afan
/
gitea
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
gitea源码
2 Commits
2 Branches
Tree: f5d5e77162
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'f5d5e77162'
${ noResults }
gitea/services/auth/source/source_group_sync.go

source_group_sync.go 4.0KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117 
  1. // Copyright 2022 The Gitea Authors. All rights reserved.

  2. // SPDX-License-Identifier: MIT

  3. 

  4. package source

  5. 

  6. import (

  7. 	"context"

  8. 	"fmt"

  9. 

  10. 	"code.gitea.io/gitea/models/organization"

  11. 	user_model "code.gitea.io/gitea/models/user"

  12. 	"code.gitea.io/gitea/modules/container"

  13. 	"code.gitea.io/gitea/modules/log"

  14. 	org_service "code.gitea.io/gitea/services/org"

  15. )

  16. 

  17. type syncType int

  18. 

  19. const (

  20. 	syncAdd syncType = iota

  21. 	syncRemove

  22. )

  23. 

  24. // SyncGroupsToTeams maps authentication source groups to organization and team memberships

  25. func SyncGroupsToTeams(ctx context.Context, user *user_model.User, sourceUserGroups container.Set[string], sourceGroupTeamMapping map[string]map[string][]string, performRemoval bool) error {

  26. 	orgCache := make(map[string]*organization.Organization)

  27. 	teamCache := make(map[string]*organization.Team)

  28. 	return SyncGroupsToTeamsCached(ctx, user, sourceUserGroups, sourceGroupTeamMapping, performRemoval, orgCache, teamCache)

  29. }

  30. 

  31. // SyncGroupsToTeamsCached maps authentication source groups to organization and team memberships

  32. func SyncGroupsToTeamsCached(ctx context.Context, user *user_model.User, sourceUserGroups container.Set[string], sourceGroupTeamMapping map[string]map[string][]string, performRemoval bool, orgCache map[string]*organization.Organization, teamCache map[string]*organization.Team) error {

  33. 	membershipsToAdd, membershipsToRemove := resolveMappedMemberships(sourceUserGroups, sourceGroupTeamMapping)

  34. 

  35. 	if performRemoval {

  36. 		if err := syncGroupsToTeamsCached(ctx, user, membershipsToRemove, syncRemove, orgCache, teamCache); err != nil {

  37. 			return fmt.Errorf("could not sync[remove] user groups: %w", err)

  38. 		}

  39. 	}

  40. 

  41. 	if err := syncGroupsToTeamsCached(ctx, user, membershipsToAdd, syncAdd, orgCache, teamCache); err != nil {

  42. 		return fmt.Errorf("could not sync[add] user groups: %w", err)

  43. 	}

  44. 

  45. 	return nil

  46. }

  47. 

  48. func resolveMappedMemberships(sourceUserGroups container.Set[string], sourceGroupTeamMapping map[string]map[string][]string) (map[string][]string, map[string][]string) {

  49. 	membershipsToAdd := map[string][]string{}

  50. 	membershipsToRemove := map[string][]string{}

  51. 	for group, memberships := range sourceGroupTeamMapping {

  52. 		isUserInGroup := sourceUserGroups.Contains(group)

  53. 		if isUserInGroup {

  54. 			for org, teams := range memberships {

  55. 				membershipsToAdd[org] = append(membershipsToAdd[org], teams...)

  56. 			}

  57. 		} else {

  58. 			for org, teams := range memberships {

  59. 				membershipsToRemove[org] = append(membershipsToRemove[org], teams...)

  60. 			}

  61. 		}

  62. 	}

  63. 	return membershipsToAdd, membershipsToRemove

  64. }

  65. 

  66. func syncGroupsToTeamsCached(ctx context.Context, user *user_model.User, orgTeamMap map[string][]string, action syncType, orgCache map[string]*organization.Organization, teamCache map[string]*organization.Team) error {

  67. 	for orgName, teamNames := range orgTeamMap {

  68. 		var err error

  69. 		org, ok := orgCache[orgName]

  70. 		if !ok {

  71. 			org, err = organization.GetOrgByName(ctx, orgName)

  72. 			if err != nil {

  73. 				if organization.IsErrOrgNotExist(err) {

  74. 					// organization must be created before group sync

  75. 					log.Warn("group sync: Could not find organisation %s: %v", orgName, err)

  76. 					continue

  77. 				}

  78. 				return err

  79. 			}

  80. 			orgCache[orgName] = org

  81. 		}

  82. 		for _, teamName := range teamNames {

  83. 			team, ok := teamCache[orgName+teamName]

  84. 			if !ok {

  85. 				team, err = org.GetTeam(ctx, teamName)

  86. 				if err != nil {

  87. 					if organization.IsErrTeamNotExist(err) {

  88. 						// team must be created before group sync

  89. 						log.Warn("group sync: Could not find team %s: %v", teamName, err)

  90. 						continue

  91. 					}

  92. 					return err

  93. 				}

  94. 				teamCache[orgName+teamName] = team

  95. 			}

  96. 

  97. 			isMember, err := organization.IsTeamMember(ctx, org.ID, team.ID, user.ID)

  98. 			if err != nil {

  99. 				return err

  100. 			}

  101. 

  102. 			if action == syncAdd && !isMember {

  103. 				if err := org_service.AddTeamMember(ctx, team, user); err != nil {

  104. 					log.Error("group sync: Could not add user to team: %v", err)

  105. 					return err

  106. 				}

  107. 			} else if action == syncRemove && isMember {

  108. 				if err := org_service.RemoveTeamMember(ctx, team, user); err != nil {

  109. 					log.Error("group sync: Could not remove user from team: %v", err)

  110. 					return err

  111. 				}

  112. 			}

  113. 		}

  114. 	}

  115. 	return nil

  116. }