forked from baron/baron-sso
사용자 상태 세분화
This commit is contained in:
@@ -215,6 +215,7 @@ func (s *worksmobileSyncService) EnqueueBackfillDryRun(ctx context.Context, tena
|
||||
if err != nil {
|
||||
return WorksmobileBackfillDryRun{}, err
|
||||
}
|
||||
users = worksmobileSyncScopeUsers(users)
|
||||
_ = s.outboxRepo.Create(ctx, &domain.WorksmobileOutbox{
|
||||
ResourceType: domain.WorksmobileResourceOrgUnit,
|
||||
ResourceID: root.ID,
|
||||
@@ -366,6 +367,12 @@ func (s *worksmobileSyncService) EnqueueUserSync(ctx context.Context, tenantID,
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if domain.IsWorksDeprovisionUserStatus(user.Status) {
|
||||
return s.enqueueUserDelete(ctx, *user, "user:delete:"+user.ID, root.ID)
|
||||
}
|
||||
if !domain.IsWorksProvisionedUserStatus(user.Status) {
|
||||
return nil, errors.New("target user status is excluded from Worksmobile sync")
|
||||
}
|
||||
tenantByID := worksmobileTenantByID(append([]domain.Tenant{*root}, scopeTenants...))
|
||||
payload, err := BuildWorksmobileUserPayloadForDomainTenants(
|
||||
*user,
|
||||
@@ -510,6 +517,13 @@ func (s *worksmobileSyncService) EnqueueUserUpsertIfInScope(ctx context.Context,
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if domain.IsWorksDeprovisionUserStatus(user.Status) {
|
||||
_, err := s.enqueueUserDelete(ctx, user, "user:delete:"+user.ID, root.ID)
|
||||
return err
|
||||
}
|
||||
if !domain.IsWorksProvisionedUserStatus(user.Status) {
|
||||
return nil
|
||||
}
|
||||
tenantByID := worksmobileTenantByID(append([]domain.Tenant{*root}, scopeTenants...))
|
||||
payload, err := BuildWorksmobileUserPayloadForDomainTenants(
|
||||
user,
|
||||
@@ -545,16 +559,32 @@ func (s *worksmobileSyncService) EnqueueUserDeleteIfInScope(ctx context.Context,
|
||||
if err != nil || !ok {
|
||||
return err
|
||||
}
|
||||
return s.outboxRepo.Create(ctx, &domain.WorksmobileOutbox{
|
||||
_, err = s.enqueueUserDelete(ctx, user, "user:delete:"+user.ID, "")
|
||||
return err
|
||||
}
|
||||
|
||||
func (s *worksmobileSyncService) enqueueUserDelete(ctx context.Context, user domain.User, dedupeKey string, rootID string) (*domain.WorksmobileOutbox, error) {
|
||||
payload := domain.JSONMap{
|
||||
"userExternalKey": user.ID,
|
||||
"loginEmail": user.Email,
|
||||
}
|
||||
if rootID != "" {
|
||||
payload["tenantRootId"] = rootID
|
||||
}
|
||||
if status := domain.NormalizeUserStatus(user.Status); status != "" {
|
||||
payload["baronStatus"] = status
|
||||
}
|
||||
item := &domain.WorksmobileOutbox{
|
||||
ResourceType: domain.WorksmobileResourceUser,
|
||||
ResourceID: user.ID,
|
||||
Action: domain.WorksmobileActionDelete,
|
||||
DedupeKey: "user:delete:" + user.ID,
|
||||
Payload: domain.JSONMap{
|
||||
"userExternalKey": user.ID,
|
||||
"loginEmail": user.Email,
|
||||
},
|
||||
})
|
||||
DedupeKey: dedupeKey,
|
||||
Payload: payload,
|
||||
}
|
||||
if err := s.outboxRepo.Create(ctx, item); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return item, nil
|
||||
}
|
||||
|
||||
func (s *worksmobileSyncService) hanmacRoot(ctx context.Context, tenantID string) (*domain.Tenant, error) {
|
||||
@@ -803,8 +833,18 @@ func compareWorksmobileUsers(localUsers []domain.User, remoteUsers []Worksmobile
|
||||
}
|
||||
localByID := map[string]domain.User{}
|
||||
matchedRemoteIDs := map[string]bool{}
|
||||
excludedLocalIDs := map[string]bool{}
|
||||
result := make([]WorksmobileComparisonItem, 0)
|
||||
for _, user := range localUsers {
|
||||
if !domain.IsWorksProvisionedUserStatus(user.Status) {
|
||||
excludedLocalIDs[user.ID] = true
|
||||
if remote, ok := remoteByExternalID[user.ID]; ok {
|
||||
matchedRemoteIDs[remote.ID] = true
|
||||
} else if remote, ok := remoteByEmail[strings.ToLower(strings.TrimSpace(user.Email))]; ok {
|
||||
matchedRemoteIDs[remote.ID] = true
|
||||
}
|
||||
continue
|
||||
}
|
||||
localByID[user.ID] = user
|
||||
remote, matched := remoteByExternalID[user.ID]
|
||||
if !matched {
|
||||
@@ -848,6 +888,9 @@ func compareWorksmobileUsers(localUsers []domain.User, remoteUsers []Worksmobile
|
||||
if matchedRemoteIDs[remote.ID] {
|
||||
continue
|
||||
}
|
||||
if excludedLocalIDs[remote.ExternalID] {
|
||||
continue
|
||||
}
|
||||
if remote.ExternalID == "" {
|
||||
result = append(result, WorksmobileComparisonItem{
|
||||
ResourceType: "USER",
|
||||
@@ -1094,3 +1137,17 @@ func worksmobileTenantParentSlug(tenant domain.Tenant, tenantByID map[string]dom
|
||||
}
|
||||
return strings.TrimSpace(tenantByID[parentID].Slug)
|
||||
}
|
||||
|
||||
func worksmobileSyncScopeUsers(users []domain.User) []domain.User {
|
||||
if len(users) == 0 {
|
||||
return users
|
||||
}
|
||||
filtered := make([]domain.User, 0, len(users))
|
||||
for _, user := range users {
|
||||
if !domain.IsWorksProvisionedUserStatus(user.Status) {
|
||||
continue
|
||||
}
|
||||
filtered = append(filtered, user)
|
||||
}
|
||||
return filtered
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user