feat: allow LDAP users and groups to be deleted if LDAP gets disabled

2025-12-10 23:33:00 +03:00 · 2025-02-03 08:58:20 +01:00
parent ecd74b794f
commit 9ab178712a
11 changed files with 34 additions and 22 deletions
--- a/backend/internal/bootstrap/router_bootstrap.go
+++ b/backend/internal/bootstrap/router_bootstrap.go
@@ -42,7 +42,7 @@ func initRouter(db *gorm.DB, appConfigService *service.AppConfigService) {
 	customClaimService := service.NewCustomClaimService(db)
 	oidcService := service.NewOidcService(db, jwtService, appConfigService, auditLogService, customClaimService)
 	testService := service.NewTestService(db, appConfigService)
-	userGroupService := service.NewUserGroupService(db)
+	userGroupService := service.NewUserGroupService(db, appConfigService)
 	ldapService := service.NewLdapService(db, appConfigService, userService, userGroupService)

 	rateLimitMiddleware := middleware.NewRateLimitMiddleware()
--- a/backend/internal/service/app_config_service.go
+++ b/backend/internal/service/app_config_service.go
@@ -119,6 +119,7 @@ var defaultDbConfig = model.AppConfig{
 	LdapEnabled: model.AppConfigVariable{
 		Key:          "ldapEnabled",
 		Type:         "bool",
+		IsPublic:     true,
 		DefaultValue: "false",
 	},
 	LdapUrl: model.AppConfigVariable{
--- a/backend/internal/service/user_group_service.go
+++ b/backend/internal/service/user_group_service.go
@@ -10,11 +10,12 @@ import (
 )

 type UserGroupService struct {
-	db *gorm.DB
+	db               *gorm.DB
+	appConfigService *AppConfigService
 }

-func NewUserGroupService(db *gorm.DB) *UserGroupService {
-	return &UserGroupService{db: db}
+func NewUserGroupService(db *gorm.DB, appConfigService *AppConfigService) *UserGroupService {
+	return &UserGroupService{db: db, appConfigService: appConfigService}
 }

 func (s *UserGroupService) List(name string, sortedPaginationRequest utils.SortedPaginationRequest) (groups []model.UserGroup, response utils.PaginationResponse, err error) {
@@ -51,7 +52,8 @@ func (s *UserGroupService) Delete(id string) error {
 		return err
 	}

-	if group.LdapID != nil {
+	// Disallow deleting the group if it is an LDAP group and LDAP is enabled
+	if group.LdapID != nil && s.appConfigService.DbConfig.LdapEnabled.Value == "true" {
 		return &common.LdapUserGroupUpdateError{}
 	}

@@ -83,7 +85,8 @@ func (s *UserGroupService) Update(id string, input dto.UserGroupCreateDto, allow
 		return model.UserGroup{}, err
 	}

-	if group.LdapID != nil && !allowLdapUpdate {
+	// Disallow updating the group if it is an LDAP group and LDAP is enabled
+	if !allowLdapUpdate && group.LdapID != nil && s.appConfigService.DbConfig.LdapEnabled.Value == "true" {
 		return model.UserGroup{}, &common.LdapUserGroupUpdateError{}
 	}

--- a/backend/internal/service/user_service.go
+++ b/backend/internal/service/user_service.go
@@ -17,14 +17,15 @@ import (
 )

 type UserService struct {
-	db              *gorm.DB
-	jwtService      *JwtService
-	auditLogService *AuditLogService
-	emailService    *EmailService
+	db               *gorm.DB
+	jwtService       *JwtService
+	auditLogService  *AuditLogService
+	emailService     *EmailService
+	appConfigService *AppConfigService
 }

