* enhancement: add graph beta listPermissions endpoint
besides the new api endpoint it includes several utilities to simplify the graph api development.
* resolve drive and item id from the request path
* generic pointer and value utilities
* space root detection
* update GetDriveAndItemIDParam signature to return a error
* move errorcode package
* enhancement: add generic error code handling
* fix: rebase
To allow tracing propagation via events, we need to pass the context
to the `Publish` function of reva events. This adds the context
everywhere where events are published. If there was no context to pass,
we started a new one with `context.Background()`.
By setting GRAPH_LDAP_GROUP_CREATE_BASE_DN a distinct subtree can be
configured where new LDAP groups are created. That subtree needs to be
subordinate to GRAPH_LDAP_GROUP_BASE_DN. All groups outside for
GRAPH_LDAP_GROUP_CREATE_BASE_DN are considered read-only and only groups
below that DN can be updated and deleted.
This is introduced for a pretty specific usecase where most groups are managed
in an external source (e.g. a read-only replica of an LDAP tree). But we still
want to allow the local administrator to create groups in a writeable subtree
attached to that replica.
This adds some initial support for using $filter (as defined in the
odata spec) on the /users endpoint. Currently the following filters are
supported:
A single filter on `id` property of the `memberOf` relation of users.
To list all users that are members of a specific group:
```
curl 'https://localhost:9200/graph/v1.0/users?$filter=memberOf/any(m:m/id eq '262982c1-2362-4afa-bfdf-8cbfef64a06e')
```
A logical AND filteri on the `id` property of the `memberOf` relation of users.
`$filter=memberOf/any(m:m/id eq 262982c1-2362-4afa-bfdf-8cbfef64a06e) and memberOf/any(m:m/id eq 6040aa17-9c64-4fef-9bd0-77234d71bad0)`
This will cause at least two queries on the identity backend. The `and`
operation is performed locally.
Closes: #5487
When running the graph service standalone with token auth we don't
have a user in the context. Avoid nil point exception when issueing
events in such a setup.
* Renamed files for consistency reasons
err_school.go implements the full education interface not just schools.
ldap_school.go renamed to ldap_education_school.go for making it
consistent with ldap_education_user.go
* graph: Add stubs for education/classes endpoints
The acutal backend implementations are still empty.
This PR changes the following:
* Create an API config section for API configurables.
* Add a setting `UserPatchLimit` that controls how many users can be changed in a PATCH request.
* Use this setting in the API to limit the amount of users that can be changed.
* standalone graph service with LDAP
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* no panic on PATCH and DELETE
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* fix apitoken yaml key
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* update user, fix response codes
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* fix group creation return code
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* remove unknown user property
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* fix create return code checks in graph feature context
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* updating uses 200 OK when returning a body
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* revert user statusCreated change for now
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* revert return code changes
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* First iteration of a groups test
* Do not render a result in case of an error
* Generate mocks for identity.Backend
* Export listResponse (-> ListResponse)
* Add unit tests for GetGroups
* Finish GetGroups unit tests
* Increase test coverage
* Increase test coverage
* Increase test coverage
* Add missing mocks
* Fix return codes
* Fix error messages
