chore(auth): use available sources in AuthIsExternal access pred

2024-03-08 21:16:16 +01:00 · 2024-03-08 21:16:16 +01:00 · e1ebd528b8
commit e1ebd528b8
parent 708320e067
1 changed files with 4 additions and 1 deletions
--- a/src/Foundation/Authorization.hs
+++ b/src/Foundation/Authorization.hs
@ -1531,7 +1531,10 @@ tagAccessPredicate AuthIsExternal = APDB $ \_ _ _ route _ -> exceptT return retu
    CourseR _ _ _ (CUserR cID) -> return cID
    _other -> throwError =<< $unsupportedAuthPredicate AuthIsExternal route
  referencedUser' <- catchIfMExceptT (const $ unauthorizedI MsgUnauthorizedSelf) (const True :: CryptoIDError -> Bool) $ decrypt referencedUser
-  let availableSources = error "tagAccessPredicate: no available sources yet" -- TODO: implement once config supports source idents
+  availableSources <- getsYesod (view _appUserAuthConf) >>= \case
+    UserAuthConfSingleSource{..} -> return . singleton $ case userAuthConfSingleSource of
+      AuthSourceConfAzureAdV2 AzureConf{..} -> AuthSourceIdAzure azureConfTenantId
+      AuthSourceConfLdap      LdapConf{..}  -> AuthSourceIdLdap  ldapConfSourceId
  maybeTMExceptT (unauthorizedI MsgUnauthorizedExternal) $ do
    Entity _ User{userIdent} <- MaybeT $ getEntity referencedUser'
    guardM . lift $ exists [ ExternalUserUser ==. userIdent, ExternalUserSource <-. availableSources ]