mirror/opencloud
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud.git synced 2026-01-26 23:12:06 -05:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #102 from owncloud/roles-for-builtin-users

Browse Source 
Add default user moss and assign default roles to builtin users
This commit is contained in:
Benedikt Kulmann
2020-08-28 16:53:39 +02:00
committed by GitHub
parent 94b7f057a7 23bfd33b55
commit 67e4071da7
7 changed files with 107 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
changelog/unreleased/builtin-regular-users.md Normal file
View File

@@ -0,0 +1,5 @@
Change: Set user role on builtin users
We now set the default `user` role on our builtin users.
https://github.com/owncloud/ocis-accounts/pull/102

5
changelog/unreleased/new-admin-user.md Normal file
View File

@@ -0,0 +1,5 @@
Change: Add new builtin admin user
We added a new builtin user `moss` and assigned the admin role.
https://github.com/owncloud/ocis-accounts/pull/102

2
go.mod
View File

@@ -29,7 +29,7 @@ require (
github.com/onsi/ginkgo v1.10.1 // indirect
github.com/onsi/gomega v1.7.0 // indirect
github.com/owncloud/ocis-pkg/v2 v2.4.0
github.com/owncloud/ocis-settings v0.3.0
github.com/owncloud/ocis-settings v0.3.2-0.20200828130413-0cc0f5bf26fe
github.com/remyoudompheng/bigfft v0.0.0-20200410134404-eec4a21b6bb0 // indirect
github.com/restic/calens v0.2.0
github.com/rs/zerolog v1.19.0

3
go.sum
View File

@@ -871,11 +871,14 @@ github.com/owncloud/ocis-pkg/v2 v2.2.2-0.20200812103920-db41b5a3d14d h1:eruHqxLf
github.com/owncloud/ocis-pkg/v2 v2.2.2-0.20200812103920-db41b5a3d14d/go.mod h1:FSzIvhx9HcZcq4jgNaDowNvM7PTX/XCyoMvyfzidUpE=
github.com/owncloud/ocis-pkg/v2 v2.3.0 h1:bdDgfPkPdL3D6bGKhQ56pfwT1XdiKBtQ34qErVyXzys=
github.com/owncloud/ocis-pkg/v2 v2.3.0/go.mod h1:FSzIvhx9HcZcq4jgNaDowNvM7PTX/XCyoMvyfzidUpE=
github.com/owncloud/ocis-pkg/v2 v2.4.0 h1:/3ZOd4txtwjiNKJA9iLT9BjrJw5YgHSX13fQR4BYfGY=
github.com/owncloud/ocis-pkg/v2 v2.4.0/go.mod h1:FSzIvhx9HcZcq4jgNaDowNvM7PTX/XCyoMvyfzidUpE=
github.com/owncloud/ocis-settings v0.2.0 h1:pncwKQQdWGyUwO/+O10vcIrgGWWBAF9/PPWOCnD0DU4=
github.com/owncloud/ocis-settings v0.2.0/go.mod h1:7+fRwpXe+njcsO0d9Bpxx3V8ZsF99JrL6jCeD9QuxUk=
github.com/owncloud/ocis-settings v0.3.0 h1:w1wdqJiMtRNJ5B7sQemvtFQQod31G6dR468GxAV0Y2g=
github.com/owncloud/ocis-settings v0.3.0/go.mod h1:vRge9QDkOsc6j76gPBmZs1Z5uOPrV4DIkZCgZCEFwBA=
github.com/owncloud/ocis-settings v0.3.2-0.20200828130413-0cc0f5bf26fe h1:kiU5lz12R0LNJE1/zI2vxesZPWm6BvSO7hvZC8yOoAc=
github.com/owncloud/ocis-settings v0.3.2-0.20200828130413-0cc0f5bf26fe/go.mod h1:vRge9QDkOsc6j76gPBmZs1Z5uOPrV4DIkZCgZCEFwBA=
github.com/oxtoacart/bpool v0.0.0-20190530202638-03653db5a59c h1:rp5dCmg/yLR3mgFuSOe4oEnDDmGLROTvMragMUXpTQw=
github.com/oxtoacart/bpool v0.0.0-20190530202638-03653db5a59c/go.mod h1:X07ZCGwUbLaax7L0S3Tw4hpejzu63ZrrQiUe6W0hcy0=
github.com/parnurzeal/gorequest v0.2.15/go.mod h1:3Kh2QUMJoqw3icWAecsyzkpY7UzRfDhbRdTjtNwNiUE=

