Commit 1396177d authored by Blair Lunceford's avatar Blair Lunceford Committed by Imre Farkas

Add LDAP User Filter to group link API

parent 66f4082d
...@@ -862,49 +862,71 @@ Lists LDAP group links. ...@@ -862,49 +862,71 @@ Lists LDAP group links.
GET /groups/:id/ldap_group_links GET /groups/:id/ldap_group_links
``` ```
Parameters: | Attribute | Type | Required | Description |
| --------- | -------------- | -------- | ----------- |
- `id` (required) - The ID of a group | `id` | integer/string | yes | The ID or [URL-encoded path of the group](README.md#namespaced-path-encoding) |
### Add LDAP group link **(STARTER)** ### Add LDAP group link with CN or filter **(STARTER)**
Adds an LDAP group link. Adds an LDAP group link using a CN or filter. Adding a group link by filter is only supported in the Premium tier and above.
```plaintext ```plaintext
POST /groups/:id/ldap_group_links POST /groups/:id/ldap_group_links
``` ```
Parameters: | Attribute | Type | Required | Description |
| --------- | -------------- | -------- | ----------- |
| `id` | integer/string | yes | The ID or [URL-encoded path of the group](README.md#namespaced-path-encoding) |
| `cn` | string | no | The CN of an LDAP group |
| `filter` | string | no | The LDAP filter for the group |
| `group_access` | integer | yes | Minimum access level for members of the LDAP group |
| `provider` | string | yes | LDAP provider for the LDAP group link |
- `id` (required) - The ID of a group NOTE: **Note:**
- `cn` (required) - The CN of a LDAP group To define the LDAP group link, provide either a `cn` or a `filter`, but not both.
- `group_access` (required) - Minimum access level for members of the LDAP group
- `provider` (required) - LDAP provider for the LDAP group
### Delete LDAP group link **(STARTER)** ### Delete LDAP group link **(STARTER)**
Deletes an LDAP group link. Deletes an LDAP group link. Deprecated. Will be removed in a future release.
```plaintext ```plaintext
DELETE /groups/:id/ldap_group_links/:cn DELETE /groups/:id/ldap_group_links/:cn
``` ```
Parameters: | Attribute | Type | Required | Description |
| --------- | -------------- | -------- | ----------- |
- `id` (required) - The ID of a group | `id` | integer/string | yes | The ID or [URL-encoded path of the group](README.md#namespaced-path-encoding) |
- `cn` (required) - The CN of a LDAP group | `cn` | string | yes | The CN of an LDAP group |
Deletes a LDAP group link for a specific LDAP provider Deletes an LDAP group link for a specific LDAP provider. Deprecated. Will be removed in a future release.
```plaintext ```plaintext
DELETE /groups/:id/ldap_group_links/:provider/:cn DELETE /groups/:id/ldap_group_links/:provider/:cn
``` ```
Parameters: | Attribute | Type | Required | Description |
| --------- | -------------- | -------- | ----------- |
| `id` | integer/string | yes | The ID or [URL-encoded path of the group](README.md#namespaced-path-encoding) |
| `cn` | string | yes | The CN of an LDAP group |
| `provider` | string | yes | LDAP provider for the LDAP group link |
### Delete LDAP group link with CN or filter **(STARTER)**
Deletes an LDAP group link using a CN or filter. Deleting by filter is only supported in the Premium tier and above.
```plaintext
DELETE /groups/:id/ldap_group_links
```
- `id` (required) - The ID of a group | Attribute | Type | Required | Description |
- `cn` (required) - The CN of a LDAP group | --------- | -------------- | -------- | ----------- |
- `provider` (required) - Name of a LDAP provider | `id` | integer/string | yes | The ID or [URL-encoded path of the group](README.md#namespaced-path-encoding) |
| `cn` | string | no | The CN of an LDAP group |
| `filter` | string | no | The LDAP filter for the group |
| `provider` | string | yes | LDAP provider for the LDAP group link |
NOTE: **Note:**
To delete the LDAP group link, provide either a `cn` or a `filter`, but not both.
## Namespaces in groups ## Namespaces in groups
......
---
title: Add LDAP user filter to group link API
merge_request: 26202
author:
type: added
...@@ -16,7 +16,8 @@ module API ...@@ -16,7 +16,8 @@ module API
authorize! :admin_group, group authorize! :admin_group, group
ldap_group_links = group.ldap_group_links ldap_group_links = group.ldap_group_links
if ldap_group_links && ldap_group_links != []
if ldap_group_links.present?
