feat(app): chnaged users table

in the past ldapUsers had their own table (ldapUsers) and guest users the (guestUsers) table. They are now stored in the same table but with a REALM field BREAKING CHANGE: ldap users are now stored in the "users" table
2024-05-14 14:18:20 +02:00 · 2024-05-14 14:18:20 +02:00 · 4d31f8de68
parent 1c78615597
commit 4d31f8de68
5 changed files with 25 additions and 15 deletions
--- a/ldapApi/main.go
+++ b/ldapApi/main.go
@ -44,7 +44,7 @@ func UserIsInAdminGroup(app *pocketbase.PocketBase, c echo.Context) error {
 	}
 	// return error if user is not in admin group
-	return apis.NewUnauthorizedError("Unauthorized: user must be in admin group for ldap search", nil)
+	return apis.NewUnauthorizedError("Unauthorized", nil)
 }
 // initLdapLogin
@ -138,7 +138,6 @@ func initLdapSearch(app *pocketbase.PocketBase, e *core.ServeEvent) {
 		}
 		// Connect to the LDAP server
 		conn, err := ldap.DialURL(os.Getenv("LDAP_URL"))
 		if err != nil {
 			return apis.NewBadRequestError("unable to connect to ldap server", err)
--- a/ldapSync/db.go
+++ b/ldapSync/db.go
@ -122,6 +122,7 @@ func upsertLDAPUser(app *pocketbase.PocketBase, ldapUser *LDAPUser) error {
 	record.Set("dn", ldapUser.dn)
 	record.Set("cn", ldapUser.cn)
 	record.Set("memberOf", memberOfGroupIds)
 	record.Set("REALM", ldapUser.REALM)
 	if err := app.Dao().SaveRecord(record); err != nil {
 		return fmt.Errorf("failed to upsert user with dn: %s - %w", ldapUser.dn, err)
--- a/ldapSync/ldapSync.go
+++ b/ldapSync/ldapSync.go
@ -169,6 +169,7 @@ func syncLdapUsers(app *pocketbase.PocketBase, ldapClient *ldap.Conn) SyncResult
 			cn:               entry.GetAttributeValue("cn"),
 			msSFU30NisDomain: entry.GetAttributeValue("msSFU30NisDomain"),
 			memberOf:         entry.GetAttributeValues("memberOf"),
 			REALM:            "LDAP",
 		})
 		if err != nil {
 			errors = append(errors, err)
--- a/ldapSync/models.go
+++ b/ldapSync/models.go
@ -10,6 +10,7 @@ type LDAPUser struct {
 	cn               string
 	msSFU30NisDomain string // must be STUVE
 	memberOf         []string
 	REALM            string
 }
 type LDAPGroup struct {
--- a/ldapSync/tables.go
+++ b/ldapSync/tables.go
@ -12,7 +12,7 @@ import (
 	"github.com/pocketbase/pocketbase/tools/types"
 )
-const ldapUsersTableName string = "ldap_users"
+const ldapUsersTableName string = "users"
 const ldapGroupsTableName string = "ldap_groups"
 const ldapSyncLogsTableName string = "ldap_sync_logs"
@ -124,17 +124,17 @@ func createLDAPUsersTable(app *pocketbase.PocketBase) error {
 	form := forms.NewCollectionUpsert(app, collection)
 	form.Name = ldapUsersTableName        // collection name
 	form.Type = models.CollectionTypeAuth // collection type set to auth, otherwise login will not work
-	form.ListRule = nil                   // list rule (only user self can list their own data
+	form.ListRule = nil                   // list rule   (only admins can list)
-	form.ViewRule = nil                   // view rule (only user self can view their own data)
+	form.ViewRule = nil                   // view rule   (only admins can view)
-	form.CreateRule = nil                 // create rule (anyone can create)
+	form.CreateRule = nil                 // create rule (only admins can create)
-	form.UpdateRule = nil                 // update rule (anyone can update)
+	form.UpdateRule = nil                 // update rule (only admins can update)
-	form.DeleteRule = nil                 // delete rule (anyone can delete)
+	form.DeleteRule = nil                 // delete rule (only admins can delete)
 	// add common name field, the collection will also have a field named "username" which is the username field. this field is added automatically by the forms.NewCollectionUpsert() function
 	form.Schema.AddField(&schema.SchemaField{
 		Name:        "cn",
 		Type:        schema.FieldTypeText,
-		Required:    true,
+		Required:    false,
 		Presentable: true,
 	})
@ -142,28 +142,28 @@ func createLDAPUsersTable(app *pocketbase.PocketBase) error {
 	form.Schema.AddField(&schema.SchemaField{
 		Name:     "objectGUID",
 		Type:     schema.FieldTypeText,
-		Required: true,
+		Required: false,
 	})
 	// add distinguished name field
 	form.Schema.AddField(&schema.SchemaField{
 		Name:     "dn",
 		Type:     schema.FieldTypeText,
-		Required: true,
+		Required: false,
 	})
 	// add surname field
 	form.Schema.AddField(&schema.SchemaField{
 		Name:     "sn",
 		Type:     schema.FieldTypeText,
-		Required: true,
+		Required: false,
 	})
 	// add given name field
 	form.Schema.AddField(&schema.SchemaField{
 		Name:     "givenName",
 		Type:     schema.FieldTypeText,
-		Required: true,
+		Required: false,
 	})
 	// add account expires field
@ -173,6 +173,13 @@ func createLDAPUsersTable(app *pocketbase.PocketBase) error {
 		Required: false,
 	})
 	// add account expires field
 	form.Schema.AddField(&schema.SchemaField{
 		Name:     "REALM",
 		Type:     schema.FieldTypeDate,
 		Required: true,
 	})
 	// add groups field
 	form.Schema.AddField(&schema.SchemaField{
 		Name:     "memberOf",
@ -186,8 +193,9 @@ func createLDAPUsersTable(app *pocketbase.PocketBase) error {
 	// create index on username
 	form.Indexes = types.JsonArray[string]{
-		"CREATE UNIQUE INDEX idx_ldapUsers_cn ON " + ldapGroupsTableName + " (cn)",
+		"CREATE UNIQUE INDEX idx_users_username ON " + ldapGroupsTableName + " (username, REALM)", // username must be unique for each realm
-		"CREATE UNIQUE INDEX idx_ldapUsers_objectGUID ON " + ldapSyncLogsTableName + " (objectGUID)",
+		"CREATE UNIQUE INDEX idx_users_cn ON " + ldapGroupsTableName + " (cn)",
 		"CREATE UNIQUE INDEX idx_users_objectGUID ON " + ldapSyncLogsTableName + " (objectGUID)",
 	}
 	return form.Submit()