From e1ebd528b83359d26a6ad139cc95fc7fd7089a60 Mon Sep 17 00:00:00 2001
From: Sarah Vaupel <sarah.vaupel@uniworx.de>
Date: Fri, 8 Mar 2024 21:16:16 +0100
Subject: [PATCH] chore(auth): use available sources in AuthIsExternal access
 pred

---
 src/Foundation/Authorization.hs | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/Foundation/Authorization.hs b/src/Foundation/Authorization.hs
index 507c0619e..770ef64f9 100644
--- a/src/Foundation/Authorization.hs
+++ b/src/Foundation/Authorization.hs
@@ -1531,7 +1531,10 @@ tagAccessPredicate AuthIsExternal = APDB $ \_ _ _ route _ -> exceptT return retu
     CourseR _ _ _ (CUserR cID) -> return cID
     _other -> throwError =<< $unsupportedAuthPredicate AuthIsExternal route
   referencedUser' <- catchIfMExceptT (const $ unauthorizedI MsgUnauthorizedSelf) (const True :: CryptoIDError -> Bool) $ decrypt referencedUser
-  let availableSources = error "tagAccessPredicate: no available sources yet" -- TODO: implement once config supports source idents
+  availableSources <- getsYesod (view _appUserAuthConf) >>= \case
+    UserAuthConfSingleSource{..} -> return . singleton $ case userAuthConfSingleSource of
+      AuthSourceConfAzureAdV2 AzureConf{..} -> AuthSourceIdAzure azureConfTenantId
+      AuthSourceConfLdap      LdapConf{..}  -> AuthSourceIdLdap  ldapConfSourceId
   maybeTMExceptT (unauthorizedI MsgUnauthorizedExternal) $ do
     Entity _ User{userIdent} <- MaybeT $ getEntity referencedUser'
     guardM . lift $ exists [ ExternalUserUser ==. userIdent, ExternalUserSource <-. availableSources ]