Remove the ability to look up schools by externalId directly (from LDAP
filters, duplicate checks, and the EducationBackend interface). This
approach was somewhat unclean, we shouldn't add more an more attributes
as keys for direct lookup.
Instead, expose externalId filtering via the OData $filter query
parameter on GET /education/schools, following the same pattern as
for education users.
Related: #1598
This adds support of simple OData filters on the 'education/users'
endpoint. Filters of the type '$filter=<attr> eq <value>' are supported
now for the following educationUser properties:
"displayname", "mail", "userType", "primaryRole" and "externalId"
Closes: #1599
Maintaining the positioning of the files from v2 to reduce cognitive
load.
Indentation of yaml files now matches `.editorconfig`.
All mock files regenerated.
Added empty `{}` following convention from `mockery init` etc.
Removed directory specification where it would already match.
It is now possible to filter users based on the lastSuccessfulSignInDateTime attribute
using query filter like:
'$filter=signInActivity/lastSuccessfulSignInDateTime le 2021-09-01T00:00:00Z'
Note: This does only work with LDAP servers actually supporting '<=' filters.
The built-in LDAP server (idm) does not support this feature.
* bump mockery, add test stub for oidc_auth.go
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* use .mockery.yaml for all mocks
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* drop legacy go:generate mockery
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* align mock placement
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
---------
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
This adds some initial support for using $filter (as defined in the
odata spec) on the /users endpoint. Currently the following filters are
supported:
A single filter on `id` property of the `memberOf` relation of users.
To list all users that are members of a specific group:
```
curl 'https://localhost:9200/graph/v1.0/users?$filter=memberOf/any(m:m/id eq '262982c1-2362-4afa-bfdf-8cbfef64a06e')
```
A logical AND filteri on the `id` property of the `memberOf` relation of users.
`$filter=memberOf/any(m:m/id eq 262982c1-2362-4afa-bfdf-8cbfef64a06e) and memberOf/any(m:m/id eq 6040aa17-9c64-4fef-9bd0-77234d71bad0)`
This will cause at least two queries on the identity backend. The `and`
operation is performed locally.
Closes: #5487
In preparation for some more advanced queries pass the parse odata request
tVo the identity backend methods instead of the raw url.Values{}. This also
add some helpers for validating $expand and $search queries to reject
some unsupported queries.
Also remove support for `$select=memberOf` and `$select=drive|drives` queries
and stick to the technically correct `$expand=...`.
We don't need to support any complex queries on /education (yet?). And if we would need
to add support for $search, $filter, $expand or $select we should pass the parsed odata Query
instead of the raw url.Values struct.
* Renamed files for consistency reasons
err_school.go implements the full education interface not just schools.
ldap_school.go renamed to ldap_education_school.go for making it
consistent with ldap_education_user.go
* graph: Add stubs for education/classes endpoints
The acutal backend implementations are still empty.
* First iteration of a groups test
* Do not render a result in case of an error
* Generate mocks for identity.Backend
* Export listResponse (-> ListResponse)
* Add unit tests for GetGroups
* Finish GetGroups unit tests
* Increase test coverage
* Increase test coverage
* Increase test coverage
* Add missing mocks
* Fix return codes
* Fix error messages
