Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
1396177d
Commit
1396177d
authored
Apr 16, 2020
by
Blair Lunceford
Committed by
Imre Farkas
Apr 16, 2020
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add LDAP User Filter to group link API
parent
66f4082d
Changes
5
Expand all
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
248 additions
and
74 deletions
+248
-74
doc/api/groups.md
doc/api/groups.md
+42
-20
ee/changelogs/unreleased/4435-add-ldap-user-filter-to-group-link-api.yml
...nreleased/4435-add-ldap-user-filter-to-group-link-api.yml
+5
-0
ee/lib/api/ldap_group_links.rb
ee/lib/api/ldap_group_links.rb
+38
-4
ee/lib/ee/api/entities/ldap_group_link.rb
ee/lib/ee/api/entities/ldap_group_link.rb
+1
-0
ee/spec/requests/api/ldap_group_links_spec.rb
ee/spec/requests/api/ldap_group_links_spec.rb
+162
-50
No files found.
doc/api/groups.md
View file @
1396177d
...
@@ -862,49 +862,71 @@ Lists LDAP group links.
...
@@ -862,49 +862,71 @@ Lists LDAP group links.
GET /groups/:id/ldap_group_links
GET /groups/:id/ldap_group_links
```
```
Parameters:
| Attribute | Type | Required | Description |
| --------- | -------------- | -------- | ----------- |
-
`id`
(required) - The ID of a group
|
`id`
| integer/string | yes | The ID or
[
URL-encoded path of the group
](
README.md#namespaced-path-encoding
)
|
### Add LDAP group link **(STARTER)**
### Add LDAP group link
with CN or filter
**(STARTER)**
Adds an LDAP group link.
Adds an LDAP group link
using a CN or filter. Adding a group link by filter is only supported in the Premium tier and above
.
```
plaintext
```
plaintext
POST /groups/:id/ldap_group_links
POST /groups/:id/ldap_group_links
```
```
Parameters:
| Attribute | Type | Required | Description |
| --------- | -------------- | -------- | ----------- |
|
`id`
| integer/string | yes | The ID or
[
URL-encoded path of the group
](
README.md#namespaced-path-encoding
)
|
|
`cn`
| string | no | The CN of an LDAP group |
|
`filter`
| string | no | The LDAP filter for the group |
|
`group_access`
| integer | yes | Minimum access level for members of the LDAP group |
|
`provider`
| string | yes | LDAP provider for the LDAP group link |
-
`id`
(required) - The ID of a group
NOTE:
**Note:**
-
`cn`
(required) - The CN of a LDAP group
To define the LDAP group link, provide either a
`cn`
or a
`filter`
, but not both.
-
`group_access`
(required) - Minimum access level for members of the LDAP group
-
`provider`
(required) - LDAP provider for the LDAP group
### Delete LDAP group link **(STARTER)**
### Delete LDAP group link **(STARTER)**
Deletes an LDAP group link.
Deletes an LDAP group link.
Deprecated. Will be removed in a future release.
```
plaintext
```
plaintext
DELETE /groups/:id/ldap_group_links/:cn
DELETE /groups/:id/ldap_group_links/:cn
```
```
Parameters:
| Attribute | Type | Required | Description |
| --------- | -------------- | -------- | ----------- |
-
`id`
(required) - The ID of a group
|
`id`
| integer/string | yes | The ID or
[
URL-encoded path of the group
](
README.md#namespaced-path-encoding
)
|
-
`cn`
(required) - The CN of a LDAP group
|
`cn`
| string | yes | The CN of an LDAP group |
Deletes a
LDAP group link for a specific LDAP provider
Deletes a
n LDAP group link for a specific LDAP provider. Deprecated. Will be removed in a future release.
```
plaintext
```
plaintext
DELETE /groups/:id/ldap_group_links/:provider/:cn
DELETE /groups/:id/ldap_group_links/:provider/:cn
```
```
Parameters:
| Attribute | Type | Required | Description |
| --------- | -------------- | -------- | ----------- |
|
`id`
| integer/string | yes | The ID or
[
URL-encoded path of the group
](
README.md#namespaced-path-encoding
)
|
|
`cn`
| string | yes | The CN of an LDAP group |
|
`provider`
| string | yes | LDAP provider for the LDAP group link |
### Delete LDAP group link with CN or filter **(STARTER)**
Deletes an LDAP group link using a CN or filter. Deleting by filter is only supported in the Premium tier and above.
