graph: Use userType property to distinguish between Member and Guest accounts

Fixes 5603 - Calling POST /graph/v1.0/users with userType not set will create a user as "Member" - Calling POST /graph/v1.0/users with userType set as "Member" or "Guest" will create a user as "Member" or "Guest" - Calling POST /graph/v1.0/users with userType set as anything but "Member" or "Guest" returns error - Calling POST /graph/v1.0/education/users with userType not set will create a user as "Member" - Calling POST /graph/v1.0/education/users with userType set as "Member" will create a user as "Member" and primary role as parameter specifies - Calling POST /graph/v1.0/education/users with userType set as "Guest" will create a user as "Guest" and primary role as parameter specifies - Calling POST /graph/v1.0/education/users with userType not set as anything but "Member" or "Guest" returns error - Calling PATCH on /users or /education/users will update attribute in the same way as for POST
2026-05-03 21:12:23 +02:00 · 2023-03-10 13:08:04 +01:00
parent 36d0c8c939
commit 23ba180e8a
13 changed files with 410 additions and 20 deletions
--- a/services/graph/pkg/service/v0/educationuser_test.go
+++ b/services/graph/pkg/service/v0/educationuser_test.go
@@ -297,7 +297,65 @@ var _ = Describe("EducationUsers", func() {
 			svc.PostEducationUser(rr, r)

 			Expect(rr.Code).To(Equal(http.StatusOK))
+			data, err := io.ReadAll(rr.Body)
+			Expect(err).ToNot(HaveOccurred())
+
+			createdUser := libregraph.EducationUser{}
+			err = json.Unmarshal(data, &createdUser)
+			Expect(err).ToNot(HaveOccurred())
+			Expect(createdUser.GetUserType()).To(Equal("Member"))
 		})
+
+		It("creates a guest user", func() {
+			roleService.On("AssignRoleToUser", mock.Anything, mock.Anything).Return(&settingssvc.AssignRoleToUserResponse{}, nil)
+			identityEducationBackend.On("CreateEducationUser", mock.Anything, mock.Anything).Return(func(ctx context.Context, user libregraph.EducationUser) *libregraph.EducationUser {
+				user.SetId("/users/user")
+				return &user
+			}, nil)
+
+			user.SetUserType("Guest")
+			userJson, err := json.Marshal(user)
+			Expect(err).ToNot(HaveOccurred())
+
+			r := httptest.NewRequest(http.MethodPost, "/graph/v1.0/education/users", bytes.NewBuffer(userJson))
+			r = r.WithContext(revactx.ContextSetUser(ctx, currentUser))
+			svc.PostEducationUser(rr, r)
+
+			Expect(rr.Code).To(Equal(http.StatusOK))
+			data, err := io.ReadAll(rr.Body)
+			Expect(err).ToNot(HaveOccurred())
+
+			createdUser := libregraph.EducationUser{}
+			err = json.Unmarshal(data, &createdUser)
+			Expect(err).ToNot(HaveOccurred())
+			Expect(createdUser.GetUserType()).To(Equal("Guest"))
+		})
+
+		It("creates a member user", func() {
+			roleService.On("AssignRoleToUser", mock.Anything, mock.Anything).Return(&settingssvc.AssignRoleToUserResponse{}, nil)
+			identityEducationBackend.On("CreateEducationUser", mock.Anything, mock.Anything).Return(func(ctx context.Context, user libregraph.EducationUser) *libregraph.EducationUser {
+				user.SetId("/users/user")
+				return &user
+			}, nil)
+
+			user.SetUserType("Member")
+			userJson, err := json.Marshal(user)
+			Expect(err).ToNot(HaveOccurred())
+
+			r := httptest.NewRequest(http.MethodPost, "/graph/v1.0/education/users", bytes.NewBuffer(userJson))
+			r = r.WithContext(revactx.ContextSetUser(ctx, currentUser))
+			svc.PostEducationUser(rr, r)
+
+			Expect(rr.Code).To(Equal(http.StatusOK))
+			data, err := io.ReadAll(rr.Body)
+			Expect(err).ToNot(HaveOccurred())
+
+			createdUser := libregraph.EducationUser{}
+			err = json.Unmarshal(data, &createdUser)
+			Expect(err).ToNot(HaveOccurred())
+			Expect(createdUser.GetUserType()).To(Equal("Member"))
+		})
+
 	})

 	Describe("DeleteEducationUser", func() {
@@ -406,6 +464,20 @@ var _ = Describe("EducationUsers", func() {
 			Expect(rr.Code).To(Equal(http.StatusBadRequest))
 		})

+		It("handles invalid userType", func() {
+			user.SetUserType("Clown")
+			data, err := json.Marshal(user)
+			Expect(err).ToNot(HaveOccurred())
+
+			r := httptest.NewRequest(http.MethodPost, "/graph/v1.0/education/users?$invalid=true", bytes.NewBuffer(data))
+			rctx := chi.NewRouteContext()
+			rctx.URLParams.Add("userID", user.GetId())
+			r = r.WithContext(context.WithValue(revactx.ContextSetUser(ctx, currentUser), chi.RouteCtxKey, rctx))
+			svc.PatchEducationUser(rr, r)
+
+			Expect(rr.Code).To(Equal(http.StatusBadRequest))
+		})
+
 		It("updates attributes", func() {
 			identityEducationBackend.On("UpdateEducationUser", mock.Anything, user.GetId(), mock.Anything).Return(user, nil)