Merge branch 'master' into fix-userlog-jwt-secret

2026-03-01 10:30:40 -06:00 · 2023-03-03 18:48:16 +01:00
parent 1234429a8d a6dfddaab0
commit 67b61cdf46
13 changed files with 132 additions and 75 deletions
--- a/services/graph/README.md
+++ b/services/graph/README.md
@@ -1,3 +1,15 @@
 # Graph service

 The graph service provides the Graph API which is a RESTful web API used to access Infinite Scale resources. It is inspired by the [Microsoft Graph API](https://learn.microsoft.com/en-us/graph/use-the-api) and can be used by clients or other services or extensions.
+
+## Manual Filters
+
+Using the API, you can manually filter like for users. See the [Libre Graph API](https://owncloud.dev/libre-graph-api/#/users/ListUsers) for examples in the [developer documentation](https://owncloud.dev). Note that you can use `and` and `or` to refine results.
+
+## Sequence Diagram
+
+The following image gives an overview of the scenario when a client requests to list available spaces the user has access to. To do so, the client is directed with his request automatically via the proxy service to the graph service.
+
+<!-- referencing: https://github.com/owncloud/ocis/pull/3816 ([docs-only] add client protocol overview) -->
+
+<img src="./images/mermaid-graph.svg" width="500" />
--- a/services/graph/images/mermaid-graph.svg
+++ b/services/graph/images/mermaid-graph.svg
--- a/services/graph/pkg/service/v0/users_filter.go
+++ b/services/graph/pkg/service/v0/users_filter.go
@@ -50,6 +50,12 @@ func (g Graph) applyFilterLogical(ctx context.Context, req *godata.GoDataRequest
 			return users, invalidFilterError()
 		}
 		return g.applyFilterLogicalAnd(ctx, req, root.Children[0], root.Children[1])
+	case "or":
+		// 'or' needs 2 operands
+		if len(root.Children) != 2 {
+			return users, invalidFilterError()
+		}
+		return g.applyFilterLogicalOr(ctx, req, root.Children[0], root.Children[1])
 	}
 	logger.Debug().Str("Token", root.Token.Value).Msg("unsupported logical filter")
 	return users, unsupportedFilterError()
@@ -109,6 +115,32 @@ func (g Graph) applyFilterLogicalAnd(ctx context.Context, req *godata.GoDataRequ
 	return filteredUsers, nil
 }

+func (g Graph) applyFilterLogicalOr(ctx context.Context, req *godata.GoDataRequest, operand1 *godata.ParseNode, operand2 *godata.ParseNode) (users []*libregraph.User, err error) {
+	//	logger := g.logger.SubloggerWithRequestID(ctx)
+	var res1, res2 []*libregraph.User
+
+	res1, err = g.applyUserFilter(ctx, req, operand1)
+	if err != nil {
+		return []*libregraph.User{}, err
+	}
+
+	res2, err = g.applyUserFilter(ctx, req, operand2)
+	if err != nil {
+		return []*libregraph.User{}, err
+	}
+
+	// We now have two slices with results of the subfilters. Now turn one of them
+	// into a map for efficiently getting the union of both slices
+	userSet := userSliceToMap(res1)
+	filteredUsers := make([]*libregraph.User, 0, len(res1)+len(res2))
+	filteredUsers = append(filteredUsers, res1...)
+	for _, user := range res2 {
+		if _, found := userSet[user.GetId()]; !found {
+			filteredUsers = append(filteredUsers, user)
+		}
+	}
+	return filteredUsers, nil
+}
 func (g Graph) applyFilterLambda(ctx context.Context, req *godata.GoDataRequest, nodes []*godata.ParseNode) (users []*libregraph.User, err error) {
 	logger := g.logger.SubloggerWithRequestID(ctx)
 	if len(nodes) != 2 {
--- a/services/graph/pkg/service/v0/users_test.go
+++ b/services/graph/pkg/service/v0/users_test.go
@@ -378,9 +378,12 @@ var _ = Describe("Users", func() {
 		Entry("with memberOf lambda filter with UUID", "memberOf/any(n:n/id eq 25cb7bc0-3168-4a0c-adbe-396f478ad494)", http.StatusOK),
 		Entry("with memberOf lambda filter with UUID string", "memberOf/any(n:n/id eq '25cb7bc0-3168-4a0c-adbe-396f478ad494')", http.StatusOK),
 		Entry("with appRoleAssignments lambda filter with appRoleId", "appRoleAssignments/any(n:n/appRoleId eq 'some-appRole-ID')", http.StatusOK),
-		Entry("with two memberOf lambda filters",
+		Entry("with two memberOf lambda filters combined with and",
 			"memberOf/any(n:n/id eq 25cb7bc0-3168-4a0c-adbe-396f478ad494) and memberOf/any(n:n/id eq 2713f1d5-6822-42bd-ad56-9f6c55a3a8fa)",
 			http.StatusOK),
+		Entry("with two memberOf lambda filters combined with or",
+			"memberOf/any(n:n/id eq 25cb7bc0-3168-4a0c-adbe-396f478ad494) or memberOf/any(n:n/id eq 2713f1d5-6822-42bd-ad56-9f6c55a3a8fa)",
+			http.StatusOK),
 		Entry("with supported appRoleAssignments lambda filter property",
 			"appRoleAssignments/any(n:n/appRoleId eq 'some-appRoleAssignment-ID') and memberOf/any(n:n/id eq 2713f1d5-6822-42bd-ad56-9f6c55a3a8fa)",
 			http.StatusOK),