Skip to content

Commit

Permalink
debug(Groups): log group handling upon login
Browse files Browse the repository at this point in the history 
Signed-off-by: Arthur Schiwon <[email protected]>
  • Loading branch information
@blizzz
blizzz committed Sep 18, 2024
1 parent 5d3e657 commit f664265
Showing 1 changed file with 11 additions and 3 deletions.
14 changes: 11 additions & 3 deletions lib/GroupManager.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,7 @@ public function __construct(
private function getGroupsToRemove(array $samlGroupNames, array $assignedGroups): array {
$groupsToRemove = [];
foreach ($assignedGroups as $group) {
\OCP\Log\logger('user_saml')->debug('Checking group {group} for removal', ['group' => $group->getGID()]);
// if group is not supplied by SAML and group has SAML backend
if (!in_array($group->getGID(), $samlGroupNames) && $this->hasSamlBackend($group)) {
$groupsToRemove[] = $group->getGID();
Expand All @@ -88,6 +89,7 @@ private function getGroupsToRemove(array $samlGroupNames, array $assignedGroups)
private function getGroupsToAdd(array $samlGroupNames, array $assignedGroupIds): array {
$groupsToAdd = [];
foreach ($samlGroupNames as $groupName) {
\OCP\Log\logger('user_saml')->debug('Checking group {group} for addition', ['group' => $groupName]);
$group = $this->groupManager->get($groupName);
// if user is not assigned to the group or the provided group has a non SAML backend
if (!in_array($groupName, $assignedGroupIds) || !$this->hasSamlBackend($group)) {
Expand Down Expand Up @@ -286,11 +288,17 @@ protected function hasGroupForeignMembers(IGroup $group): bool {
* allowed only for groups owned by the SAML backend.
*/
protected function mayModifyGroup(?IGroup $group): bool {
return
$isInTransitionList =
$group !== null
&& $group->getGID() !== 'admin'
&& in_array('Database', $group->getBackendNames())
&& $this->isGroupInTransitionList($group->getGID())
&& !$this->hasGroupForeignMembers($group);
&& $this->isGroupInTransitionList($group->getGID());

if ($isInTransitionList) {
\OCP\Log\logger('user_saml')->debug('Checking group {group} for foreign members', ['group' => $group->getGID()]);
$hasOnlySamlUsers = !$this->hasGroupForeignMembers($group);
\OCP\Log\logger('user_saml')->debug('Completed checking group {group} for foreign members', ['group' => $group->getGID()]);
}
return $isInTransitionList && $hasOnlySamlUsers;
}
}

0 comments on commit f664265

Please sign in to comment.