```
plaintext
DELETE /groups/:id/ldap_group_links
```
-
`id`
(required) - The ID of a group
| Attribute | Type | Required | Description |
-
`cn`
(required) - The CN of a LDAP group
| --------- | -------------- | -------- | ----------- |
-
`provider`
(required) - Name of a LDAP provider
|
`id`
| integer/string | yes | The ID or
[
URL-encoded path of the group
](
README.md#namespaced-path-encoding
)
|
|
`cn`
| string | no | The CN of an LDAP group |
|
`filter`
| string | no | The LDAP filter for the group |
|
`provider`
| string | yes | LDAP provider for the LDAP group link |
NOTE:
**Note:**
To delete the LDAP group link, provide either a
`cn`
or a
`filter`
, but not both.
## Namespaces in groups
## Namespaces in groups
...
...
ee/changelogs/unreleased/4435-add-ldap-user-filter-to-group-link-api.yml
0 → 100644
View file @
1396177d
---
title
:
Add LDAP user filter to group link API
merge_request
:
26202
author
:
type
:
added
ee/lib/api/ldap_group_links.rb
View file @
1396177d
...
@@ -16,7 +16,8 @@ module API
...
@@ -16,7 +16,8 @@ module API
authorize!
:admin_group
,
group
authorize!
:admin_group
,
group
ldap_group_links
=
group
.
ldap_group_links
ldap_group_links
=
group
.
ldap_group_links
if
ldap_group_links
&&
ldap_group_links
!=
[]
if
ldap_group_links
.
present?
present
ldap_group_links
,
with:
EE
::
API
::
Entities
::
LdapGroupLink
present
ldap_group_links
,
with:
EE
::
API
::
Entities
::
LdapGroupLink
else
else
render_api_error!
(
'No linked LDAP groups found'
,
404
)
render_api_error!
(
'No linked LDAP groups found'
,
404
)
...
@@ -27,16 +28,20 @@ module API
...
@@ -27,16 +28,20 @@ module API
success
EE
::
API
::
Entities
::
LdapGroupLink
success
EE
::
API
::
Entities
::
LdapGroupLink
end
end
params
do
params
do
requires
'cn'
,
type:
String
,
desc:
'The CN of a LDAP group'
optional
'cn'
,
type:
String
,
desc:
'The CN of a LDAP group'
optional
'filter'
,
type:
String
,
desc:
'The LDAP user filter'
requires
'group_access'
,
type:
Integer
,
values:
Gitlab
::
Access
.
all_values
,
requires
'group_access'
,
type:
Integer
,
values:
Gitlab
::
Access
.
all_values
,
desc:
'Level of permissions for the linked LDAP group'
desc:
'Level of permissions for the linked LDAP group'
requires
'provider'
,
type:
String
,
desc:
'The LDAP provider for this LDAP group'
requires
'provider'
,
type:
String
,
desc:
'The LDAP provider for this LDAP group'
exactly_one_of
:cn
,
:filter
end
end
post
":id/ldap_group_links"
do
post
":id/ldap_group_links"
do
group
=
find_group
(
params
[
:id
])
group
=
find_group
(
params
[
:id
])
authorize!
:admin_group
,
group
authorize!
:admin_group
,
group
break
not_found!
if
params
[
:filter
]
&&
!
group
.
feature_available?
(
:ldap_group_sync_filter
)
ldap_group_link
=
group
.
ldap_group_links
.
new
(
declared_params
(
include_missing:
false
))
ldap_group_link
=
group
.
ldap_group_links
.
new
(
declared_params
(
include_missing:
false
))
if
ldap_group_link
.
save
if
ldap_group_link
.
save
present
ldap_group_link
,
with:
EE
::
API
::
Entities
::
LdapGroupLink
present
ldap_group_link
,
with:
EE
::
API
::
Entities
::
LdapGroupLink
else
else
...
@@ -44,7 +49,9 @@ module API
...
