osso 0.0.3.2 → 0.0.3.7
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.buildkite/pipeline.yml +4 -1
- data/.rubocop.yml +1 -2
- data/Gemfile.lock +3 -1
- data/bin/console +4 -3
- data/config/database.yml +2 -2
- data/db/schema.rb +133 -1
- data/lib/osso.rb +2 -0
- data/lib/osso/db/migrate/20200328143305_create_identity_providers.rb +12 -0
- data/lib/osso/db/migrate/20200411184535_add_provider_id_to_users.rb +2 -2
- data/lib/osso/db/migrate/20200411192645_create_enterprise_accounts.rb +1 -1
- data/lib/osso/db/migrate/20200502135008_add_oauth_client_id_to_enterprise_accounts_and_identity_providers.rb +6 -0
- data/lib/osso/db/migrate/20200714223226_add_identity_provider_service_enum.rb +17 -0
- data/lib/osso/db/migrate/20200715154211_rename_idp_fields_on_identity_provider_to_sso.rb +6 -0
- data/lib/osso/db/migrate/20200715205801_add_name_to_enterprise_account.rb +5 -0
- data/lib/osso/graphql/mutation.rb +10 -5
- data/lib/osso/graphql/mutations.rb +5 -2
- data/lib/osso/graphql/mutations/base_mutation.rb +35 -14
- data/lib/osso/graphql/mutations/configure_identity_provider.rb +31 -21
- data/lib/osso/graphql/mutations/create_enterprise_account.rb +25 -0
- data/lib/osso/graphql/mutations/create_identity_provider.rb +22 -16
- data/lib/osso/graphql/mutations/set_identity_provider.rb +27 -0
- data/lib/osso/graphql/query.rb +19 -22
- data/lib/osso/graphql/resolvers.rb +5 -1
- data/lib/osso/graphql/resolvers/enterprise_account.rb +16 -12
- data/lib/osso/graphql/resolvers/enterprise_accounts.rb +10 -6
- data/lib/osso/graphql/resolvers/oauth_clients.rb +9 -5
- data/lib/osso/graphql/schema.rb +27 -19
- data/lib/osso/graphql/types.rb +4 -1
- data/lib/osso/graphql/types/base_enum.rb +6 -2
- data/lib/osso/graphql/types/base_input_object.rb +10 -0
- data/lib/osso/graphql/types/base_object.rb +6 -2
- data/lib/osso/graphql/types/enterprise_account.rb +22 -18
- data/lib/osso/graphql/types/identity_provider.rb +26 -25
- data/lib/osso/graphql/types/identity_provider_service.rb +8 -4
- data/lib/osso/graphql/types/oauth_client.rb +13 -9
- data/lib/osso/graphql/types/user.rb +10 -5
- data/lib/osso/helpers/auth.rb +5 -3
- data/lib/osso/lib/app_config.rb +1 -1
- data/lib/osso/lib/route_map.rb +28 -0
- data/lib/osso/models/enterprise_account.rb +4 -4
- data/lib/osso/models/identity_provider.rb +48 -0
- data/lib/osso/models/models.rb +1 -1
- data/lib/osso/models/oauth_client.rb +2 -2
- data/lib/osso/models/saml_provider.rb +13 -16
- data/lib/osso/models/saml_providers/azure_saml_provider.rb +2 -2
- data/lib/osso/models/saml_providers/okta_saml_provider.rb +1 -1
- data/lib/osso/models/user.rb +3 -3
- data/lib/osso/routes/admin.rb +18 -15
- data/lib/osso/routes/auth.rb +30 -27
- data/lib/osso/routes/oauth.rb +50 -45
- data/lib/osso/version.rb +1 -1
- data/osso-rb.gemspec +3 -3
- data/spec/factories/enterprise_account.rb +5 -4
- data/spec/factories/identity_providers.rb +49 -0
- data/spec/factories/user.rb +1 -1
- data/spec/graphql/mutations/configure_identity_provider_spec.rb +75 -0
