feat: assign users to groups returned by OIDC provider (#5965)

2025-07-06 15:41:45 +00:00 · 2023-02-02 13:53:48 -06:00
parent 026b1cd2a4
commit 496138b086
11 changed files with 477 additions and 133 deletions
--- a/enterprise/coderd/userauth.go
+++ b/enterprise/coderd/userauth.go
@ -0,0 +1,52 @@
+package coderd
+
+import (
+	"context"
+
+	"github.com/google/uuid"
+	"golang.org/x/xerrors"
+
+	"github.com/coder/coder/coderd/database"
+	"github.com/coder/coder/codersdk"
+)
+
+func (api *API) setUserGroups(ctx context.Context, db database.Store, userID uuid.UUID, groupNames []string) error {
+	api.entitlementsMu.RLock()
+	enabled := api.entitlements.Features[codersdk.FeatureTemplateRBAC].Enabled
+	api.entitlementsMu.RUnlock()
+
+	if !enabled {
+		return nil
+	}
+
+	return db.InTx(func(tx database.Store) error {
+		orgs, err := tx.GetOrganizationsByUserID(ctx, userID)
+		if err != nil {
+			return xerrors.Errorf("get user orgs: %w", err)
+		}
+		if len(orgs) != 1 {
+			return xerrors.Errorf("expected 1 org, got %d", len(orgs))
+		}
+
+		// Delete all groups the user belongs to.
+		err = tx.DeleteGroupMembersByOrgAndUser(ctx, database.DeleteGroupMembersByOrgAndUserParams{
+			UserID:         userID,
+			OrganizationID: orgs[0].ID,
+		})
+		if err != nil {
+			return xerrors.Errorf("delete user groups: %w", err)
+		}
+
+		// Re-add the user to all groups returned by the auth provider.
+		err = tx.InsertUserGroupsByName(ctx, database.InsertUserGroupsByNameParams{
+			UserID:         userID,
+			OrganizationID: orgs[0].ID,
+			GroupNames:     groupNames,
+		})
+		if err != nil {
+			return xerrors.Errorf("insert user groups: %w", err)
+		}
+
+		return nil
+	}, nil)
+}