Auth: Fix orgrole picker disabled if isSynced user (#64033)

* fix: disable orgrolepicker if externaluser is synced * add disable to role picker * just took me 2 hours to center the icon * wip * fix: check externallySyncedUser for API call * remove check from store * add: tests * refactor authproxy and made tests run * add: feature toggle * set feature toggle for tests * add: IsProviderEnabled * refactor: featuretoggle name * IsProviderEnabled tests * add specific tests for isProviderEnabled * fix: org_user tests * add: owner to featuretoggle * add missing authlabels * remove fmt * feature toggle * change config * add test for a different authmodule * test refactor * gen feature toggle again * fix basic auth user able to change the org role * test for basic auth role * make err.base to error * lowered lvl of log and input mesg
2025-02-25 18:55:37 -06:00 · 2023-03-22 17:41:59 +00:00
parent 13af5afaf3
commit 3cd952b8ba
38 changed files with 405 additions and 161 deletions
--- a/pkg/services/org/model.go
+++ b/pkg/services/org/model.go
@@ -12,11 +12,12 @@ import (

 // Typed errors
 var (
-	ErrOrgNameTaken        = errors.New("organization name is taken")
-	ErrLastOrgAdmin        = errors.New("cannot remove last organization admin")
-	ErrOrgUserNotFound     = errors.New("cannot find the organization user")
-	ErrOrgUserAlreadyAdded = errors.New("user is already added to organization")
-	ErrOrgNotFound         = errutil.NewBase(errutil.StatusNotFound, "org.notFound", errutil.WithPublicMessage("organization not found"))
+	ErrOrgNameTaken                            = errors.New("organization name is taken")
+	ErrLastOrgAdmin                            = errors.New("cannot remove last organization admin")
+	ErrOrgUserNotFound                         = errors.New("cannot find the organization user")
+	ErrOrgUserAlreadyAdded                     = errors.New("user is already added to organization")
+	ErrOrgNotFound                             = errutil.NewBase(errutil.StatusNotFound, "org.notFound", errutil.WithPublicMessage("organization not found"))
+	ErrCannotChangeRoleForExternallySyncedUser = errutil.NewBase(errutil.StatusForbidden, "org.externallySynced", errutil.WithPublicMessage("cannot change role for externally synced user"))
 )

 type Org struct {
@@ -139,20 +140,21 @@ type UpdateOrgUserCommand struct {
 }

 type OrgUserDTO struct {
-	OrgID         int64           `json:"orgId" xorm:"org_id"`
-	UserID        int64           `json:"userId" xorm:"user_id"`
-	Email         string          `json:"email"`
-	Name          string          `json:"name"`
-	AvatarURL     string          `json:"avatarUrl" xorm:"avatar_url"`
-	Login         string          `json:"login"`
-	Role          string          `json:"role"`
-	LastSeenAt    time.Time       `json:"lastSeenAt"`
-	Updated       time.Time       `json:"-"`
-	Created       time.Time       `json:"-"`
-	LastSeenAtAge string          `json:"lastSeenAtAge"`
-	AccessControl map[string]bool `json:"accessControl,omitempty"`
-	IsDisabled    bool            `json:"isDisabled"`
-	AuthLabels    []string        `json:"authLabels" xorm:"-"`
+	OrgID              int64           `json:"orgId" xorm:"org_id"`
+	UserID             int64           `json:"userId" xorm:"user_id"`
+	Email              string          `json:"email"`
+	Name               string          `json:"name"`
+	AvatarURL          string          `json:"avatarUrl" xorm:"avatar_url"`
+	Login              string          `json:"login"`
+	Role               string          `json:"role"`
+	LastSeenAt         time.Time       `json:"lastSeenAt"`
+	Updated            time.Time       `json:"-"`
+	Created            time.Time       `json:"-"`
+	LastSeenAtAge      string          `json:"lastSeenAtAge"`
+	AccessControl      map[string]bool `json:"accessControl,omitempty"`
+	IsDisabled         bool            `json:"isDisabled"`
+	AuthLabels         []string        `json:"authLabels" xorm:"-"`
+	IsExternallySynced bool            `json:"isExternallySynced"`
 }

 type RemoveOrgUserCommand struct {