DEV: Add support for groups in SCIM

2024-10-08 08:42:35 +01:00 · 2024-10-08 08:42:35 +01:00 · 6b4e0e6faa
commit 6b4e0e6faa
parent dafba8c0e1
2 changed files with 72 additions and 1 deletions
--- a/config/settings.yml
+++ b/config/settings.yml
@ -0,0 +1,4 @@
+scim:
+  scim_enabled:
+    default: true
+    client: false
--- a/plugin.rb
+++ b/plugin.rb
@ -18,6 +18,8 @@ gem 'scimitar', '2.9.0', {require: false }

 require "scimitar"

+enabled_site_setting :scim_enabled
+
 module ::DiscourseScimPlugin
  PLUGIN_NAME = "scim"

@ -48,6 +50,15 @@ after_initialize do
            }
          }
        ],
+        groups: [
+          {
+            list:  :groups,
+            using: {
+              value:   :id,
+              display: :name
+            }
+          }
+        ],
        active:       :active
      }
    end
@ -67,7 +78,63 @@ after_initialize do
      {
        displayName:      { column: :name },
        userName:         { column: :username },
-        emails:           { column: :emails }
+        emails:           { column: :emails },
+        groups:           { column: Group.arel_table[:id] },
+        "groups.value" => { column: Group.arel_table[:id] }
+
+      }
+    end
+  
+    include Scimitar::Resources::Mixin
+  end
+
+  class ::Group
+    def scim_users_and_groups
+      self.users.to_a + self.associated_groups.to_a
+    end
+  
+    def scim_users_and_groups=(mixed_array)
+      self.users        = mixed_array.select { |item| item.is_a?(User)  }
+      self.associated_groups = mixed_array.select { |item| item.is_a?(Group) }
+    end
+
+    def self.scim_resource_type
+      Scimitar::Resources::Group
+    end
+  
+    def self.scim_attributes_map
+      {
+        id:          :id,
+        displayName: :name,
+        members:     [ # NB read-write, though individual items' attributes are immutable
+          list:  :scim_users_and_groups, # See adapter accessors, earlier in this file
+          using: {
+            value: :id
+          },
+          find_with: -> (scim_list_entry) {
+            id   = scim_list_entry['value']
+            type = scim_list_entry['type' ] || 'User' # Some online examples omit 'type' and believe 'User' will be assumed
+  
+            case type.downcase
+              when 'user'
+                User.find_by_id(id)
+              when 'group'
+                Group.find_by_id(id)
+              else
+                raise Scimitar::InvalidSyntaxError.new("Unrecognised type #{type.inspect}")
+            end
+          }
+        ]
+      }
+    end
+  
+    def self.scim_mutable_attributes
+      nil
+    end
+  
+    def self.scim_queryable_attributes
+      {
+        displayName: :name
      }
    end