Skip to content

Commit

Permalink
[ROCK-8674] Sync correctly admin status (#304)
Browse files Browse the repository at this point in the history
* Add metabase admin group to group sync list

* Update changelog
  • Loading branch information
grios-stratio authored Oct 24, 2022
1 parent c4f1a2f commit 36e060f
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 8 deletions.
4 changes: 4 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
# Changelog

## 0.43.4-0.1.1 (upcoming)

* [ROCK-8674] Sync correctly Administrators group

## 0.43.4-0.1.0 (2022-10-07)

* [ROCK-7390] Update metabase to 0.43
Expand Down
17 changes: 9 additions & 8 deletions src/metabase/stratio/auth.clj
Original file line number Diff line number Diff line change
Expand Up @@ -39,10 +39,11 @@
(contains? (set groups) admin-group))

(defn- effective-groups
[groups]
(if whitelist-disabled?
(set groups)
(set/intersection (set groups) whitelist)))
[groups superuser?]
(cond-> (set groups)
whitelist-enabled? (set/intersection whitelist)
true (disj group/admin-group-name) ;; prevent a SSO "Administrators" group to trigger admin status
superuser? (conj group/admin-group-name)))

(defn- allowed-user
[{:keys [user groups error]}]
Expand Down Expand Up @@ -83,21 +84,21 @@
(log/error "Could not create and sync groups. Error:" (st.util/stack-trace e)))))

(defn- fetch-or-create-user!
[{first_name :first_name {groups :groups} :login_attributes, :as allowed-user}]
[{first_name :first_name {groups :groups} :login_attributes superuser? :is_superuser, :as allowed-user}]
(or (if-let [user-in-db (db/select-one [User :id :last_login :is_superuser] :first_name first_name)]
(do
;; Check if superuser status has changed and update if necessary
(if (or (apply not= (map :is_superuser [user-in-db allowed-user]))
(apply not= (map :login_attributes [user-in-db allowed-user])))
(db/update! User (:id user-in-db)
:is_superuser (:is_superuser allowed-user)
:is_superuser superuser?
:login_attributes (:login_attributes allowed-user)))
(if create-and-sync-groups?
(create-and-sync-groups! (:id user-in-db) (effective-groups groups)))
(create-and-sync-groups! (:id user-in-db) (effective-groups groups superuser?)))
user-in-db))
(let [user-inserted (insert-new-user! allowed-user)]
(if create-and-sync-groups?
(create-and-sync-groups! (:id user-inserted) (effective-groups groups)))
(create-and-sync-groups! (:id user-inserted) (effective-groups groups superuser?)))
user-inserted)))

(defn create-session-from-headers!
Expand Down

0 comments on commit 36e060f

Please sign in to comment.