@@ -44,7 +49,9 @@ module API
end
end
end
end
desc
'Remove a linked LDAP group from group'
desc
'Remove a linked LDAP group from group'
do
detail
'Duplicate. DEPRECATED and will be removed in a later version'
end
params
do
params
do
requires
'cn'
,
type:
String
,
desc:
'The CN of a LDAP group'
requires
'cn'
,
type:
String
,
desc:
'The CN of a LDAP group'
end
end
...
@@ -54,6 +61,7 @@ module API
...
@@ -54,6 +61,7 @@ module API
authorize!
:admin_group
,
group
authorize!
:admin_group
,
group
ldap_group_link
=
group
.
ldap_group_links
.
find_by
(
cn:
params
[
:cn
])
ldap_group_link
=
group
.
ldap_group_links
.
find_by
(
cn:
params
[
:cn
])
if
ldap_group_link
if
ldap_group_link
ldap_group_link
.
destroy
ldap_group_link
.
destroy
no_content!
no_content!
...
@@ -63,7 +71,9 @@ module API
...
@@ -63,7 +71,9 @@ module API
end
end
# rubocop: enable CodeReuse/ActiveRecord
# rubocop: enable CodeReuse/ActiveRecord
desc
'Remove a linked LDAP group from group'
desc
'Remove a linked LDAP group from group'
do
detail
'Duplicate. DEPRECATED and will be removed in a later version'
end
params
do
params
do
requires
'cn'
,
type:
String
,
desc:
'The CN of a LDAP group'
requires
'cn'
,
type:
String
,
desc:
'The CN of a LDAP group'
requires
'provider'
,
type:
String
,
desc:
'The LDAP provider for this LDAP group'
requires
'provider'
,
type:
String
,
desc:
'The LDAP provider for this LDAP group'
...
@@ -74,6 +84,7 @@ module API
...
@@ -74,6 +84,7 @@ module API
authorize!
:admin_group
,
group
authorize!
:admin_group
,
group
ldap_group_link
=
group
.
ldap_group_links
.
find_by
(
cn:
params
[
:cn
],
provider:
params
[
:provider
])
ldap_group_link
=
group
.
ldap_group_links
.
find_by
(
cn:
params
[
:cn
],
provider:
params
[
:provider
])
if
ldap_group_link
if
ldap_group_link
ldap_group_link
.
destroy
ldap_group_link
.
destroy
no_content!
no_content!
...
@@ -82,6 +93,29 @@ module API
...
@@ -82,6 +93,29 @@ module API
end
end
end
end
# rubocop: enable CodeReuse/ActiveRecord
# rubocop: enable CodeReuse/ActiveRecord
desc
'Remove a linked LDAP group from group'
params
do
optional
'cn'
,
type:
String
,
desc:
'The CN of a LDAP group'
optional
'filter'
,
type:
String
,
desc:
'The LDAP user filter'
requires
'provider'
,
type:
String
,
desc:
'The LDAP provider for this LDAP group'
exactly_one_of
:cn
,
:filter
end
# rubocop: disable CodeReuse/ActiveRecord
delete
":id/ldap_group_links"
do
group
=
find_group
(
params
[
:id
])
authorize!
:admin_group
,
group
break
not_found!
if
params
[
:filter
]
&&
!
group
.
feature_available?
(
:ldap_group_sync_filter
)
ldap_group_link
=
group
.
ldap_group_links
.
find_by
(
declared_params
(
include_missing:
false
))
if
ldap_group_link
ldap_group_link
.
destroy
no_content!
else
render_api_error!
(
'Linked LDAP group not found'
,
404
)
end
end
end
end
end
end
end
end
ee/lib/ee/api/entities/ldap_group_link.rb
View file @
1396177d
...
@@ -5,6 +5,7 @@ module EE
...
@@ -5,6 +5,7 @@ module EE
module
Entities
module
Entities
class
LdapGroupLink
<
Grape
::
Entity
class
LdapGroupLink
<
Grape
::
Entity
expose
:cn
,
:group_access
,
:provider
expose
:cn
,
:group_access
,
:provider
expose
:filter
,
if:
->
(
_
,
_
)
{
License
.
feature_available?
(
:ldap_group_sync_filter
)
}
end
end
end
end
end
end
...
...
ee/spec/requests/api/ldap_group_links_spec.rb
View file @
1396177d
This diff is collapsed.
Click to expand it.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment