From e2966d32ea063ffd5d433ac61c7855268650b281 Mon Sep 17 00:00:00 2001 From: Christoph Date: Mon, 21 Apr 2025 15:29:53 +0200 Subject: [PATCH] fix user creation (#411) --- internal/app/users/user_manager.go | 8 ++++++-- internal/domain/context.go | 8 ++++++++ 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/internal/app/users/user_manager.go b/internal/app/users/user_manager.go index af3cd21..fd4d3a5 100644 --- a/internal/app/users/user_manager.go +++ b/internal/app/users/user_manager.go @@ -389,12 +389,14 @@ func (m Manager) validateCreation(ctx context.Context, new *domain.User) error { return fmt.Errorf("reserved user identifier: %w", domain.ErrInvalidData) } - if new.Source != domain.UserSourceDatabase { + // Admins are allowed to create users for arbitrary sources. + if new.Source != domain.UserSourceDatabase && !currentUser.IsAdmin { return fmt.Errorf("invalid user source: %s, only %s is allowed: %w", new.Source, domain.UserSourceDatabase, domain.ErrInvalidData) } - if string(new.Password) == "" { + // database users must have a password + if new.Source == domain.UserSourceDatabase && string(new.Password) == "" { return fmt.Errorf("invalid password: %w", domain.ErrInvalidData) } @@ -430,6 +432,8 @@ func (m Manager) validateApiChange(ctx context.Context, user *domain.User) error } func (m Manager) runLdapSynchronizationService(ctx context.Context) { + ctx = domain.SetUserInfo(ctx, domain.LdapSyncContextUserInfo()) // switch to service context for LDAP sync + for _, ldapCfg := range m.cfg.Auth.Ldap { // LDAP Auth providers go func(cfg config.LdapProvider) { syncInterval := cfg.SyncInterval diff --git a/internal/domain/context.go b/internal/domain/context.go index 1c734a3..21bff62 100644 --- a/internal/domain/context.go +++ b/internal/domain/context.go @@ -45,6 +45,14 @@ func SystemAdminContextUserInfo() *ContextUserInfo { } } +// LdapSyncContextUserInfo returns a context user info for the LDAP syncer. +func LdapSyncContextUserInfo() *ContextUserInfo { + return &ContextUserInfo{ + Id: CtxSystemLdapSyncer, + IsAdmin: true, + } +} + // SetUserInfo sets the user info in the context. func SetUserInfo(ctx context.Context, info *ContextUserInfo) context.Context { ctx = context.WithValue(ctx, CtxUserInfo, info)