From f664265481ab557baeba18c6291bbc7a311a3f40 Mon Sep 17 00:00:00 2001 From: Arthur Schiwon Date: Wed, 18 Sep 2024 17:40:56 +0200 Subject: [PATCH] debug(Groups): log group handling upon login Signed-off-by: Arthur Schiwon --- lib/GroupManager.php | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/lib/GroupManager.php b/lib/GroupManager.php index 63948fa1..c862e38e 100644 --- a/lib/GroupManager.php +++ b/lib/GroupManager.php @@ -70,6 +70,7 @@ public function __construct( private function getGroupsToRemove(array $samlGroupNames, array $assignedGroups): array { $groupsToRemove = []; foreach ($assignedGroups as $group) { + \OCP\Log\logger('user_saml')->debug('Checking group {group} for removal', ['group' => $group->getGID()]); // if group is not supplied by SAML and group has SAML backend if (!in_array($group->getGID(), $samlGroupNames) && $this->hasSamlBackend($group)) { $groupsToRemove[] = $group->getGID(); @@ -88,6 +89,7 @@ private function getGroupsToRemove(array $samlGroupNames, array $assignedGroups) private function getGroupsToAdd(array $samlGroupNames, array $assignedGroupIds): array { $groupsToAdd = []; foreach ($samlGroupNames as $groupName) { + \OCP\Log\logger('user_saml')->debug('Checking group {group} for addition', ['group' => $groupName]); $group = $this->groupManager->get($groupName); // if user is not assigned to the group or the provided group has a non SAML backend if (!in_array($groupName, $assignedGroupIds) || !$this->hasSamlBackend($group)) { @@ -286,11 +288,17 @@ protected function hasGroupForeignMembers(IGroup $group): bool { * allowed only for groups owned by the SAML backend. */ protected function mayModifyGroup(?IGroup $group): bool { - return + $isInTransitionList = $group !== null && $group->getGID() !== 'admin' && in_array('Database', $group->getBackendNames()) - && $this->isGroupInTransitionList($group->getGID()) - && !$this->hasGroupForeignMembers($group); + && $this->isGroupInTransitionList($group->getGID()); + + if ($isInTransitionList) { + \OCP\Log\logger('user_saml')->debug('Checking group {group} for foreign members', ['group' => $group->getGID()]); + $hasOnlySamlUsers = !$this->hasGroupForeignMembers($group); + \OCP\Log\logger('user_saml')->debug('Completed checking group {group} for foreign members', ['group' => $group->getGID()]); + } + return $isInTransitionList && $hasOnlySamlUsers; } }