- Disable Rails/HttpPositionalArguments completely.
It is often not relevant and breaks specs when rubocop -a is used.
- Support excludedAttributes for all enpoints in SCIM Server API
- Fix excludedAttributes to handle nested attributes correctly. e.g. name.givenName
- Respond with 403 whne User can't be deleted due to lack of permissions.
- Refactor scim related code by removing duplication where possible.
- Remove BasicAuth from supported auth schemes.
- Add specific specs to test SCIM authentication.
- Extend specs.
- Use ServiceAccount associated with ScimClient for making user changes
- Remove scoping by scim_client.auth_provider_id
So, SCIM Client has access to any not_builtin User.
- Associate user with AuthProvider configured in ScimModel
instead of choosing the first one.
- Implement excludedAttributes for GET requests.
- Handled uniqueness violations for group creatation.
- Make sure PATCH works with adding/replacing/removing group members.
- Pick one user email from a list: primary => work => first alphabetical.
- Mark group as inactive before DeleteJob is scheduled.
- Enable SCIM Patch.
- Use user_auth_provider_links instead of users.identity_url.
- Extend SCIM ActiveRecord base scopes to join and preload appropriate associations.
- Set a stub for user.firstname and user.lastname if they are not provided by SCIM client.
- Handle user unique constraint vialation according to SCIM spec.
- Move user_auth_provider_links association to principal as group needs it as well.
- Set user.mail dynamically from the list of emails provided by SCIM client.
- Change BaseServices::Create contract to accept model instance as a constructor parameter.
It gives an option to build associations before model creation.
- extend SCIM server API schema to include externalId.
- Adjust specs.
ServiceProviderConfig enpoint will communiczte that PATCH is not supported.
PATCH is optional according to the specificaiton.
Main reason for disabling it:
it requires special treatment of adding/removing group members,
because in OpenProject it should be done through service(Groups::UpdateSerivce which
uses Groups::AddUsersService underneath), not model association.
Before, all the projects the group might have been in before the new
membership got created were considered by the SQL which potentially
results in a lot of records to be processed (the results were correct).
Now, only the project the new membership is created for is considered in
the SQL as that is the only project in which the group's users could
rightfully become members now.
* spec with correctly scoped links
* move db check into own file - fix deprecation
* basic spec for member creation service
* use constants for all notifications
* send an OP notification after member has been created
* send an OP notification after member has been updated
* mails on group member added
Depending on whether the membership existed before or not, an updated or
a created notification is send. This is done asynchronously.
* move all mail sender background jobs into namespace
* wip
* wip
* correct handling group member notifications
* add setting enable/disable mail sending on member alterations
* use services in members controller
* move Notifiable to OpenProject
* remove member after save hooks
* cleanup/testing/linting
* render member mails in receiver locale
* remove add_member! method
* use mailer layout for all mailers
* Update app/services/groups/cleanup_inherited_roles_service.rb
Co-authored-by: Oliver Günther <mail@oliverguenther.de>
* use around callback to avoid prepending
* handle nil params
Co-authored-by: Oliver Günther <mail@oliverguenther.de>
* Move replacing invalid references into separate job for principals
* Write migration to remove existing invalid custom values and responsible
* Fix other specs
* Fix other specs
* rewrite replacing user in records
* consolidate principal deletion
* include placeholder users in spec
Co-authored-by: ulferts <jens.ulferts@googlemail.com>
Updates the copyright to 2021 for all files that have a copyright. Files in our source code without the copyright header still do not receive one automatically. Additionally, backlisted files are also excluded.
Previously the copyright of chiliproject which references redmine stated a copyright of redmine up to and including 2017 which is not true for the code we have in here. Because of that I changed that to 2013
Less db queries when
* removing a member from a group
* removing a group from a project
* removing a group
Mostly this is done by
* adding eager load statements where neessary
* pruning watchers only once
Please note, that the last is only possible via hack which consists of
passing a flag which prevents calling prune when we already know that
the pruning will take place later on anyway.
Klaus Zanders