From e9f032ed9a322b58bc36f098e4d83d9f06838e7b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Eduardo=20Sanz=20Garc=C3=ADa?= <esanz-garcia@gitlab.com>
Date: Mon, 15 Aug 2022 23:59:31 +0000
Subject: [PATCH] Display SCIM identities in the identity table
For EE admin users, SCIM identities are now shown under `Admin >
Overview > Users > USER > identity tab`
Changelog: added
EE: true
---
app/helpers/admin/identities_helper.rb | 8 +++
app/views/admin/identities/index.html.haml | 6 ++-
ee/app/helpers/ee/admin/identities_helper.rb | 9 ++++
.../admin/identities/_scim_identity.html.haml | 10 ++++
.../ee/admin/identities_helper_spec.rb | 33 ++++++++++--
.../admin/identities/index.html.haml_spec.rb | 50 ++++++++++++++++++-
spec/helpers/admin/identities_helper_spec.rb | 20 ++++++++
7 files changed, 128 insertions(+), 8 deletions(-)
create mode 100644 ee/app/views/admin/identities/_scim_identity.html.haml
diff --git a/app/helpers/admin/identities_helper.rb b/app/helpers/admin/identities_helper.rb
index 8557f322bff5..48e01840394e 100644
--- a/app/helpers/admin/identities_helper.rb
+++ b/app/helpers/admin/identities_helper.rb
@@ -22,6 +22,14 @@ def saml_group_cell_testid(identity)
def saml_group_link(identity)
'-'
end
+
+ def identity_cells_to_render?(identities, _user)
+ identities.present?
+ end
+
+ def scim_identities_collection(_user)
+ []
+ end
end
end
diff --git a/app/views/admin/identities/index.html.haml b/app/views/admin/identities/index.html.haml
index 99d5e2a93c4c..1bb149699398 100644
--- a/app/views/admin/identities/index.html.haml
+++ b/app/views/admin/identities/index.html.haml
@@ -11,8 +11,10 @@
%th{ class: 'gl-border-t-0!' }= _('Group')
%th{ class: 'gl-border-t-0!' }= _('Identifier')
%th{ class: 'gl-border-t-0!' }= _('Actions')
- = render @identities
- - if @identities.blank?
+ - if identity_cells_to_render?(@identities, @user)
+ = render_if_exists partial: 'admin/identities/scim_identity', collection: scim_identities_collection(@user)
+ = render @identities
+ - else
%tbody
%tr
%td{ colspan: '5' }
diff --git a/ee/app/helpers/ee/admin/identities_helper.rb b/ee/app/helpers/ee/admin/identities_helper.rb
index 416d4faf81ae..425a254cf4ec 100644
--- a/ee/app/helpers/ee/admin/identities_helper.rb
+++ b/ee/app/helpers/ee/admin/identities_helper.rb
@@ -31,6 +31,15 @@ def saml_group_link(identity)
link_to identity.saml_provider.group.path, identity.saml_provider.group
end
+
+ def identity_cells_to_render?(identities, user)
+ super || user.scim_identities.present?
+ end
+
+ override :scim_identities_collection
+ def scim_identities_collection(user)
+ user.scim_identities
+ end
end
end
end
diff --git a/ee/app/views/admin/identities/_scim_identity.html.haml b/ee/app/views/admin/identities/_scim_identity.html.haml
new file mode 100644
index 000000000000..5f969e04b424
--- /dev/null
+++ b/ee/app/views/admin/identities/_scim_identity.html.haml
@@ -0,0 +1,10 @@
+%tr
+ %td
+ SCIM
+ %td{ data: { testid: 'provider_id_blank' } }
+ = '-'
+ %td
+ = link_to scim_identity.group.path, scim_identity.group
+ %td
+ = scim_identity.extern_uid
+ %td
diff --git a/ee/spec/helpers/ee/admin/identities_helper_spec.rb b/ee/spec/helpers/ee/admin/identities_helper_spec.rb
index 1a692c419375..27c2809d35bc 100644
--- a/ee/spec/helpers/ee/admin/identities_helper_spec.rb
+++ b/ee/spec/helpers/ee/admin/identities_helper_spec.rb
@@ -3,18 +3,23 @@
require 'spec_helper'
RSpec.describe Admin::IdentitiesHelper do
- let_it_be(:user) { create(:user) }
let_it_be(:group) { create(:group) }
let_it_be(:saml_provider) { create(:saml_provider, group: group) }
let_it_be(:saml_identity) do
- create(:identity, provider: 'group_saml', saml_provider_id: saml_provider.id, user: user,
- extern_uid: 'saml-uid')
+ create(:identity, provider: 'group_saml', saml_provider_id: saml_provider.id, extern_uid: 'saml-uid')
end
let_it_be(:ldap_identity) do