- data/spec/graphql/mutations/create_enterprise_account_spec.rb +68 -0
- data/spec/graphql/mutations/create_identity_provider_spec.rb +104 -0
- data/spec/graphql/query/enterprise_account_spec.rb +68 -0
- data/spec/graphql/query/enterprise_accounts_spec.rb +44 -0
- data/spec/graphql/query/identity_provider_spec.rb +65 -0
- data/spec/graphql/query/oauth_clients_account_spec.rb +48 -0
- data/spec/models/azure_saml_provider_spec.rb +14 -14
- data/spec/models/identity_provider_spec.rb +17 -0
- data/spec/models/okta_saml_provider_spec.rb +15 -15
- data/spec/routes/admin_spec.rb +2 -0
- data/spec/routes/auth_spec.rb +9 -9
- data/spec/routes/oauth_spec.rb +1 -1
- data/spec/spec_helper.rb +4 -5
- data/spec/support/spec_app.rb +9 -0
- data/spec/support/views/admin.erb +5 -0
- metadata +37 -12
- data/lib/osso/db/migrate/20200411144528_create_saml_providers.rb +0 -13
- data/lib/osso/db/migrate/20200413153029_add_oauth_client_reference_to_saml_providers.rb +0 -5
- data/lib/osso/db/migrate/20200501203026_drop_null_constraints_from_saml_provider.rb +0 -7
- data/lib/osso/db/migrate/20200501204047_drop_acs_url.rb +0 -5
- data/lib/osso/db/migrate/20200502135008_add_oauth_client_id_to_enterprise_account.rb +0 -5
- data/lib/osso/db/migrate/20200601131227_drop_null_constraint_from_saml_providers_provider.rb +0 -7
- data/lib/osso/db/schema.rb +0 -132
- data/lib/osso/graphql/mutations/set_saml_provider.rb +0 -23
- data/spec/factories/saml_providers.rb +0 -46
- data/spec/models/saml_provider_spec.rb +0 -31
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 5e43fcdb190c819ff0da0cb9ac9358152f42804f7fa116771d9dd458bf141c30
|
4
|
+
data.tar.gz: 65f6005798ec50a1ad4dd297c695aa08c80fb2ba8cc059eaa38cfb5f15a13dcc
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 617a3e1e5a5b476c4758476f7708e12a752d8d448a46866e37352ee319dcd5c08f2d0726d81c4ec1054e5129073840d6d76aad24ef938a1ccaf475bd72cc6d7b
|
7
|
+
data.tar.gz: 77f11455be71add868a54d61683be3dc9a09231a92fdbf1abbb05c685732c6469eaeb9acbbd765ff0ff894960224bdcb736525687b234c002a46a1e4d0b2dba6
|
data/.buildkite/pipeline.yml
CHANGED
data/.rubocop.yml
CHANGED
data/Gemfile.lock
CHANGED
@@ -1,8 +1,9 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
osso (0.0.3.
|
4
|
+
osso (0.0.3.7)
|
5
5
|
activesupport (>= 6.0.3.2)
|
6
|
+
graphql
|
6
7
|
jwt
|
7
8
|
omniauth-multi-provider
|
8
9
|
omniauth-saml
|
@@ -48,6 +49,7 @@ GEM
|
|
48
49
|
activesupport (>= 5.0.0)
|
49
50
|
faker (2.13.0)
|
50
51
|
i18n (>= 1.6, < 2)
|
52
|
+
graphql (1.11.1)
|
51
53
|
hashdiff (1.0.1)
|
52
54
|
hashie (4.1.0)
|
53
55
|
httpclient (2.8.3)
|
data/bin/console
CHANGED
data/config/database.yml
CHANGED
@@ -2,13 +2,13 @@ development:
|
|
2
2
|
adapter: postgresql
|
3
3
|
encoding: unicode
|
4
4
|
pool: 5
|
5
|
-
database:
|
5
|
+
database: ossorb-development
|
6
6
|
host: ''
|
7
7
|
port: 5432
|
8
8
|
test:
|
9
9
|
adapter: postgresql
|
10
10
|
encoding: unicode
|
11
11
|
pool: 5
|
12
|
-
database:
|
12
|
+
database: ossorb-test
|
13
13
|
host: ''
