권한부여 및 정합성 검사 추가

2026-05-14 08:45:48 +09:00
parent f6f8e88342
commit 9ca73e8774
36 changed files with 1772 additions and 105 deletions
--- a/backend/internal/service/worksmobile_client_test.go
+++ b/backend/internal/service/worksmobile_client_test.go
@@ -235,6 +235,42 @@ func TestWorksmobileHTTPClientListUsersFallsBackToSCIMWhenDirectoryFails(t *test
 	require.Equal(t, "/scim/v2/Users", transport.requests[1].URL.Path)
 }

+func TestWorksmobileHTTPClientSetUserActivePatchesSCIMActiveFlag(t *testing.T) {
+	transport := &captureRoundTripper{
+		responses: []captureResponse{
+			{statusCode: http.StatusOK, body: `{"totalResults":1,"Resources":[{"id":"scim-user-1","externalId":"user-1","userName":"tester@samaneng.com","active":true,"emails":[{"value":"tester@samaneng.com","primary":true}]}]}`},
+			{statusCode: http.StatusOK, body: `{}`},
+		},
+	}
+	client := &WorksmobileHTTPClient{
+		BaseURL:    "https://works.example.test",
+		SCIMToken:  "scim-token-1",
+		HTTPClient: &http.Client{Transport: transport},
+	}
+
+	err := client.SetUserActive(context.Background(), "tester@samaneng.com", false)
+
+	require.NoError(t, err)
+	require.Len(t, transport.requests, 2)
+	require.Equal(t, http.MethodGet, transport.requests[0].Method)
+	require.Equal(t, "/scim/v2/Users", transport.requests[0].URL.Path)
+	require.Equal(t, http.MethodPatch, transport.requests[1].Method)
+	require.Equal(t, "/scim/v2/Users/scim-user-1", transport.requests[1].URL.Path)
+	require.Equal(t, "Bearer scim-token-1", transport.requests[1].Header.Get("Authorization"))
+
+	var patchPayload map[string]any
+	require.Len(t, transport.requestBodies, 1)
+	require.NoError(t, json.Unmarshal(transport.requestBodies[0], &patchPayload))
+	operations, ok := patchPayload["Operations"].([]any)
+	require.True(t, ok)
+	require.Len(t, operations, 1)
+	operation, ok := operations[0].(map[string]any)
+	require.True(t, ok)
+	require.Equal(t, "replace", operation["op"])
+	require.Equal(t, "active", operation["path"])
+	require.Equal(t, false, operation["value"])
+}
+
 func TestWorksmobileHTTPClientListGroupsUsesDirectoryAPIFirst(t *testing.T) {
 	t.Setenv("SAMAN_DOMAIN_ID", "300285955")
 	transport := &captureRoundTripper{
@@ -373,6 +409,60 @@ func TestWorksmobileRelayWorkerProcessesUserCreateAndMarksProcessed(t *testing.T
 	require.Equal(t, "tester@samaneng.com", client.createdUsers[0].Email)
 }

+func TestWorksmobileRelayWorkerProcessesUserSuspendAndMarksProcessed(t *testing.T) {
+	repo := &fakeWorksmobileOutboxRepo{
+		ready: []domain.WorksmobileOutbox{
+			{
+				ID:           "job-1",
+				ResourceType: domain.WorksmobileResourceUser,
+				ResourceID:   "user-1",
+				Action:       domain.WorksmobileActionSuspend,
+				Status:       domain.WorksmobileOutboxStatusPending,
+				Payload: worksmobileUserOutboxPayload("root-1", WorksmobileUserPayload{
+					Email:           "tester@samaneng.com",
+					UserExternalKey: "user-1",
+				}),
+			},
+		},
+	}
+	client := &fakeWorksmobileDirectoryClient{}
+	worker := NewWorksmobileRelayWorker(repo, client)
+
+	err := worker.ProcessOnce(context.Background())
+
+	require.NoError(t, err)
+	require.Equal(t, []string{"job-1"}, repo.processingIDs)
+	require.Equal(t, []string{"job-1"}, repo.processedIDs)
+	require.Equal(t, []string{"tester@samaneng.com"}, client.suspendedUsers)
+}
+
+func TestWorksmobileRelayWorkerProcessesActiveUserUpsertAndReactivates(t *testing.T) {
+	repo := &fakeWorksmobileOutboxRepo{
+		ready: []domain.WorksmobileOutbox{
+			{
+				ID:           "job-1",
+				ResourceType: domain.WorksmobileResourceUser,
+				ResourceID:   "user-1",
+				Action:       domain.WorksmobileActionUpsert,
+				Status:       domain.WorksmobileOutboxStatusPending,
+				Payload: worksmobileUserOutboxPayload("root-1", WorksmobileUserPayload{
+					Email:           "tester@samaneng.com",
+					UserExternalKey: "user-1",
+				}, domain.UserStatusActive),
+			},
+		},
+	}
+	client := &fakeWorksmobileDirectoryClient{}
+	worker := NewWorksmobileRelayWorker(repo, client)
+
+	err := worker.ProcessOnce(context.Background())
+
+	require.NoError(t, err)
+	require.Equal(t, []string{"job-1"}, repo.processedIDs)
+	require.Equal(t, "tester@samaneng.com", client.createdUsers[0].Email)
+	require.Equal(t, []string{"tester@samaneng.com"}, client.activeUsers)
+}
+
 func TestRedactWorksmobileOutboxPayloadsRemovesInitialPasswordFromOverview(t *testing.T) {
 	jobs := []domain.WorksmobileOutbox{
 		{
@@ -714,6 +804,8 @@ type fakeWorksmobileDirectoryClient struct {
 	createdOrgUnits  []WorksmobileOrgUnitPayload
 	createdUsers     []WorksmobileUserPayload
 	deletedUsers     []string
+	activeUsers      []string
+	suspendedUsers   []string
 	orgUnitMatchKeys []string
 }

@@ -803,6 +895,15 @@ func (f *fakeWorksmobileDirectoryClient) DeleteUser(ctx context.Context, userID
 	return nil
 }

+func (f *fakeWorksmobileDirectoryClient) SetUserActive(ctx context.Context, userID string, active bool) error {
+	if active {
+		f.activeUsers = append(f.activeUsers, userID)
+	} else {
+		f.suspendedUsers = append(f.suspendedUsers, userID)
+	}
+	return nil
+}
+
 func (f *fakeWorksmobileDirectoryClient) ListUsers(ctx context.Context) ([]WorksmobileRemoteUser, error) {
 	return nil, nil
 }