Fix memberships of bothcase-users
Only one of both users was recognized as a member of the LDAP group.
This commit is contained in:
Lars Kanis
parent
c6c6562ac4
commit
791f9dc72c
@ -250,31 +250,31 @@ class Application
|
|||||||
MatchedMembership = Struct.new :role_name, :has_member, :state
|
MatchedMembership = Struct.new :role_name, :has_member, :state
|
||||||
|
|
||||||
def match_memberships(ldap_roles, pg_roles)
|
def match_memberships(ldap_roles, pg_roles)
|
||||||
ldap_by_dn = ldap_roles.inject({}){|h,r| h[r.dn] = r; h }
|
hash_of_arrays = Hash.new { |h, k| h[k] = [] }
|
||||||
ldap_by_m2m = ldap_roles.inject([]){|a,r|
|
ldap_by_dn = ldap_roles.inject(hash_of_arrays){|h,r| h[r.dn] << r; h }
|
||||||
|
ldap_by_m2m = ldap_roles.inject([]) do |a,r|
|
||||||
next a unless r.member_dns
|
next a unless r.member_dns
|
||||||
a + r.member_dns.map{|dn|
|
a + r.member_dns.flat_map do |dn|
|
||||||
if has_member=ldap_by_dn[dn]
|
has_members = ldap_by_dn[dn]
|
||||||
|
log.warn{"ldap member with dn #{dn} is unknown"} if has_members.empty?
|
||||||
|
has_members.map do |has_member|
|
||||||
[r.name, has_member.name]
|
[r.name, has_member.name]
|
||||||
else
|
|
||||||
log.warn{"ldap member with dn #{dn} is unknown"}
|
|
||||||
nil
|
|
||||||
end
|
end
|
||||||
}.compact
|
end
|
||||||
}
|
end
|
||||||
|
|
||||||
pg_by_name = pg_roles.inject({}){|h,r| h[r.name] = r; h }
|
hash_of_arrays = Hash.new { |h, k| h[k] = [] }
|
||||||
pg_by_m2m = pg_roles.inject([]){|a,r|
|
pg_by_name = pg_roles.inject(hash_of_arrays){|h,r| h[r.name] << r; h }
|
||||||
|
pg_by_m2m = pg_roles.inject([]) do |a,r|
|
||||||
next a unless r.member_names
|
next a unless r.member_names
|
||||||
a + r.member_names.map{|name|
|
a + r.member_names.flat_map do |name|
|
||||||
if has_member=pg_by_name[name]
|
has_members = pg_by_name[name]
|
||||||
|
log.warn{"pg member with name #{name} is unknown"} if has_members.empty?
|
||||||
|
has_members.map do |has_member|
|
||||||
[r.name, has_member.name]
|
[r.name, has_member.name]
|
||||||
else
|
|
||||||
log.warn{"pg member with name #{name} is unknown"}
|
|
||||||
nil
|
|
||||||
end
|
end
|
||||||
}.compact
|
end
|
||||||
}
|
end
|
||||||
|
|
||||||
memberships = (ldap_by_m2m & pg_by_m2m).map{|r,mo| MatchedMembership.new r, mo, :keep }
|
memberships = (ldap_by_m2m & pg_by_m2m).map{|r,mo| MatchedMembership.new r, mo, :keep }
|
||||||
memberships += (ldap_by_m2m - pg_by_m2m).map{|r,mo| MatchedMembership.new r, mo, :grant }
|
memberships += (ldap_by_m2m - pg_by_m2m).map{|r,mo| MatchedMembership.new r, mo, :grant }
|
||||||
|
|||||||
@ -162,6 +162,7 @@ class TestPgLdapSync < Minitest::Test
|
|||||||
# add 'Fred' to 'Wilmas'
|
# add 'Fred' to 'Wilmas'
|
||||||
@directory[0]['cn=Wilmas,dc=example,dc=com']['member'] << 'cn=Fred Flintstone,dc=example,dc=com'
|
@directory[0]['cn=Wilmas,dc=example,dc=com']['member'] << 'cn=Fred Flintstone,dc=example,dc=com'
|
||||||
end
|
end
|
||||||
|
refute_role('fred')
|
||||||
assert_role('Fred', '', ['All Users', 'Flintstones', 'Wilmas'])
|
assert_role('Fred', '', ['All Users', 'Flintstones', 'Wilmas'])
|
||||||
end
|
end
|
||||||
|
|
||||||
@ -171,6 +172,7 @@ class TestPgLdapSync < Minitest::Test
|
|||||||
@directory[0]['cn=Wilmas,dc=example,dc=com']['member'] << 'cn=Fred Flintstone,dc=example,dc=com'
|
@directory[0]['cn=Wilmas,dc=example,dc=com']['member'] << 'cn=Fred Flintstone,dc=example,dc=com'
|
||||||
end
|
end
|
||||||
assert_role('fred', '', ['All Users', 'all users', 'Flintstones', 'flintstones', 'Wilmas', 'wilmas'])
|
assert_role('fred', '', ['All Users', 'all users', 'Flintstones', 'flintstones', 'Wilmas', 'wilmas'])
|
||||||
|
assert_role('Fred', '', ['All Users', 'all users', 'Flintstones', 'flintstones', 'Wilmas', 'wilmas'])
|
||||||
end
|
end
|
||||||
|
|
||||||
def test_revoke_membership
|
def test_revoke_membership
|
||||||
|
|||||||
Reference in New Issue
Block a user