKsFOrt6zIL09JDw==
dependencies:
undici-types "~5.26.4"
"@types/nodemailer@^6.4.4": "@types/nodemailer@^6.4.4":
version "6.4.14" version "6.4.14"
resolved "https://registry.yarnpkg.com/@types/nodemailer/-/nodemailer-6.4.14.tgz#5c81a5e856db7f8ede80013e6dbad7c5fb2283e2" resolved "https://registry.yarnpkg.com/@types/nodemailer/-/nodemailer-6.4.14.tgz#5c81a5e856db7f8ede80013e6dbad7c5fb2283e2"
@ -19491,11 +19498,12 @@ schema-utils@^3.1.1, schema-utils@^3.1.2:
ajv "^6.12.5" ajv "^6.12.5"
ajv-keywords "^3.5.2" ajv-keywords "^3.5.2"
scim-patch@^0.7.0: scim-patch@^0.8.1:
version "0.7.0" version "0.8.1"
resolved "https://registry.yarnpkg.com/scim-patch/-/scim-patch-0.7.0.tgz#3f6d94256c07be415a74a49c0ff48dc91e4e0219" resolved "https://registry.yarnpkg.com/scim-patch/-/scim-patch-0.8.1.tgz#611bfdb5538f6d8b97aba0ab0f8bd01055b70c1c"
integrity sha512-wXKcsZl+aLfE0yId7MjiOd91v8as6dEYLFvm1gGu3yJxSPhl1Fl3vWiNN4V3D68UKpqO/umK5rwWc8wGpBaOHw== integrity sha512-JRYTA+mJZ8Z5DJGO7kkFc0lGCDs100rNs7iN77mld7gQajTp1R1xjUzMfZTOMAkBDA75GSdbMmfdfMqMJCn/Yg==
dependencies: dependencies:
"@types/node" "^20.4.5"
fast-deep-equal "3.1.3" fast-deep-equal "3.1.3"
scim2-parse-filter "0.2.8" scim2-parse-filter "0.2.8"