39
pkg/proto/v0/accounts.pb.micro_test.go
View File

@@ -1,27 +1,26 @@
package proto_test
import (
context "context"
"context"
"errors"
"fmt"
"github.com/micro/go-micro/v2/client"
"google.golang.org/genproto/protobuf/field_mask"
"google.golang.org/protobuf/types/known/timestamppb"
"log"
"os"
"path/filepath"
"testing"
"github.com/golang/protobuf/ptypes/empty"
"github.com/micro/go-micro/v2/client"
merrors "github.com/micro/go-micro/v2/errors"
"github.com/owncloud/ocis-accounts/pkg/command"
"github.com/owncloud/ocis-accounts/pkg/config"
"github.com/owncloud/ocis-accounts/pkg/proto/v0"
svc "github.com/owncloud/ocis-accounts/pkg/service/v0"
"github.com/owncloud/ocis-pkg/v2/service/grpc"
settings "github.com/owncloud/ocis-settings/pkg/proto/v0"
"github.com/stretchr/testify/assert"
"github.com/golang/protobuf/ptypes/empty"
merrors "github.com/micro/go-micro/v2/errors"
"google.golang.org/genproto/protobuf/field_mask"
"google.golang.org/protobuf/types/known/timestamppb"
)
var service = grpc.Service{}
@@ -31,6 +30,8 @@ const dataPath = "./accounts-store"
var newCreatedAccounts = []string{}
var newCreatedGroups = []string{}
var mockedRoleAssignment = map[string]string{}
func getAccount(user string) *proto.Account {
switch user {
case "user1":
@@ -165,7 +166,7 @@ func init() {
var hdlr *svc.Service
var err error
if hdlr, err = svc.New(svc.Logger(command.NewLogger(cfg)), svc.Config(cfg)); err != nil {
if hdlr, err = svc.New(svc.Logger(command.NewLogger(cfg)), svc.Config(cfg), svc.RoleService(buildRoleServiceMock())); err != nil {
log.Fatalf("Could not create new service")
}
@@ -186,6 +187,22 @@ func init() {
}
}
func buildRoleServiceMock() settings.RoleService {
return settings.MockRoleService{
AssignRoleToUserFunc: func(ctx context.Context, req *settings.AssignRoleToUserRequest, opts ...client.CallOption) (res *settings.AssignRoleToUserResponse, err error) {
mockedRoleAssignment[req.AccountUuid] = req.RoleId
fmt.Println(mockedRoleAssignment)
fmt.Println("asdf blablabla")
return &settings.AssignRoleToUserResponse{
Assignment: &settings.UserRoleAssignment{
AccountUuid: req.AccountUuid,
RoleId: req.RoleId,
},
}, nil
},
}
}
func cleanUp(t *testing.T) {
datastore := filepath.Join(dataPath, "accounts")
@@ -598,7 +615,7 @@ func TestListAccounts(t *testing.T) {
checkError(t, err)
assert.IsType(t, &proto.ListAccountsResponse{}, resp)
assert.Equal(t, 7, len(resp.Accounts))
assert.Equal(t, 8, len(resp.Accounts))
assertResponseContainsUser(t, resp, getAccount("user1"))
assertResponseContainsUser(t, resp, getAccount("user2"))
@@ -612,7 +629,7 @@ func TestListWithoutUserCreation(t *testing.T) {
checkError(t, err)
// Only 5 default users
assert.Equal(t, 5, len(resp.Accounts))
assert.Equal(t, 6, len(resp.Accounts))
cleanUp(t)
}

13
pkg/service/v0/option.go
View File

@@ -3,6 +3,7 @@ package service
import (
"github.com/owncloud/ocis-accounts/pkg/config"
"github.com/owncloud/ocis-pkg/v2/log"
settings "github.com/owncloud/ocis-settings/pkg/proto/v0"
)
// Option defines a single option function.
@@ -10,8 +11,9 @@ type Option func(o *Options)
// Options defines the available options for this package.
type Options struct {
Logger log.Logger
Config *config.Config
Logger log.Logger
Config *config.Config
RoleService settings.RoleService
}
func newOptions(opts ...Option) Options {
@@ -37,3 +39,10 @@ func Config(val *config.Config) Option {
o.Config = val
}
}
// RoleService provides a function to set the role service option.
func RoleService(val settings.RoleService) Option {
return func(o *Options) {
o.RoleService = val
}
}

