diff options
author | mdecimus <mauro@stalw.art> | 2024-09-27 15:41:12 +0200 |
---|---|---|
committer | mdecimus <mauro@stalw.art> | 2024-09-27 15:41:12 +0200 |
commit | c62859705b75378463e8033bb02ce2c6037a819f (patch) | |
tree | ff5a470ac8097746149f4a57fd8e8a11f4e0ce2c | |
parent | 7a8edb67bb091035e78c19b82031610c2fd11574 (diff) |
Do not allow tenant domains to be deleted if they have members (closes #812)
-rw-r--r-- | crates/directory/src/backend/internal/manage.rs | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/crates/directory/src/backend/internal/manage.rs b/crates/directory/src/backend/internal/manage.rs index 740ef471..7ee269bc 100644 --- a/crates/directory/src/backend/internal/manage.rs +++ b/crates/directory/src/backend/internal/manage.rs @@ -512,6 +512,7 @@ impl ManageDirectory for Store { Type::Resource, Type::Other, Type::Location, + Type::Domain, ], &[PrincipalField::Name], 0, @@ -540,6 +541,60 @@ impl ManageDirectory for Store { return Err(error("Tenant has members", message.into())); } } + Type::Domain => { + if let Some(tenant_id) = principal.tenant() { + let name = principal.name(); + let tenant_members = self + .list_principals( + None, + tenant_id.into(), + &[ + Type::Individual, + Type::Group, + Type::Role, + Type::List, + Type::Resource, + Type::Other, + Type::Location, + ], + &[PrincipalField::Name], + 0, + 0, + ) + .await + .caused_by(trc::location!())?; + let domain_members = tenant_members + .items + .iter() + .filter(|v| { + v.name() + .rsplit_once('@') + .map_or(false, |(_, d)| d.eq_ignore_ascii_case(name)) + }) + .collect::<Vec<_>>(); + let total_domain_members = domain_members.len(); + + if total_domain_members > 0 { + let mut message = + String::from("Domains must have no members to be deleted: Found: "); + + for (num, principal) in domain_members.iter().enumerate() { + if num > 0 { + message.push_str(", "); + } + message.push_str(principal.name()); + } + + if total_domain_members > 5 { + message.push_str(" and "); + message.push_str(&(total_domain_members - 5).to_string()); + message.push_str(" others"); + } + + return Err(error("Domain has members", message.into())); + } + } + } _ => {} } |