diff options
| author | Arthur Schiwon <blizzz@arthur-schiwon.de> | 2023-11-21 20:20:16 +0100 |
|---|---|---|
| committer | Arthur Schiwon <blizzz@arthur-schiwon.de> | 2023-12-01 12:48:24 +0100 |
| commit | d6b356c63bdf07b094d69ded0d865eab28a0ba55 (patch) | |
| tree | 396c432bd4ce57e5509e7d7d4185e15158fb6171 /build | |
| parent | 546cf0ed2fa5ca7143953639f3a86b58505498a8 (diff) | |
| download | nextcloud-server-d6b356c63bdf07b094d69ded0d865eab28a0ba55.tar.gz nextcloud-server-d6b356c63bdf07b094d69ded0d865eab28a0ba55.zip | |
enh(LDAP): implement IIsAdmin interface
- add configuration to specify one LDAP group acting as admin group (CLI)
- implement `isAdmin()` method, basically relying on inGroup against the
configured group
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
Diffstat (limited to 'build')
| -rw-r--r-- | build/integration/ldap_features/openldap-numerical-id.feature | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/build/integration/ldap_features/openldap-numerical-id.feature b/build/integration/ldap_features/openldap-numerical-id.feature index 4ea63823295..75eb6827192 100644 --- a/build/integration/ldap_features/openldap-numerical-id.feature +++ b/build/integration/ldap_features/openldap-numerical-id.feature @@ -66,3 +66,31 @@ Scenario: Test LDAP group membership with intermediate groups not matching filte | 50194 | 1 | | 59376 | 1 | | 59463 | 1 | + +Scenario: Test LDAP admin group mapping, empowered user + Given modify LDAP configuration + | ldapBaseGroups | ou=NumericGroups,dc=nextcloud,dc=ci | + | ldapGroupFilter | (objectclass=groupOfNames) | + | ldapGroupMemberAssocAttr | member | + | ldapAdminGroup | 3001 | + | useMemberOfToDetectMembership | 1 | + And cookies are reset + # alice, part of the promoted group + And Logging in using web as "92379" + And sending "GET" to "/cloud/groups" + And sending "GET" to "/cloud/groups/2000/users" + And Sending a "GET" to "/index.php/settings/admin/overview" with requesttoken + Then the HTTP status code should be "200" + +Scenario: Test LDAP admin group mapping, regular user (no access) + Given modify LDAP configuration + | ldapBaseGroups | ou=NumericGroups,dc=nextcloud,dc=ci | + | ldapGroupFilter | (objectclass=groupOfNames) | + | ldapGroupMemberAssocAttr | member | + | ldapAdminGroup | 3001 | + | useMemberOfToDetectMembership | 1 | + And cookies are reset + # gustaf, not part of the promoted group + And Logging in using web as "59376" + And Sending a "GET" to "/index.php/settings/admin/overview" with requesttoken + Then the HTTP status code should be "403" |