LDAP: validate organization role during parsing (#37188)

* LDAP: validate organization role during parsing * Trigger a new build * Check if grafana_admin is present
3 years ago · c41397a6e7
parent 18f089d1bd
commit c41397a6e7
3 changed files with 24 additions and 34 deletions
--- a/pkg/models/org_user.go
+++ b/pkg/models/org_user.go
@ -1,9 +1,9 @@
 package models

 import (
-	"encoding/json"
 	"errors"
 	"fmt"
+	"strings"
 	"time"
 )

@ -61,18 +61,14 @@ func (r RoleType) Parents() []RoleType {
 	}
 }

-func (r *RoleType) UnmarshalJSON(data []byte) error {
-	var str string
-	err := json.Unmarshal(data, &str)
-	if err != nil {
-		return err
-	}
+func (r *RoleType) UnmarshalText(data []byte) error {
+	// make sure "viewer" and "Viewer" are both correct
+	str := strings.Title(string(data))

 	*r = RoleType(str)
-
 	if !r.IsValid() {
 		if (*r) != "" {
-			return fmt.Errorf("JSON validation error: invalid role value: %s", *r)
+			return fmt.Errorf("invalid role value: %s", *r)
 		}

 		*r = ROLE_VIEWER
--- a/pkg/services/ldap/settings.go
+++ b/pkg/services/ldap/settings.go
@ -153,6 +153,10 @@ func readConfig(configFile string) (*Config, error) {
 		}

 		for _, groupMap := range server.Groups {
+			if groupMap.OrgRole == "" && groupMap.IsGrafanaAdmin == nil {
+				return nil, fmt.Errorf("LDAP group mapping: organization role or grafana admin status is required")
+			}
+
 			if groupMap.OrgId == 0 {
 				groupMap.OrgId = 1
 			}
--- a/public/app/features/admin/ldap/LdapUserGroups.tsx
+++ b/public/app/features/admin/ldap/LdapUserGroups.tsx
@ -33,12 +33,11 @@ export const LdapUserGroups: FC<Props> = ({ groups, showAttributeMapping }) => {
            {items.map((group, index) => {
              return (
                <tr key={`${group.orgId}-${index}`}>
-                  {showAttributeMapping && (
-                    <>
-                      <td>{group.groupDN}</td>
-                      {!group.orgRole && (
-                        <>
-                          <td />
+                  {showAttributeMapping && <td>{group.groupDN}</td>}
+                  {group.orgName && group.orgRole ? <td>{group.orgName}</td> : <td />}
+                  {group.orgRole ? (
+                    <td>{group.orgRole}</td>
+                  ) : (
                    <td>
                      <span className="text-warning">
                        No match
@ -49,15 +48,6 @@ export const LdapUserGroups: FC<Props> = ({ groups, showAttributeMapping }) => {
                        </Tooltip>
                      </span>
                    </td>
-                        </>
-                      )}
-                    </>
-                  )}
-                  {group.orgName && (
-                    <>
-                      <td>{group.orgName}</td>
-                      <td>{group.orgRole}</td>
-                    </>
                  )}
                </tr>
              );