-func NewUserService(db *gorm.DB, jwtService *JwtService, auditLogService *AuditLogService, emailService *EmailService) *UserService {
-	return &UserService{db: db, jwtService: jwtService, auditLogService: auditLogService, emailService: emailService}
+func NewUserService(db *gorm.DB, jwtService *JwtService, auditLogService *AuditLogService, emailService *EmailService, appConfigService *AppConfigService) *UserService {
+	return &UserService{db: db, jwtService: jwtService, auditLogService: auditLogService, emailService: emailService, appConfigService: appConfigService}
 }

 func (s *UserService) ListUsers(searchTerm string, sortedPaginationRequest utils.SortedPaginationRequest) ([]model.User, utils.PaginationResponse, error) {
@@ -52,7 +53,8 @@ func (s *UserService) DeleteUser(userID string) error {
 		return err
 	}

-	if user.LdapID != nil {
+	// Disallow deleting the user if it is an LDAP user and LDAP is enabled
+	if user.LdapID != nil && s.appConfigService.DbConfig.LdapEnabled.Value == "true" {
 		return &common.LdapUserUpdateError{}
 	}

@@ -86,7 +88,8 @@ func (s *UserService) UpdateUser(userID string, updatedUser dto.UserCreateDto, u
 		return model.User{}, err
 	}

-	if user.LdapID != nil && !allowLdapUpdate {
+	// Disallow updating the user if it is an LDAP group and LDAP is enabled
+	if !allowLdapUpdate && user.LdapID != nil && s.appConfigService.DbConfig.LdapEnabled.Value == "true" {
 		return model.User{}, &common.LdapUserUpdateError{}
 	}

--- a/frontend/src/lib/types/application-configuration.ts
+++ b/frontend/src/lib/types/application-configuration.ts
@@ -2,6 +2,7 @@ export type AppConfig = {
 	appName: string;
 	allowOwnAccountEdit: boolean;
 	emailOneTimeAccessEnabled: boolean;
+	ldapEnabled: boolean;
 };

 export type AllAppConfig = AppConfig & {
@@ -18,7 +19,6 @@ export type AllAppConfig = AppConfig & {
 	smtpSkipCertVerify: boolean;
 	emailLoginNotificationEnabled: boolean;
 	// LDAP
-	ldapEnabled: boolean;
 	ldapUrl: string;
 	ldapBindDn: string;
 	ldapBindPassword: string;
--- a/frontend/src/routes/settings/account/+page.svelte
+++ b/frontend/src/routes/settings/account/+page.svelte
@@ -64,7 +64,7 @@
 	</Alert.Root>
 {/if}

-<fieldset disabled={!$appConfigStore.allowOwnAccountEdit || !!account.ldapId}>
+<fieldset disabled={!$appConfigStore.allowOwnAccountEdit || (!!account.ldapId && $appConfigStore.ldapEnabled)}>
 	<Card.Root>
 		<Card.Header>
 			<Card.Title>Account Details</Card.Title>
--- a/frontend/src/routes/settings/admin/user-groups/[id]/+page.svelte
+++ b/frontend/src/routes/settings/admin/user-groups/[id]/+page.svelte
@@ -12,6 +12,7 @@
 	import { toast } from 'svelte-sonner';
 	import UserGroupForm from '../user-group-form.svelte';
 	import UserSelection from '../user-selection.svelte';
+	import appConfigStore from '$lib/stores/application-configuration-store';

 	let { data } = $props();
 	let userGroup = $state({
@@ -88,11 +89,11 @@
 			<UserSelection
 				{users}
 				bind:selectedUserIds={userGroup.userIds}
-				selectionDisabled={!!userGroup.ldapId}
+				selectionDisabled={!!userGroup.ldapId && $appConfigStore.ldapEnabled}
 			/>
 		{/await}
 		<div class="mt-5 flex justify-end">
-			<Button disabled={!!userGroup.ldapId} on:click={() => updateUserGroupUsers(userGroup.userIds)}
+			<Button disabled={!!userGroup.ldapId && $appConfigStore.ldapEnabled} on:click={() => updateUserGroupUsers(userGroup.userIds)}
 				>Save</Button
 			>
 		</div>
--- a/frontend/src/routes/settings/admin/user-groups/user-group-form.svelte
+++ b/frontend/src/routes/settings/admin/user-groups/user-group-form.svelte
@@ -1,6 +1,7 @@
 <script lang="ts">
 	import FormInput from '$lib/components/form-input.svelte';
 	import { Button } from '$lib/components/ui/button';
+	import appConfigStore from '$lib/stores/application-configuration-store';
 	import type { UserGroupCreate } from '$lib/types/user-group.type';
 	import { createForm } from '$lib/utils/form-util';
 	import { z } from 'zod';
@@ -14,7 +15,7 @@
 	} = $props();

