권한부여 및 정합성 검사 추가

2026-05-14 08:45:48 +09:00
parent f6f8e88342
commit 9ca73e8774
36 changed files with 1772 additions and 105 deletions
--- a/backend/internal/service/worksmobile_client.go
+++ b/backend/internal/service/worksmobile_client.go
@@ -32,6 +32,7 @@ type WorksmobileDirectoryClient interface {
 	CreateUser(ctx context.Context, payload WorksmobileUserPayload) error
 	UpsertUser(ctx context.Context, payload WorksmobileUserPayload) error
 	DeleteUser(ctx context.Context, userID string) error
+	SetUserActive(ctx context.Context, userID string, active bool) error
 	ListUsers(ctx context.Context) ([]WorksmobileRemoteUser, error)
 	ListGroups(ctx context.Context) ([]WorksmobileRemoteGroup, error)
 }
@@ -330,6 +331,33 @@ func (c *WorksmobileHTTPClient) DeleteUser(ctx context.Context, userID string) e
 	return c.sendJSON(ctx, http.MethodDelete, "/scim/v2/Users/"+url.PathEscape(remote.ID), nil)
 }

+func (c *WorksmobileHTTPClient) SetUserActive(ctx context.Context, userID string, active bool) error {
+	userID = strings.TrimSpace(userID)
+	if userID == "" {
+		return fmt.Errorf("worksmobile user id is required")
+	}
+	if strings.TrimSpace(c.SCIMToken) == "" {
+		return fmt.Errorf("worksmobile scim token is not configured")
+	}
+	remote, err := c.findSCIMUser(ctx, userID)
+	if err != nil {
+		return err
+	}
+	if remote == nil {
+		return nil
+	}
+	return c.sendJSON(ctx, http.MethodPatch, "/scim/v2/Users/"+url.PathEscape(remote.ID), map[string]any{
+		"schemas": []string{"urn:ietf:params:scim:api:messages:2.0:PatchOp"},
+		"Operations": []map[string]any{
+			{
+				"op":    "replace",
+				"path":  "active",
+				"value": active,
+			},
+		},
+	})
+}
+
 func (c *WorksmobileHTTPClient) FindUser(ctx context.Context, identifier string) (*WorksmobileRemoteUser, error) {
 	users, err := c.ListUsers(ctx)
 	if err != nil {
@@ -344,6 +372,21 @@ func (c *WorksmobileHTTPClient) FindUser(ctx context.Context, identifier string)
 	return nil, nil
 }

+func (c *WorksmobileHTTPClient) findSCIMUser(ctx context.Context, identifier string) (*WorksmobileRemoteUser, error) {
+	identifier = strings.TrimSpace(identifier)
+	var matched *WorksmobileRemoteUser
+	err := c.listSCIM(ctx, "/scim/v2/Users", func(resource map[string]any) {
+		if matched != nil {
+			return
+		}
+		user := parseWorksmobileRemoteUser(resource)
+		if strings.EqualFold(user.UserName, identifier) || user.ExternalID == identifier || strings.EqualFold(user.Email, identifier) {
+			matched = &user
+		}
+	})
+	return matched, err
+}
+
 func (c *WorksmobileHTTPClient) ListUsers(ctx context.Context) ([]WorksmobileRemoteUser, error) {
 	if c.directoryAuthConfigured() && len(c.DomainIDs) > 0 {
 		users, err := c.listDirectoryUsers(ctx, c.DomainIDs)