LDAP: validate organization role during parsing (#37188)

* LDAP: validate organization role during parsing * Trigger a new build * Check if grafana_admin is present
3 years ago · c41397a6e7
parent 18f089d1bd
commit c41397a6e7
3 changed files with 24 additions and 34 deletions
--- a/pkg/models/org_user.go
+++ b/pkg/models/org_user.go
@ -1,9 +1,9 @@
 package models
 import (
 	"encoding/json"
 	"errors"
 	"fmt"
 	"strings"
 	"time"
 )
@ -61,18 +61,14 @@ func (r RoleType) Parents() []RoleType {
 	}
 }
-func (r *RoleType) UnmarshalJSON(data []byte) error {
+func (r *RoleType) UnmarshalText(data []byte) error {
-	var str string
+	// make sure "viewer" and "Viewer" are both correct
-	err := json.Unmarshal(data, &str)
+	str := strings.Title(string(data))
 	if err != nil {
 		return err
 	}
 	*r = RoleType(str)
 	if !r.IsValid() {
 		if (*r) != "" {
-			return fmt.Errorf("JSON validation error: invalid role value: %s", *r)
+			return fmt.Errorf("invalid role value: %s", *r)
 		}
 		*r = ROLE_VIEWER
--- a/pkg/services/ldap/settings.go
+++ b/pkg/services/ldap/settings.go
@ -153,6 +153,10 @@ func readConfig(configFile string) (*Config, error) {
 		}
 		for _, groupMap := range server.Groups {
 			if groupMap.OrgRole == "" && groupMap.IsGrafanaAdmin == nil {
 				return nil, fmt.Errorf("LDAP group mapping: organization role or grafana admin status is required")
 			}
 			if groupMap.OrgId == 0 {
 				groupMap.OrgId = 1
 			}
--- a/public/app/features/admin/ldap/LdapUserGroups.tsx
+++ b/public/app/features/admin/ldap/LdapUserGroups.tsx
@ -33,31 +33,21 @@ export const LdapUserGroups: FC<Props> = ({ groups, showAttributeMapping }) => {
            {items.map((group, index) => {
              return (
                <tr key={`${group.orgId}-${index}`}>
-                  {showAttributeMapping && (
+                  {showAttributeMapping && <td>{group.groupDN}</td>}
-                    <>
+                  {group.orgName && group.orgRole ? <td>{group.orgName}</td> : <td />}
-                      <td>{group.groupDN}</td>
+                  {group.orgRole ? (
-                      {!group.orgRole && (
+                    <td>{group.orgRole}</td>
-                        <>
+                  ) : (
-                          <td />
+                    <td>
-                          <td>
+                      <span className="text-warning">
-                            <span className="text-warning">
+                        No match
-                              No match
+                        <Tooltip placement="top" content="No matching groups found" theme={'info'}>
-                              <Tooltip placement="top" content="No matching groups found" theme={'info'}>
+                          <span className="gf-form-help-icon">
-                                <span className="gf-form-help-icon">
+                            <Icon name="info-circle" />
-                                  <Icon name="info-circle" />
+                          </span>
-                                </span>
+                        </Tooltip>
-                              </Tooltip>
+                      </span>
-                            </span>
+                    </td>
                          </td>
                        </>
                      )}
                    </>
                  )}
                  {group.orgName && (
                    <>
                      <td>{group.orgName}</td>
                      <td>{group.orgRole}</td>
                    </>
                  )}
                </tr>
              );