present ldap_group_links, with: EE::API::Entities::LdapGroupLink present ldap_group_links, with: EE::API::Entities::LdapGroupLink
else else
render_api_error!('No linked LDAP groups found', 404) render_api_error!('No linked LDAP groups found', 404)
...@@ -27,16 +28,20 @@ module API ...@@ -27,16 +28,20 @@ module API
success EE::API::Entities::LdapGroupLink success EE::API::Entities::LdapGroupLink
end end
params do params do
requires 'cn', type: String, desc: 'The CN of a LDAP group' optional 'cn', type: String, desc: 'The CN of a LDAP group'
optional 'filter', type: String, desc: 'The LDAP user filter'
requires 'group_access', type: Integer, values: Gitlab::Access.all_values, requires 'group_access', type: Integer, values: Gitlab::Access.all_values,
desc: 'Level of permissions for the linked LDAP group' desc: 'Level of permissions for the linked LDAP group'
requires 'provider', type: String, desc: 'The LDAP provider for this LDAP group' requires 'provider', type: String, desc: 'The LDAP provider for this LDAP group'
exactly_one_of :cn, :filter
end end
post ":id/ldap_group_links" do post ":id/ldap_group_links" do
group = find_group(params[:id]) group = find_group(params[:id])
authorize! :admin_group, group authorize! :admin_group, group
break not_found! if params[:filter] && !group.feature_available?(:ldap_group_sync_filter)
ldap_group_link = group.ldap_group_links.new(declared_params(include_missing: false)) ldap_group_link = group.ldap_group_links.new(declared_params(include_missing: false))
if ldap_group_link.save if ldap_group_link.save
present ldap_group_link, with: EE::API::Entities::LdapGroupLink present ldap_group_link, with: EE::API::Entities::LdapGroupLink
else else
...@@ -44,7 +49,9 @@ module API ...@@ -44,7 +49,9 @@ module API
end end
end end
desc 'Remove a linked LDAP group from group' desc 'Remove a linked LDAP group from group' do
detail 'Duplicate. DEPRECATED and will be removed in a later version'
end
params do params do
requires 'cn', type: String, desc: 'The CN of a LDAP group' requires 'cn', type: String, desc: 'The CN of a LDAP group'
end end
...@@ -54,6 +61,7 @@ module API ...@@ -54,6 +61,7 @@ module API
authorize! :admin_group, group authorize! :admin_group, group
ldap_group_link = group.ldap_group_links.find_by(cn: params[:cn]) ldap_group_link = group.ldap_group_links.find_by(cn: params[:cn])
if ldap_group_link if ldap_group_link
ldap_group_link.destroy ldap_group_link.destroy
no_content! no_content!
...@@ -63,7 +71,9 @@ module API ...@@ -63,7 +71,9 @@ module API
end end
# rubocop: enable CodeReuse/ActiveRecord # rubocop: enable CodeReuse/ActiveRecord
desc 'Remove a linked LDAP group from group' desc 'Remove a linked LDAP group from group' do
detail 'Duplicate. DEPRECATED and will be removed in a later version'
end
params do params do
requires 'cn', type: String, desc: 'The CN of a LDAP group' requires 'cn', type: String, desc: 'The CN of a LDAP group'
requires 'provider', type: String, desc: 'The LDAP provider for this LDAP group' requires 'provider', type: String, desc: 'The LDAP provider for this LDAP group'
...@@ -74,6 +84,7 @@ module API ...@@ -74,6 +84,7 @@ module API
authorize! :admin_group, group authorize! :admin_group, group
ldap_group_link = group.ldap_group_links.find_by(cn: params[:cn], provider: params[:provider]) ldap_group_link = group.ldap_group_links.find_by(cn: params[:cn], provider: params[:provider])
if ldap_group_link if ldap_group_link
ldap_group_link.destroy ldap_group_link.destroy
no_content! no_content!
...@@ -82,6 +93,29 @@ module API ...@@ -82,6 +93,29 @@ module API
end end
end end
# rubocop: enable CodeReuse/ActiveRecord # rubocop: enable CodeReuse/ActiveRecord
desc 'Remove a linked LDAP group from group'
params do
optional 'cn', type: String, desc: 'The CN of a LDAP group'
optional 'filter', type: String, desc: 'The LDAP user filter'
requires 'provider', type: String, desc: 'The LDAP provider for this LDAP group'
exactly_one_of :cn, :filter
end
# rubocop: disable CodeReuse/ActiveRecord
delete ":id/ldap_group_links" do
group = find_group(params[:id])
authorize! :admin_group, group
break not_found! if params[:filter] && !group.feature_available?(:ldap_group_sync_filter)
ldap_group_link = group.ldap_group_links.find_by(declared_params(include_missing: false))
if ldap_group_link
ldap_group_link.destroy
no_content!
else
render_api_error!('Linked LDAP group not found', 404)
end
end
end end
end end
end end
...@@ -5,6 +5,7 @@ module EE ...@@ -5,6 +5,7 @@ module EE
module Entities module Entities
class LdapGroupLink < Grape::Entity class LdapGroupLink < Grape::Entity
expose :cn, :group_access, :provider expose :cn, :group_access, :provider
expose :filter, if: ->(_, _) { License.feature_available?(:ldap_group_sync_filter) }
end end
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment