diff --git a/schema.graphql b/schema.graphql index d3c501a..e5ad39d 100644 --- a/schema.graphql +++ b/schema.graphql @@ -18,6 +18,10 @@ type Mutation { addGroupAttribute(name: String!, attributeType: AttributeType!, isList: Boolean!, isVisible: Boolean!, isEditable: Boolean!): Success! deleteUserAttribute(name: String!): Success! deleteGroupAttribute(name: String!): Success! + addUserObjectClass(name: String!): Success! + addGroupObjectClass(name: String!): Success! + deleteUserObjectClass(name: String!): Success! + deleteGroupObjectClass(name: String!): Success! } type Group { diff --git a/server/src/infra/access_control.rs b/server/src/infra/access_control.rs index d7458e5..853e1c0 100644 --- a/server/src/infra/access_control.rs +++ b/server/src/infra/access_control.rs @@ -12,7 +12,10 @@ use crate::domain::{ UpdateUserRequest, UserBackendHandler, UserListerBackendHandler, UserRequestFilter, }, schema::PublicSchema, - types::{AttributeName, Group, GroupDetails, GroupId, GroupName, User, UserAndGroups, UserId}, + types::{ + AttributeName, Group, GroupDetails, GroupId, GroupName, LdapObjectClass, User, + UserAndGroups, UserId, + }, }; #[derive(Clone, Copy, PartialEq, Eq, Debug)] @@ -112,6 +115,10 @@ pub trait AdminBackendHandler: async fn add_group_attribute(&self, request: CreateAttributeRequest) -> Result<()>; async fn delete_user_attribute(&self, name: &AttributeName) -> Result<()>; async fn delete_group_attribute(&self, name: &AttributeName) -> Result<()>; + async fn add_user_object_class(&self, name: &LdapObjectClass) -> Result<()>; + async fn add_group_object_class(&self, name: &LdapObjectClass) -> Result<()>; + async fn delete_user_object_class(&self, name: &LdapObjectClass) -> Result<()>; + async fn delete_group_object_class(&self, name: &LdapObjectClass) -> Result<()>; } #[async_trait] @@ -187,6 +194,18 @@ impl AdminBackendHandler for Handler { async fn delete_group_attribute(&self, name: &AttributeName) -> Result<()> { ::delete_group_attribute(self, name).await } + async fn add_user_object_class(&self, name: &LdapObjectClass) -> Result<()> { + ::add_user_object_class(self, name).await + } + async fn add_group_object_class(&self, name: &LdapObjectClass) -> Result<()> { + ::add_group_object_class(self, name).await + } + async fn delete_user_object_class(&self, name: &LdapObjectClass) -> Result<()> { + ::delete_user_object_class(self, name).await + } + async fn delete_group_object_class(&self, name: &LdapObjectClass) -> Result<()> { + ::delete_group_object_class(self, name).await + } } pub struct AccessControlledBackendHandler { diff --git a/server/src/infra/graphql/mutation.rs b/server/src/infra/graphql/mutation.rs index b7d28b2..b0249c5 100644 --- a/server/src/infra/graphql/mutation.rs +++ b/server/src/infra/graphql/mutation.rs @@ -9,7 +9,7 @@ use crate::{ }, types::{ AttributeName, AttributeType, AttributeValue as DomainAttributeValue, GroupId, - JpegPhoto, UserId, + JpegPhoto, LdapObjectClass, UserId, }, }, infra::{ @@ -490,6 +490,90 @@ impl Mutation { .await?; Ok(Success::new()) } + + async fn add_user_object_class( + context: &Context, + name: String, + ) -> FieldResult { + let span = debug_span!("[GraphQL mutation] add_user_object_class"); + span.in_scope(|| { + debug!(?name); + }); + let handler = context + .get_admin_handler() + .ok_or_else(field_error_callback( + &span, + "Unauthorized object class addition", + ))?; + handler + .add_user_object_class(&LdapObjectClass::from(name)) + .instrument(span) + .await?; + Ok(Success::new()) + } + + async fn add_group_object_class( + context: &Context, + name: String, + ) -> FieldResult { + let span = debug_span!("[GraphQL mutation] add_group_object_class"); + span.in_scope(|| { + debug!(?name); + }); + let handler = context + .get_admin_handler() + .ok_or_else(field_error_callback( + &span, + "Unauthorized object class addition", + ))?; + handler + .add_group_object_class(&LdapObjectClass::from(name)) + .instrument(span) + .await?; + Ok(Success::new()) + } + + async fn delete_user_object_class( + context: &Context, + name: String, + ) -> FieldResult { + let span = debug_span!("[GraphQL mutation] delete_user_object_class"); + span.in_scope(|| { + debug!(?name); + }); + let handler = context + .get_admin_handler() + .ok_or_else(field_error_callback( + &span, + "Unauthorized object class deletion", + ))?; + handler + .delete_user_object_class(&LdapObjectClass::from(name)) + .instrument(span) + .await?; + Ok(Success::new()) + } + + async fn delete_group_object_class( + context: &Context, + name: String, + ) -> FieldResult { + let span = debug_span!("[GraphQL mutation] delete_group_object_class"); + span.in_scope(|| { + debug!(?name); + }); + let handler = context + .get_admin_handler() + .ok_or_else(field_error_callback( + &span, + "Unauthorized object class deletion", + ))?; + handler + .delete_group_object_class(&LdapObjectClass::from(name)) + .instrument(span) + .await?; + Ok(Success::new()) + } } async fn create_group_with_details(