FEATURE: Experimental support for group membership via google auth (#14835)

This commit introduces a new site setting "google_oauth2_hd_groups". If enabled, group information will be fetched from Google during authentication, and stored in the Discourse database. These 'associated groups' can be connected to a Discourse group via the "Membership" tab of the group preferences UI. The majority of the implementation is generic, so we will be able to add support to more authentication methods in the near future. https://meta.discourse.org/t/managing-group-membership-via-authentication/175950
2021-12-09 20:30:27 +08:00
parent 347669ef04
commit df3886d6e5
44 changed files with 926 additions and 16 deletions
@@ -1,11 +1,13 @@
 import Component from "@ember/component";
 import I18n from "I18n";
 import { computed } from "@ember/object";
-import { not } from "@ember/object/computed";
+import { not, readOnly } from "@ember/object/computed";
 import discourseComputed from "discourse-common/utils/decorators";
+import AssociatedGroup from "discourse/models/associated-group";

 export default Component.extend({
  tokenSeparator: "|",
+  showAssociatedGroups: readOnly("site.can_associate_groups"),

  init() {
    this._super(...arguments);
@@ -20,6 +22,10 @@ export default Component.extend({
      { name: 3, value: 3 },
      { name: 4, value: 4 },
    ];
+
+    if (this.showAssociatedGroups) {
+      this.loadAssociatedGroups();
+    }
  },

  canEdit: not("model.automatic"),
@@ -54,6 +60,10 @@ export default Component.extend({
    return this.model.emailDomains.split(this.tokenSeparator).filter(Boolean);
  }),

+  loadAssociatedGroups() {
+    AssociatedGroup.list().then((ags) => this.set("associatedGroups", ags));
+  },
+
  actions: {
    onChangeEmailDomainsSetting(value) {
      this.set(
@@ -0,0 +1,17 @@
+import EmberObject from "@ember/object";
+import { ajax } from "discourse/lib/ajax";
+import { popupAjaxError } from "discourse/lib/ajax-error";
+
+const AssociatedGroup = EmberObject.extend();
+
+AssociatedGroup.reopenClass({
+  list() {
+    return ajax("/associated_groups")
+      .then((result) => {
+        return result.associated_groups.map((ag) => AssociatedGroup.create(ag));
+      })
+      .catch(popupAjaxError);
+  },
+});
+
+export default AssociatedGroup;
@@ -29,6 +29,11 @@ const Group = RestModel.extend({
    return isEmpty(value) ? "" : value;
  },

+  @discourseComputed("associated_group_ids")
+  associatedGroupIds(value) {
+    return isEmpty(value) ? [] : value;
+  },
+
  @discourseComputed("automatic")
  type(automatic) {
    return automatic ? "automatic" : "custom";
@@ -277,6 +282,11 @@ const Group = RestModel.extend({
      }
    );

+    let agIds = this.associated_group_ids;
+    if (agIds) {
+      attrs["associated_group_ids"] = agIds.length ? agIds : [null];
+    }
+
    if (this.flair_type === "icon") {
      attrs["flair_icon"] = this.flair_icon;
    } else if (this.flair_type === "image") {
@@ -59,6 +59,23 @@
      onChange=(action "onChangeEmailDomainsSetting")
      options=(hash allowAny=true)
    }}
+
+    {{#if showAssociatedGroups}}
+      <label for="automatic_membership_associated_groups">
+        {{i18n "admin.groups.manage.membership.automatic_membership_associated_groups"}}
+      </label>
+
+      {{list-setting
+        name="automatic_membership_associated_groups"
+        class="group-form-automatic-membership-associated-groups"
+        value=model.associatedGroupIds
+        choices=associatedGroups
+        settingName="name"
+        nameProperty="label"
+        valueProperty="id"
+        onChange=(action (mut model.associated_group_ids))
+      }}
+    {{/if}}
  </div>

  {{plugin-outlet name="groups-form-membership-below-automatic"
@@ -7,9 +7,24 @@ import {
 import { click, visit } from "@ember/test-helpers";
 import selectKit from "discourse/tests/helpers/select-kit-helper";
 import { test } from "qunit";
+import Site from "discourse/models/site";

 acceptance("Managing Group Membership", function (needs) {
  needs.user();
+  needs.pretender((server, helper) => {
+    server.get("/associated_groups", () =>
+      helper.response({
+        associated_groups: [
+          {
+            id: 123,
+            name: "test-group",
+            provider_name: "google_oauth2",
+            label: "google_oauth2:test-group",
+          },
+        ],
+      })
+    );
+  });

  test("As an admin", async function (assert) {
    updateCurrentUser({ can_create_group: true });
@@ -94,6 +109,36 @@ acceptance("Managing Group Membership", function (needs) {
    assert.strictEqual(emailDomains.header().value(), "foo.com");
  });

+  test("As an admin on a site that can associate groups", async function (assert) {
+    let site = Site.current();
+    site.set("can_associate_groups", true);
+    updateCurrentUser({ can_create_group: true });
+
+    await visit("/g/alternative-group/manage/membership");
+
+    const associatedGroups = selectKit(
+      ".group-form-automatic-membership-associated-groups"
+    );
+    await associatedGroups.expand();
+    await associatedGroups.selectRowByName("google_oauth2:test-group");
+    await associatedGroups.keyboard("enter");
+
+    assert.equal(associatedGroups.header().name(), "google_oauth2:test-group");
+  });
+
+  test("As an admin on a site that can't associate groups", async function (assert) {
+    let site = Site.current();
+    site.set("can_associate_groups", false);
+    updateCurrentUser({ can_create_group: true });
+
+    await visit("/g/alternative-group/manage/membership");
+
+    assert.ok(
+      !exists('label[for="automatic_membership_associated_groups"]'),
+      "it should not display associated groups automatic membership label"
+    );
+  });
+
  test("As a group owner", async function (assert) {
    updateCurrentUser({ moderator: false, admin: false });

@@ -104,6 +149,11 @@ acceptance("Managing Group Membership", function (needs) {
      "it should not display automatic membership label"
    );

+    assert.ok(
+      !exists('label[for="automatic_membership_associated_groups"]'),
+      "it should not display associated groups automatic membership label"
+    );
+
    assert.ok(
      !exists(".groups-form-automatic-membership-retroactive"),
      "it should not display automatic membership retroactive checkbox"