New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Occ command to update group mapping information #14
Conversation
@jvillafanez, thanks for your PR! By analyzing the history of the files in this pull request, we identified @blizzz, @owncloud-bot and @nickvergessen to be potential reviewers. |
|
||
$groupProxy = new Group_Proxy($availableConfigs, $this->ldap); | ||
|
||
foreach ($groupIDs as $groupID) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
would be good to have some unit tests where possible, as I see the logic here a bit complex
protected function configure() { | ||
$this | ||
->setName('ldap:update-group') | ||
->setDescription('update the specified group information') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
does it mean we are reloading the LDAP groups ? syncing the specified LDAP groups to OC ?
if yes, maybe update the description to say so.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It updates the group membership information stored in the DB. Does "update the specified group membership information stored locally" sound better?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sounds good
$availableConfigs = $helper->getServerConfigurationPrefixes(); | ||
|
||
// show configuration information, useful to debug | ||
$output->writeln('group membership attribute is critical for this command to work properly, please verify', OutputInterface::VERBOSITY_VERBOSE); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is this an error message ?
it looks like it asks the user to verify something but doesn't ask whether the user wants to continue but continues directly ? should we add a prompt "continue yes/no" with an override --yes
option ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I didn't want to keep bothering the user over and over when the attribute is properly set. However, adding the --yes
option seems a better choice.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this, assuming that we cannot detect whether the property is properly set.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
now thinking of it I think it's ok to keep the warning but not ask for confirmation.
If an admin really goes as far as using this command, it means they already have setup their groups in LDAP properly so there is no need to bother that much.
foreach ($groupIDs as $groupID) { | ||
$output->writeln("checking group \"$groupID\"...", OutputInterface::VERBOSITY_VERBOSE); | ||
if (!$groupProxy->groupExists($groupID)) { | ||
$output->writeln("\"$groupID\" is missing, unmapping it", OutputInterface::VERBOSITY_VERBOSE); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"$groupID doesn't exist in LDAP any more, removing local mapping" ?
$output->writeln("\"$groupID\" is missing, unmapping it", OutputInterface::VERBOSITY_VERBOSE); | ||
$this->removeGroupMapping($groupID); | ||
} else { | ||
$output->writeln("updating \"$groupID\" group DB information", OutputInterface::VERBOSITY_VERBOSE); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"group DB" or "group mapping" ? you seem to be mixing terms, better stay consistent with the wording to avoid confusion. Or are they different things and I'm already confused 😕
$userList = $groupProxy->usersInGroup($groupID); | ||
$userChanges = $this->updateGroupMapping($groupID, $userList); | ||
|
||
$output->writeln("sending hooks", OutputInterface::VERBOSITY_VERBOSE); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"triggering hooks" might sound better
/** | ||
* Return and array with 2 lists: one for the users added and another for the users removed from | ||
* the group: | ||
* ['added' => ['user1', 'user20'], 'removed' => ['user22']] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great to have a comment, even better to use PHPDoc style as well:
@param array $groupName
...
😄
/** | ||
* Make sure $groupNames doesn't contain duplicated values. This function could behave | ||
* unexpectedly otherwise. | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the invasion of the red blood spaces has begun!
|
Hmmm, no sure what I'm doing wrong: whatever the situation there is never any output. I have the following config:
Then I run this:
No output. Only if I pass a wrong group id I'll get an error, so output does work. I'm unable to paste my LDAP config as show-config is broken and I don't know where to find the config-id in the DB: #16 |
Hmm okay, seems I passed to many Here is the output after adding and deleting a user from "Box10":
Hmm, ok so it seems to work.
|
Adjusted messages, plus the verbosity of some of them in order to show output when no verbosity is given. There is one thing that might not be a good idea: the confirmation dialog is also hidden if the command runs with the "-q" option. The command hangs until the user confirms the hidden dialog, which is a very bad UX from my point of view. If we decide to get rid of the dialog, we might need to show the warning message always (previous verbosity to make it appear was "-v") and add another option to hide the warning. |
Yeah, please just get rid of the confirmation. I think it's not needed as per my comment here #14 (comment) If an admin made it that far, then they already have proper group mappings. |
@jvillafanez let me know when this is ready for review again and set the label to "3 - To Review". Thanks |
Verbosity is better now.
Also I hope no one will get the idea trying to parse this output. |
I deleted "Box100" which existed in openLDAP, then ran the command:
|
I tried to keep the changes as minimum as possible, so showing a trace instead of a parseable output was easier. If it's needed then we should fix it in another PR.
Solved now. |
Tested, works 👍 Question: should this command be extended to also allow adding/syncing newly created groups that weren't known in OC before ? (or ones that were deleted and re-added) |
Probably, but taking into account we'll have to perform a search which might bring more groups (searching for Box1 will bring also Box11, Box12, Box100, etc), and I'm not sure about possible side effects specially with caching, I don't know if it's a good idea. |
@jvillafanez please press the button for the CLA - |
looks like he did now, let's merge |
As this is a new feature, I'm not sure about backporting... is this critical enough ? @felixboehm |
Yes definitiv for 9.0 |
@jvillafanez can i ask you to take care? thx |
Sure, taking into account the set of changes, I'll just copy & paste the file between the repos (with the minor change in the register_command.php file) |
Stable9.1: owncloud/core#26341 |
|
Great work, thanks! |
Raised #20 because I think that we shouldn't fail in case one group is not found, due to potential admin + cron use cases. |
Original PR: owncloud/core#26029
Related issue: https://github.com/owncloud/enterprise/issues/1464
We need to agree on backporting this PR (issue comes from version 8.2)