 	let isLoading = $state(false);
-	let inputDisabled = $derived(!!existingUserGroup?.ldapId);
+	let inputDisabled = $derived(!!existingUserGroup?.ldapId && $appConfigStore.ldapEnabled);
 	let hasManualNameEdit = $state(!!existingUserGroup?.friendlyName);

 	const userGroup = {
--- a/frontend/src/routes/settings/admin/user-groups/user-group-list.svelte
+++ b/frontend/src/routes/settings/admin/user-groups/user-group-list.svelte
@@ -5,6 +5,7 @@
 	import * as DropdownMenu from '$lib/components/ui/dropdown-menu';
 	import * as Table from '$lib/components/ui/table';
 	import UserGroupService from '$lib/services/user-group-service';
+	import appConfigStore from '$lib/stores/application-configuration-store';
 	import type { Paginated, SearchPaginationSortRequest } from '$lib/types/pagination.type';
 	import type { UserGroup, UserGroupWithUserCount } from '$lib/types/user-group.type';
 	import { axiosErrorToast } from '$lib/utils/error-util';
@@ -68,7 +69,7 @@
 					<DropdownMenu.Item href="/settings/admin/user-groups/{item.id}"
 						><LucidePencil class="mr-2 h-4 w-4" /> Edit</DropdownMenu.Item
 					>
-					{#if !item.ldapId}
+					{#if !item.ldapId || !$appConfigStore.ldapEnabled}
 						<DropdownMenu.Item
 							class="text-red-500 focus:!text-red-700"
 							on:click={() => deleteUserGroup(item)}
--- a/frontend/src/routes/settings/admin/users/user-form.svelte
+++ b/frontend/src/routes/settings/admin/users/user-form.svelte
@@ -2,6 +2,7 @@
 	import CheckboxWithLabel from '$lib/components/checkbox-with-label.svelte';
 	import FormInput from '$lib/components/form-input.svelte';
 	import { Button } from '$lib/components/ui/button';
+	import appConfigStore from '$lib/stores/application-configuration-store';
 	import type { User, UserCreate } from '$lib/types/user.type';
 	import { createForm } from '$lib/utils/form-util';
 	import { z } from 'zod';
@@ -15,7 +16,7 @@
 	} = $props();

 	let isLoading = $state(false);
-	let inputDisabled = $derived(!!existingUser?.ldapId);
+	let inputDisabled = $derived(!!existingUser?.ldapId && $appConfigStore.ldapEnabled);

 	const user = {
 		firstName: existingUser?.firstName || '',
--- a/frontend/src/routes/settings/admin/users/user-list.svelte
+++ b/frontend/src/routes/settings/admin/users/user-list.svelte
@@ -14,6 +14,7 @@
 	import Ellipsis from 'lucide-svelte/icons/ellipsis';
 	import { toast } from 'svelte-sonner';
 	import OneTimeLinkModal from './one-time-link-modal.svelte';
+	import appConfigStore from '$lib/stores/application-configuration-store';

 	let { users = $bindable() }: { users: Paginated<User> } = $props();
 	let requestOptions: SearchPaginationSortRequest | undefined = $state();
@@ -95,7 +96,7 @@
 					<DropdownMenu.Item onclick={() => goto(`/settings/admin/users/${item.id}`)}
 						><LucidePencil class="mr-2 h-4 w-4" /> Edit</DropdownMenu.Item
 					>
-					{#if !item.ldapId}
+					{#if !item.ldapId || !$appConfigStore.ldapEnabled}
 						<DropdownMenu.Item
 							class="text-red-500 focus:!text-red-700"
 							onclick={() => deleteUser(item)}