diff options
| author | Arthur Schiwon <blizzz@arthur-schiwon.de> | 2023-11-21 20:20:16 +0100 |
|---|---|---|
| committer | backportbot-nextcloud[bot] <backportbot-nextcloud[bot]@users.noreply.github.com> | 2023-12-04 18:52:19 +0000 |
| commit | d8215fbcee5934e48585938ffc587bbe76d9c758 (patch) | |
| tree | 2f9fc0f0a76ecde0eebb62834d756f4bf5577b52 /build | |
| parent | 9ab80200357e85b204ca29a3bac66ed4419357e5 (diff) | |
| download | nextcloud-server-d8215fbcee5934e48585938ffc587bbe76d9c758.tar.gz nextcloud-server-d8215fbcee5934e48585938ffc587bbe76d9c758.zip | |
enh(LDAP): implement IIsAdmin interface
- add configuration to specify one LDAP group acting as admin group (CLI)
- implement `isAdmin()` method, basically relying on inGroup against the
configured group
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
Diffstat (limited to 'build')
| -rw-r--r-- | build/integration/ldap_features/openldap-numerical-id.feature | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/build/integration/ldap_features/openldap-numerical-id.feature b/build/integration/ldap_features/openldap-numerical-id.feature index 4ea63823295..75eb6827192 100644 --- a/build/integration/ldap_features/openldap-numerical-id.feature +++ b/build/integration/ldap_features/openldap-numerical-id.feature @@ -66,3 +66,31 @@ Scenario: Test LDAP group membership with intermediate groups not matching filte | 50194 | 1 | | 59376 | 1 | | 59463 | 1 | + +Scenario: Test LDAP admin group mapping, empowered user + Given modify LDAP configuration + | ldapBaseGroups | ou=NumericGroups,dc=nextcloud,dc=ci | + | ldapGroupFilter | (objectclass=groupOfNames) | + | ldapGroupMemberAssocAttr | member | + | ldapAdminGroup | 3001 | + | useMemberOfToDetectMembership | 1 | + And cookies are reset + # alice, part of the promoted group + And Logging in using web as "92379" + And sending "GET" to "/cloud/groups" + And sending "GET" to "/cloud/groups/2000/users" + And Sending a "GET" to "/index.php/settings/admin/overview" with requesttoken + Then the HTTP status code should be "200" + +Scenario: Test LDAP admin group mapping, regular user (no access) + Given modify LDAP configuration + | ldapBaseGroups | ou=NumericGroups,dc=nextcloud,dc=ci | + | ldapGroupFilter | (objectclass=groupOfNames) | + | ldapGroupMemberAssocAttr | member | + | ldapAdminGroup | 3001 | + | useMemberOfToDetectMembership | 1 | + And cookies are reset + # gustaf, not part of the promoted group + And Logging in using web as "59376" + And Sending a "GET" to "/index.php/settings/admin/overview" with requesttoken + Then the HTTP status code should be "403" |