Basic Groups support #1
Conversation
| @@ -18,7 +20,7 @@ def json_scim_response(object:, status: :ok, counts: nil) | |||
| content_type: CONTENT_TYPE | |||
| when "show", "create", "put_update", "patch_update" | |||
| render \ | |||
| json: user_response(object), | |||
| json: object_response(object), | |||
There was a problem hiding this comment.
response.rb の修正:userしか扱わない前提だったが、groupも共通で扱えるようにするために object に統一
|
|
||
| def find_value_for(attribute) | ||
| params.dig(*path_for(attribute)) | ||
| end |
There was a problem hiding this comment.
find_value_for および、path_for は scim_users_controller.rb に存在したが、Groupでも使うので application_controller に移動。
| module ScimRails | ||
| class ScimQueryParser | ||
| attr_accessor :query_elements | ||
| attr_accessor :query_elements, :query_attributes |
There was a problem hiding this comment.
query_attributes は queryable_user_attributes 固定だったが、Groupでも使うので外から指定する形に修正
| totalResults: counts.total, | ||
| startIndex: counts.start_index, | ||
| itemsPerPage: counts.limit, | ||
| Resources: list_objects(object) |
There was a problem hiding this comment.
list_objects -> object_response -> find_value と関数が呼ばれていくが、
これらは GET(index) の処理で利用しているもの。
| when ScimRails.config.scim_users_model | ||
| find_value(schema, ScimRails.config.user_abbreviated_schema) |
There was a problem hiding this comment.
Group のレスポンスを返す時に、members としてユーザの情報を返す。
そこに含まれるユーザ情報は通常と違い省略された値が入る。
そのため、members の中身に対応するハッシュを取得する時はコンフィグの user_abbreviated_schema に従って値を取得する。
{
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:Group"],
"id": "e9e30dba-f08f-4109-8486-d5c6a331660a",
"displayName": "Tour Guides",
"members": [
{
"value": "2819c223-7f76-453a-919d-413861904646",
"$ref":
"https://example.com/v2/Users/2819c223-7f76-453a-919d-413861904646",
"display": "Babs Jensen"
},
{
"value": "902c246b-6245-4190-8e05-00816be7344a",
"$ref":
"https://example.com/v2/Users/902c246b-6245-4190-8e05-00816be7344a",
"display": "Mandy Pepperidge"
}
],
"meta": {
"resourceType": "Group",
"created": "2010-01-23T04:56:22Z",
"lastModified": "2011-05-13T04:42:34Z",
"version": "W\/\"3694e05e9dff592\"",
"location":
"https://example.com/v2/Groups/e9e30dba-f08f-4109-8486-d5c6a331660a"
}
}
| when ScimRails.config.scim_groups_model | ||
| find_value(schema, ScimRails.config.group_abbreviated_schema) |
There was a problem hiding this comment.
上述の Group に対する members のように、Userのレスポンスを返す時に groups として情報を返すパターンで利用。
| when Hash | ||
| object.each.with_object({}) do |(key, value), hash| | ||
| hash[key] = find_value(user, value) | ||
| schema.each.with_object({}) do |(key, value), hash| | ||
| hash[key] = find_value(object, value) |
There was a problem hiding this comment.
一番最初のfind_valueは絶対にここに入る
(ScimRails.config.user_schema or ScimRails.config.group_schema の2択)
Why?
Support for SCIM user Groups is currently missing
lessonly#46
What?
Caveats
membersis a bit hacky.Testing Notes
I'm developing this using Okta as well so there shouldn't be anything extra to set up.
Alternatives Considered
There is the option to build a more complete User association handling as outlined in lessonly#39, but I felt that's a bit too big to chew for this purpose.