discourse-scim/plugin.rb

156 lines
3.8 KiB
Ruby

# frozen_string_literal: true
# name: discourse-scim
# about: A plugin to add SCIM endpoints to discourse
# version: 0.0.1
# authors: Peter Bouda
# url: https://forge.libre.sh/libre.sh/discourse-scim
gem 'marcel', '1.0.0', {require: false }
gem 'activestorage', '7.1.4', {require: false }
gem 'actiontext', '7.1.4', {require: false }
gem 'actionmailbox', '7.1.4', {require: false }
gem 'websocket-extensions', '0.1.0', {require: false }
gem 'websocket-driver', '0.6.1', {require: false }
gem 'actioncable', '7.1.4', {require: false }
gem 'rails', '7.1.4', {require: false }
gem 'scimitar', '2.9.0', {require: false }
require "scimitar"
enabled_site_setting :scim_enabled
add_api_key_scope(
:scim,
{
access_scim_endpoints: {
actions: %w[scim_v2/users#index scim_v2/users#show scim_v2/users#create
scim_v2/users#replace scim_v2/users#update scim_v2/users#destroy
scim_v2/groups#index scim_v2/groups#show scim_v2/groups#create
scim_v2/groups#update],
},
},
)
module ::DiscourseScim
PLUGIN_NAME = "scim"
require_relative "lib/discourse_scim/engine"
end
after_initialize do
# TODO: Check how to avoid monkey patching here
class ::User
def self.scim_resource_type
Scimitar::Resources::User
end
def self.scim_attributes_map
{
id: :id,
userName: :username,
displayName: :name,
name: {
formatted: :name
},
emails: [
{
match: "type",
with: "work",
using: {
value: :email,
primary: true
}
}
],
groups: [
{
list: :groups,
using: {
value: :id,
display: :name
}
}
],
active: :active
}
end
def self.scim_timestamps_map
{
created: :created_at,
lastModified: :updated_at
}
end
def self.scim_mutable_attributes
nil
end
def self.scim_queryable_attributes
{
displayName: { column: :name },
userName: { column: :username },
emails: { column: :emails },
groups: { column: Group.arel_table[:id] },
"groups.value" => { column: Group.arel_table[:id] }
}
end
include Scimitar::Resources::Mixin
end
class ::Group
def scim_users_and_groups
self.users.to_a + self.associated_groups.to_a
end
def scim_users_and_groups=(mixed_array)
self.users = mixed_array.select { |item| item.is_a?(User) }
self.associated_groups = mixed_array.select { |item| item.is_a?(Group) }
end
def self.scim_resource_type
Scimitar::Resources::Group
end
def self.scim_attributes_map
{
id: :id,
displayName: :name,
members: [ # NB read-write, though individual items' attributes are immutable
list: :scim_users_and_groups, # See adapter accessors, earlier in this file
using: {
value: :id
},
find_with: -> (scim_list_entry) {
id = scim_list_entry['value']
type = scim_list_entry['type' ] || 'User' # Some online examples omit 'type' and believe 'User' will be assumed
case type.downcase
when 'user'
User.find_by_id(id)
when 'group'
Group.find_by_id(id)
else
raise Scimitar::InvalidSyntaxError.new("Unrecognised type #{type.inspect}")
end
}
]
}
end
def self.scim_mutable_attributes
nil
end
def self.scim_queryable_attributes
{
displayName: :name
}
end
include Scimitar::Resources::Mixin
end
end