-
-
Notifications
You must be signed in to change notification settings - Fork 525
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
First implementation of SAML teams mapping #4770
base: main
Are you sure you want to change the base?
Conversation
Thanks @the-glu for giving this a try 👍 Code-wise it looks good (haven't checked details, but the overall view is great), . Now as you mentioned: tests are missing and documentation. I'd like to try it, but I don't have a Keycloak setup, so I need either Azure AD or Google Workspace. |
@the-glu what's the syntax in the local.yaml config for this? from the code it looks like another line in the mapping section? would like to test this. |
Hello, Great, I will add tests and documentation as soon as possible :) I tested with our internal SSO but it should works with any SSO. If you like I can make you a Keycloak available somewhere with some basic configuration. For the syntax in the local.yaml config for testing:
Saml attribute is the value in the attribute list (that you specify on the line before), kimai is the team id on the kimai side (edit a team and check the URL for the ID), leader is if the user should be leader or not of the team :) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
works in my lab
An approval is too early 😁 but great feedback 🚀 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks! A few small things to check.
return $this->configuration->getSamlTeamsAttribute(); | ||
} | ||
|
||
public function getTeamsMapping(): array |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
public function getTeamsMapping(): array | |
/** | |
* @return array<int, array{'saml': string, 'kimai': int, 'leader': string}> | |
*/ | |
public function getTeamsMapping(): array |
Please check if that is correct.
Then add the same for the Interface and then you can remove the PHPStan ignores as well.
The PHPStan baseline can only be reduced, but no new ones should be added.
$teamMap = []; | ||
foreach ($teamMapping as $mapping) { | ||
$field = $mapping['kimai']; | ||
$team = $this->teamRepository->findById($field)[0]; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I do not like repository magic methods. Please change that to:
$team = $this->teamRepository->findById($field)[0]; | |
$team = $this->teamRepository->findOneBy(['id' => $field]); | |
if ($team !== null) { | |
... |
if ($this->configuration->isTeamsResetOnLogin()) { | ||
// For all teams of the user, we check that the user should be present | ||
foreach ($user->getTeams() as $userTeam) { | ||
$shouldBeInTeam = false; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we even need the boolean? Can't you replace the break
by a continue 2
?
Description
Hello,
This is a basic implementation of #3846: It add possibility to map kimai's team from a SAML attribute.
It's also allow setting the leadership 'attribute' of a user in a team.
This PR currently lacks tests and documentations, I wanted first to be sure the implementation direction is ok :)
Feedback is welcome, my PHP is a bit rusty ^^'
===> PR for documentation: kimai/www.kimai.org#423
Types of changes
Checklist
composer code-check
)