diff options
| author | Arthur Schiwon <blizzz@arthur-schiwon.de> | 2023-11-21 20:20:16 +0100 |
|---|---|---|
| committer | Arthur Schiwon <blizzz@arthur-schiwon.de> | 2023-12-05 13:55:42 +0100 |
| commit | 7236b041333e2275c8a9825852a0ba694bba1129 (patch) | |
| tree | 9fae9dc575e947cfee6166a795a140b40168cf23 /build | |
| parent | 2e9f364aa6c0285a98c0bf2b1361f8cc503bbded (diff) | |
| download | nextcloud-server-7236b041333e2275c8a9825852a0ba694bba1129.tar.gz nextcloud-server-7236b041333e2275c8a9825852a0ba694bba1129.zip | |
enh(LDAP): implement IIsAdmin interface
- add configuration to specify one LDAP group acting as admin group (CLI)
- implement `isAdmin()` method, basically relying on inGroup against the
configured group
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
Diffstat (limited to 'build')
| -rw-r--r-- | build/integration/ldap_features/openldap-numerical-id.feature | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/build/integration/ldap_features/openldap-numerical-id.feature b/build/integration/ldap_features/openldap-numerical-id.feature index 4ea63823295..75eb6827192 100644 --- a/build/integration/ldap_features/openldap-numerical-id.feature +++ b/build/integration/ldap_features/openldap-numerical-id.feature @@ -66,3 +66,31 @@ Scenario: Test LDAP group membership with intermediate groups not matching filte | 50194 | 1 | | 59376 | 1 | | 59463 | 1 | + +Scenario: Test LDAP admin group mapping, empowered user + Given modify LDAP configuration + | ldapBaseGroups | ou=NumericGroups,dc=nextcloud,dc=ci | + | ldapGroupFilter | (objectclass=groupOfNames) | + | ldapGroupMemberAssocAttr | member | + | ldapAdminGroup | 3001 | + | useMemberOfToDetectMembership | 1 | + And cookies are reset + # alice, part of the promoted group + And Logging in using web as "92379" + And sending "GET" to "/cloud/groups" + And sending "GET" to "/cloud/groups/2000/users" + And Sending a "GET" to "/index.php/settings/admin/overview" with requesttoken + Then the HTTP status code should be "200" + +Scenario: Test LDAP admin group mapping, regular user (no access) + Given modify LDAP configuration + | ldapBaseGroups | ou=NumericGroups,dc=nextcloud,dc=ci | + | ldapGroupFilter | (objectclass=groupOfNames) | + | ldapGroupMemberAssocAttr | member | + | ldapAdminGroup | 3001 | + | useMemberOfToDetectMembership | 1 | + And cookies are reset + # gustaf, not part of the promoted group + And Logging in using web as "59376" + And Sending a "GET" to "/index.php/settings/admin/overview" with requesttoken + Then the HTTP status code should be "403" |