Do not allow tenant domains to be deleted if they have members (closes #812)

author: mdecimus <mauro@stalw.art> 2024-09-27 15:41:12 +0200
committer: mdecimus <mauro@stalw.art> 2024-09-27 15:41:12 +0200
commit: c62859705b75378463e8033bb02ce2c6037a819f (patch)
tree: ff5a470ac8097746149f4a57fd8e8a11f4e0ce2c
parent: 7a8edb67bb091035e78c19b82031610c2fd11574 (diff)
1 files changed, 55 insertions, 0 deletions
diff --git a/crates/directory/src/backend/internal/manage.rs b/crates/directory/src/backend/internal/manage.rs
index 740ef471..7ee269bc 100644
--- a/crates/directory/src/backend/internal/manage.rs
+++ b/crates/directory/src/backend/internal/manage.rs
@@ -512,6 +512,7 @@ impl ManageDirectory for Store {
                             Type::Resource,
                             Type::Other,
                             Type::Location,
+                            Type::Domain,
                         ],
                         &[PrincipalField::Name],
                         0,
@@ -540,6 +541,60 @@ impl ManageDirectory for Store {
                     return Err(error("Tenant has members", message.into()));
                 }
             }
+            Type::Domain => {
+                if let Some(tenant_id) = principal.tenant() {
+                    let name = principal.name();
+                    let tenant_members = self
+                        .list_principals(
+                            None,
+                            tenant_id.into(),
+                            &[
+                                Type::Individual,
+                                Type::Group,
+                                Type::Role,
+                                Type::List,
+                                Type::Resource,
+                                Type::Other,
+                                Type::Location,
+                            ],
+                            &[PrincipalField::Name],
+                            0,
+                            0,
+                        )
+                        .await
+                        .caused_by(trc::location!())?;
+                    let domain_members = tenant_members
+                        .items
+                        .iter()
+                        .filter(|v| {
+                            v.name()
+                                .rsplit_once('@')
+                                .map_or(false, |(_, d)| d.eq_ignore_ascii_case(name))
+                        })
+                        .collect::<Vec<_>>();
+                    let total_domain_members = domain_members.len();
+
+                    if total_domain_members > 0 {
+                        let mut message =
+                            String::from("Domains must have no members to be deleted: Found: ");
+
+                        for (num, principal) in domain_members.iter().enumerate() {
+                            if num > 0 {
+                                message.push_str(", ");
+                            }
+                            message.push_str(principal.name());
+                        }
+
+                        if total_domain_members > 5 {
+                            message.push_str(" and ");
+                            message.push_str(&(total_domain_members - 5).to_string());
+                            message.push_str(" others");
+                        }
+
+                        return Err(error("Domain has members", message.into()));
+                    }
+                }
+            }
 
             _ => {}
         }
author	mdecimus <mauro@stalw.art>	2024-09-27 15:41:12 +0200
committer	mdecimus <mauro@stalw.art>	2024-09-27 15:41:12 +0200
commit	c62859705b75378463e8033bb02ce2c6037a819f (patch)
tree	ff5a470ac8097746149f4a57fd8e8a11f4e0ce2c
parent	7a8edb67bb091035e78c19b82031610c2fd11574 (diff)