57
pkg/service/v0/service.go
View File

@@ -1,11 +1,10 @@
package service
import (
"context"
"encoding/json"
"errors"
"fmt"
mclient "github.com/micro/go-micro/v2/client"
mgrpc "github.com/micro/go-micro/v2/client/grpc"
"io/ioutil"
"os"
"path/filepath"
@@ -18,10 +17,13 @@ import (
"github.com/blevesearch/bleve/analysis/analyzer/standard"
"github.com/blevesearch/bleve/analysis/token/lowercase"
"github.com/blevesearch/bleve/analysis/tokenizer/unicode"
mclient "github.com/micro/go-micro/v2/client"
mgrpc "github.com/micro/go-micro/v2/client/grpc"
"github.com/owncloud/ocis-accounts/pkg/config"
"github.com/owncloud/ocis-accounts/pkg/proto/v0"
"github.com/owncloud/ocis-pkg/v2/log"
settings "github.com/owncloud/ocis-settings/pkg/proto/v0"
settings_svc "github.com/owncloud/ocis-settings/pkg/service/v0"
)
// New returns a new instance of Service
@@ -29,6 +31,10 @@ func New(opts ...Option) (s *Service, err error) {
options := newOptions(opts...)
logger := options.Logger
cfg := options.Config
roleService := options.RoleService
if roleService == nil {
roleService = settings.NewRoleService("com.owncloud.api.settings", mgrpc.NewClient())
}
// read all user and group records
accountsDir := filepath.Join(cfg.Server.AccountsDataPath, "accounts")
@@ -100,6 +106,23 @@ func New(opts ...Option) (s *Service, err error) {
{Id: "262982c1-2362-4afa-bfdf-8cbfef64a06e"}, // physics-lovers
},
},
// admin user(s)
{
Id: "058bff95-6708-4fe5-91e4-9ea3d377588b",
PreferredName: "moss",
OnPremisesSamAccountName: "moss",
Mail: "moss@example.org",
DisplayName: "Maurice Moss",
UidNumber: 20003,
GidNumber: 30000,
PasswordProfile: &proto.PasswordProfile{
Password: "$6$rounds=47068$lhw6odzXW0LTk/ao$GgxS.pIgP8jawLJBAiyNor2FrWzrULF95PwspRkli2W3VF.4HEwTYlQfRXbNQBMjNCEcEYlgZo3a.kRz2k2N0/",
},
AccountEnabled: true,
MemberOf: []*proto.Group{
{Id: "509a9dcd-bb37-4f4f-a01a-19dca27d9cfa"}, // users
},
},
// technical users for kopano and reva
{
Id: "820ba2a1-3f54-4538-80a4-2d73007e30bf",
@@ -135,6 +158,7 @@ func New(opts ...Option) (s *Service, err error) {
},
}
for i := range accounts {
// create account on disk
var bytes []byte
if bytes, err = json.Marshal(&accounts[i]); err != nil {
logger.Error().Err(err).Interface("account", &accounts[i]).Msg("could not marshal default account")
@@ -147,6 +171,21 @@ func New(opts ...Option) (s *Service, err error) {
return
}
}
// set role for admin users and regular users
assignRoleToUser("058bff95-6708-4fe5-91e4-9ea3d377588b", settings_svc.BundleUUIDRoleAdmin, roleService, logger)
for _, accountID := range []string{
"058bff95-6708-4fe5-91e4-9ea3d377588b",//moss
} {
assignRoleToUser(accountID, settings_svc.BundleUUIDRoleAdmin, roleService, logger)
}
for _, accountID := range []string{
"4c510ada-c86b-4815-8820-42cdf82c3d51",//einstein
"f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c",//marie
"932b4540-8d16-481e-8ef4-588e4b6b151c",//richard
} {
assignRoleToUser(accountID, settings_svc.BundleUUIDRoleUser, roleService, logger)
}
}
} else if !fi.IsDir() {
return nil, fmt.Errorf("%s is not a directory", accountsDir)
@@ -312,6 +351,18 @@ func New(opts ...Option) (s *Service, err error) {
return
}
func assignRoleToUser(accountID, roleID string, rs settings.RoleService, logger log.Logger) (ok bool) {
_, err := rs.AssignRoleToUser(context.Background(), &settings.AssignRoleToUserRequest{
AccountUuid: accountID,
RoleId: roleID,
})
if err != nil {
logger.Error().Err(err).Str("accountID", accountID).Str("roleID", roleID).Msg("could not set role for account")
return false
}
return true
}
// Service implements the AccountsServiceHandler interface
type Service struct {
id string