feat: disable/enable users (#437)

Co-authored-by: Elias Schneider <login@eliasschneider.com>
2025-12-16 09:13:20 +03:00 · 2025-04-18 10:38:50 -05:00
parent 56a8b5d0c0
commit c843a60131
24 changed files with 245 additions and 56 deletions
--- a/backend/internal/service/ldap_service.go
+++ b/backend/internal/service/ldap_service.go
@@ -279,6 +279,22 @@ func (s *LdapService) SyncUsers(ctx context.Context, tx *gorm.DB, client *ldap.C
 			Where("ldap_id = ?", ldapId).
 			First(&databaseUser).
 			Error
+
+		// If a user is found (even if disabled), enable them since they're now back in LDAP
+		if databaseUser.ID != "" && databaseUser.Disabled {
+			// Use the transaction instead of the direct context
+			err = tx.
+				WithContext(ctx).
+				Model(&model.User{}).
+				Where("id = ?", databaseUser.ID).
+				Update("disabled", false).
+				Error
+
+			if err != nil {
+				log.Printf("Failed to enable user %s: %v", databaseUser.Username, err)
+			}
+		}
+
 		if err != nil && !errors.Is(err, gorm.ErrRecordNotFound) {
 			// This could error with ErrRecordNotFound and we want to ignore that here
 			return fmt.Errorf("failed to query for LDAP user ID '%s': %w", ldapId, err)
@@ -336,24 +352,32 @@ func (s *LdapService) SyncUsers(ctx context.Context, tx *gorm.DB, client *ldap.C
 	err = tx.
 		WithContext(ctx).
 		Find(&ldapUsersInDb, "ldap_id IS NOT NULL").
-		Select("ldap_id").
+		Select("id, username, ldap_id, disabled").
 		Error
 	if err != nil {
 		return fmt.Errorf("failed to fetch users from database: %w", err)
 	}

-	// Delete users that no longer exist in LDAP
+	// Mark users as disabled or delete users that no longer exist in LDAP
 	for _, user := range ldapUsersInDb {
+		// Skip if the user ID exists in the fetched LDAP results
 		if _, exists := ldapUserIDs[*user.LdapID]; exists {
 			continue
 		}

-		err = s.userService.deleteUserInternal(ctx, user.ID, true, tx)
-		if err != nil {
-			return fmt.Errorf("failed to delete user '%s': %w", user.Username, err)
+		if dbConfig.LdapSoftDeleteUsers.IsTrue() {
+			err = s.userService.DisableUser(ctx, user.ID, tx)
+			if err != nil {
+				log.Printf("Failed to disable user %s: %v", user.Username, err)
+				continue
+			}
+		} else {
+			err = s.userService.DeleteUser(ctx, user.ID, true)
+			if err != nil {
+				log.Printf("Failed to delete user %s: %v", user.Username, err)
+				continue
+			}
 		}
-
-		log.Printf("Deleted user '%s'", user.Username)
 	}

 	return nil