- create(:identity, user: user, extern_uid: 'without-saml-uid')
+ create(:identity, extern_uid: 'without-saml-uid')
end
+ let_it_be(:user_without_scim_identities) { create(:user) }
+ let_it_be(:scim_identity) do
+ create(:scim_identity, group: group, extern_uid: 'scim-uid')
+ end
+
+ let_it_be(:user_with_scim_identities) { scim_identity.user }
+
describe '#provider_id_cell_testid' do
context 'without SAML provider ID' do
it 'shows blank provider id for data-testid' do
@@ -70,4 +75,24 @@
end
end
end
+
+ describe '#identity_cells_to_render?' do
+ context 'without SCIM identies' do
+ it 'returns false' do
+ expect(helper.identity_cells_to_render?([], user_without_scim_identities)).to eq false
+ end
+ end
+
+ context 'with SCIM identities' do
+ it 'returns true' do
+ expect(helper.identity_cells_to_render?([], user_with_scim_identities)).to eq true
+ end
+ end
+ end
+
+ describe '#scim_identities_collection' do
+ it 'returns SCIM identities' do
+ expect(helper.scim_identities_collection(user_with_scim_identities)).to match_array [scim_identity]
+ end
+ end
end
diff --git a/ee/spec/views/admin/identities/index.html.haml_spec.rb b/ee/spec/views/admin/identities/index.html.haml_spec.rb
index 0ec25e484629..499b58d7a122 100644
--- a/ee/spec/views/admin/identities/index.html.haml_spec.rb
+++ b/ee/spec/views/admin/identities/index.html.haml_spec.rb
@@ -7,7 +7,7 @@
let_it_be(:group) { create(:group) }
let_it_be(:saml_provider) { create(:saml_provider, group: group) }
- let_it_be(:saml_user) { create(:user) }
+ let_it_be(:saml_user, refind: true) { create(:user) }
let_it_be(:saml_identity) do
create(:identity, provider: 'group_saml', saml_provider_id: saml_provider.id, user: saml_user,
extern_uid: 'saml-uid')
@@ -18,9 +18,55 @@
view.lookup_context.prefixes = ['admin/identities']
end
+ context 'without SCIM or other identities' do
+ before do
+ assign(:identities, [])
+ end
+
+ it 'shows information text' do
+ render
+
+ expect(rendered).to include('<td colspan="5">').exactly(1)
+ expect(rendered).to include(_('This user has no identities'))
+ end
+ end
+
+ context 'with SCIM identities' do
+ before_all do
+ create(:scim_identity, group: group, extern_uid: 'scim-uid', user: saml_user)
+ assign(:identities, [])
+ end
+
+ it 'shows exactly 5 columns' do
+ render
+
+ expect(rendered).to include('</td>').exactly(5)
+ end
+
+ it 'shows identity without provider ID' do
+ render
+
+ # Provider
+ expect(rendered).to include('SCIM')
+ # Provider ID
+ expect(rendered).to include('data-testid="provider_id_blank"')
+ # Group
+ expect(rendered).to include("<a href=\"/#{group.path}\">#{group.path}</a>")
+ # Identifier
+ expect(rendered).to include('scim-uid')
+ end
+
+ it 'shows no edit or delete identity buttons' do
+ render
+
+ expect(rendered).not_to include("aria-label=\"#{_('Edit')}\"")
+ expect(rendered).not_to include("aria-label=\"#{_('Delete identity')}\"")
+ end
+ end
+
context 'with SAML identities' do
before do
- assign(:identities, saml_user.identities)
+ assign(:identities, saml_identity)
end
it 'shows exactly 5 columns' do
diff --git a/spec/helpers/admin/identities_helper_spec.rb b/spec/helpers/admin/identities_helper_spec.rb
index f8e56e4f32d8..9a7fdd3aa693 100644
--- a/spec/helpers/admin/identities_helper_spec.rb
+++ b/spec/helpers/admin/identities_helper_spec.rb
@@ -35,4 +35,24 @@
expect(helper.saml_group_link(identity)).to eq '-'
end
end
+
+ describe '#identity_cells_to_render?' do
+ context 'without identities' do
+ it 'returns false' do
+ expect(helper.identity_cells_to_render?([], user)).to eq false
+ end
+ end
+
+ context 'with identities' do
+ it 'returns true' do
+ expect(helper.identity_cells_to_render?(identity, user)).to eq true
+ end
+ end
+ end
+
+ describe '#scim_identities_collection' do
+ it 'returns empty array' do
+ expect(helper.scim_identities_collection(user)).to eq []
+ end
+ end
end
--
GitLab