aboutsummaryrefslogtreecommitdiffstats
path: root/services/auth/source/ldap/source_group_sync.go
diff options
context:
space:
mode:
Diffstat (limited to 'services/auth/source/ldap/source_group_sync.go')
-rw-r--r--services/auth/source/ldap/source_group_sync.go94
1 files changed, 0 insertions, 94 deletions
diff --git a/services/auth/source/ldap/source_group_sync.go b/services/auth/source/ldap/source_group_sync.go
deleted file mode 100644
index 95a6084922..0000000000
--- a/services/auth/source/ldap/source_group_sync.go
+++ /dev/null
@@ -1,94 +0,0 @@
-// Copyright 2021 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package ldap
-
-import (
- "code.gitea.io/gitea/models"
- "code.gitea.io/gitea/models/db"
- "code.gitea.io/gitea/models/organization"
- user_model "code.gitea.io/gitea/models/user"
- "code.gitea.io/gitea/modules/log"
-)
-
-// SyncLdapGroupsToTeams maps LDAP groups to organization and team memberships
-func (source *Source) SyncLdapGroupsToTeams(user *user_model.User, ldapTeamAdd, ldapTeamRemove map[string][]string, orgCache map[string]*organization.Organization, teamCache map[string]*organization.Team) {
- var err error
- if source.GroupsEnabled && source.GroupTeamMapRemoval {
- // when the user is not a member of configs LDAP group, remove mapped organizations/teams memberships
- removeMappedMemberships(user, ldapTeamRemove, orgCache, teamCache)
- }
- for orgName, teamNames := range ldapTeamAdd {
- org, ok := orgCache[orgName]
- if !ok {
- org, err = organization.GetOrgByName(orgName)
- if err != nil {
- // organization must be created before LDAP group sync
- log.Warn("LDAP group sync: Could not find organisation %s: %v", orgName, err)
- continue
- }
- orgCache[orgName] = org
- }
-
- for _, teamName := range teamNames {
- team, ok := teamCache[orgName+teamName]
- if !ok {
- team, err = org.GetTeam(teamName)
- if err != nil {
- // team must be created before LDAP group sync
- log.Warn("LDAP group sync: Could not find team %s: %v", teamName, err)
- continue
- }
- teamCache[orgName+teamName] = team
- }
- if isMember, err := organization.IsTeamMember(db.DefaultContext, org.ID, team.ID, user.ID); !isMember && err == nil {
- log.Trace("LDAP group sync: adding user [%s] to team [%s]", user.Name, org.Name)
- } else {
- continue
- }
- err := models.AddTeamMember(team, user.ID)
- if err != nil {
- log.Error("LDAP group sync: Could not add user to team: %v", err)
- }
- }
- }
-}
-
-// remove membership to organizations/teams if user is not member of corresponding LDAP group
-// e.g. lets assume user is member of LDAP group "x", but LDAP group team map contains LDAP groups "x" and "y"
-// then users membership gets removed for all organizations/teams mapped by LDAP group "y"
-func removeMappedMemberships(user *user_model.User, ldapTeamRemove map[string][]string, orgCache map[string]*organization.Organization, teamCache map[string]*organization.Team) {
- var err error
- for orgName, teamNames := range ldapTeamRemove {
- org, ok := orgCache[orgName]
- if !ok {
- org, err = organization.GetOrgByName(orgName)
- if err != nil {
- // organization must be created before LDAP group sync
- log.Warn("LDAP group sync: Could not find organisation %s: %v", orgName, err)
- continue
- }
- orgCache[orgName] = org
- }
- for _, teamName := range teamNames {
- team, ok := teamCache[orgName+teamName]
- if !ok {
- team, err = org.GetTeam(teamName)
- if err != nil {
- // team must must be created before LDAP group sync
- log.Warn("LDAP group sync: Could not find team %s: %v", teamName, err)
- continue
- }
- }
- if isMember, err := organization.IsTeamMember(db.DefaultContext, org.ID, team.ID, user.ID); isMember && err == nil {
- log.Trace("LDAP group sync: removing user [%s] from team [%s]", user.Name, org.Name)
- } else {
- continue
- }
- err = models.RemoveTeamMember(team, user.ID)
- if err != nil {
- log.Error("LDAP group sync: Could not remove user from team: %v", err)
- }
- }
- }
-}
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-27 06:27:02 +0000