OpenID: Ignore admin for advanced permissions

Also removed some semicolons
This commit is contained in:
Denis Arnst 2024-03-19 19:35:34 +01:00
parent 50330b0a60
commit 1646f0ebc2
No known key found for this signature in database
GPG Key ID: D5866C58940197BF

View File

@ -193,7 +193,7 @@ class Auth {
* Validates the presence and content of the group claim in userinfo. * Validates the presence and content of the group claim in userinfo.
*/ */
validateGroupClaim(userinfo) { validateGroupClaim(userinfo) {
const groupClaimName = Database.serverSettings.authOpenIDGroupClaim; const groupClaimName = Database.serverSettings.authOpenIDGroupClaim
if (!groupClaimName) // Allow no group claim when configured like this if (!groupClaimName) // Allow no group claim when configured like this
return true return true
@ -208,7 +208,7 @@ class Auth {
* Sets the user group based on group claim in userinfo. * Sets the user group based on group claim in userinfo.
*/ */
async setUserGroup(user, userinfo) { async setUserGroup(user, userinfo) {
const groupClaimName = Database.serverSettings.authOpenIDGroupClaim; const groupClaimName = Database.serverSettings.authOpenIDGroupClaim
if (!groupClaimName) // No group claim configured, don't set anything if (!groupClaimName) // No group claim configured, don't set anything
return return
@ -223,7 +223,7 @@ async setUserGroup(user, userinfo) {
Logger.debug(`[Auth] openid callback: Setting user ${user.username} type to ${userType}`) Logger.debug(`[Auth] openid callback: Setting user ${user.username} type to ${userType}`)
if (user.type !== userType) { if (user.type !== userType) {
user.type = userType; user.type = userType
await Database.userModel.updateFromOld(user) await Database.userModel.updateFromOld(user)
} }
} else { } else {
@ -239,6 +239,9 @@ async updateUserPermissions(user, userinfo) {
if (!absPermissionsClaim) // No advanced permissions claim configured, don't set anything if (!absPermissionsClaim) // No advanced permissions claim configured, don't set anything
return return
if (user.type === 'admin')
return
const absPermissions = userinfo[absPermissionsClaim] const absPermissions = userinfo[absPermissionsClaim]
if (!absPermissions) if (!absPermissions)
throw new Error(`Advanced permissions claim ${absPermissionsClaim} not found in userinfo`) throw new Error(`Advanced permissions claim ${absPermissionsClaim} not found in userinfo`)