|
14
14
|
port: 5432
|
data/db/schema.rb
CHANGED
@@ -1 +1,133 @@
|
|
1
|
-
#
|
1
|
+
# This file is auto-generated from the current state of the database. Instead
|
2
|
+
# of editing this file, please use the migrations feature of Active Record to
|
3
|
+
# incrementally modify your database, and then regenerate this schema definition.
|
4
|
+
#
|
5
|
+
# This file is the source Rails uses to define your schema when running `rails
|
6
|
+
# db:schema:load`. When creating a new database, `rails db:schema:load` tends to
|
7
|
+
# be faster and is potentially less error prone than running all of your
|
8
|
+
# migrations from scratch. Old migrations may fail to apply correctly if those
|
9
|
+
# migrations use external dependencies or application code.
|
10
|
+
#
|
11
|
+
# It's strongly recommended that you check this file into your version control system.
|
12
|
+
|
13
|
+
ActiveRecord::Schema.define(version: 2020_07_15_205801) do
|
14
|
+
|
15
|
+
# These are extensions that must be enabled in order to support this database
|
16
|
+
enable_extension "pgcrypto"
|
17
|
+
enable_extension "plpgsql"
|
18
|
+
|
19
|
+
create_table "access_tokens", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
|
20
|
+
t.string "token"
|
21
|
+
t.datetime "expires_at"
|
22
|
+
t.datetime "created_at", precision: 6, null: false
|
23
|
+
t.datetime "updated_at", precision: 6, null: false
|
24
|
+
t.uuid "user_id"
|
25
|
+
t.uuid "oauth_client_id"
|
26
|
+
t.index ["oauth_client_id"], name: "index_access_tokens_on_oauth_client_id"
|
27
|
+
t.index ["user_id"], name: "index_access_tokens_on_user_id"
|
28
|
+
end
|
29
|
+
|
30
|
+
create_table "authorization_codes", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
|
31
|
+
t.string "token"
|
32
|
+
t.string "redirect_uri"
|
33
|
+
t.datetime "expires_at"
|
34
|
+
t.datetime "created_at", precision: 6, null: false
|
35
|
+
t.datetime "updated_at", precision: 6, null: false
|
36
|
+
t.uuid "user_id"
|
37
|
+
t.uuid "oauth_client_id"
|
38
|
+
t.index ["oauth_client_id"], name: "index_authorization_codes_on_oauth_client_id"
|
39
|
+
t.index ["token"], name: "index_authorization_codes_on_token", unique: true
|
40
|
+
t.index ["user_id"], name: "index_authorization_codes_on_user_id"
|
41
|
+
end
|
42
|
+
|
43
|
+
create_table "enterprise_accounts", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
|
44
|
+
t.string "domain", null: false
|
45
|
+
t.uuid "external_uuid"
|
46
|
+
t.integer "external_int_id"
|
47
|
+
t.string "external_id"
|
48
|
+
t.uuid "oauth_client_id"
|
49
|
+
t.string "name", null: false
|
50
|
+
t.index ["domain"], name: "index_enterprise_accounts_on_domain", unique: true
|
51
|
+
t.index ["oauth_client_id"], name: "index_enterprise_accounts_on_oauth_client_id"
|
52
|
+
end
|
53
|
+
|
54
|
+
create_table "identity_providers", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
|
55
|
+
t.string "service"
|
56
|
+
t.string "domain", null: false
|
57
|
+
t.string "sso_url"
|
58
|
+
t.text "sso_cert"
|
59
|
+
t.uuid "enterprise_account_id"
|
60
|
+
t.uuid "oauth_client_id"
|
61
|
+
t.index ["domain"], name: "index_identity_providers_on_domain"
|
62
|
+
t.index ["enterprise_account_id"], name: "index_identity_providers_on_enterprise_account_id"
|
63
|
+
t.index ["oauth_client_id"], name: "index_identity_providers_on_oauth_client_id"
|
64
|
+
end
|
65
|
+
|
66
|
+
create_table "oauth_access_grants", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
|
67
|
+
t.uuid "resource_owner_id", null: false
|
68
|
+
t.uuid "application_id", null: false
|
69
|
+
t.string "token", null: false
|
70
|
+
t.integer "expires_in", null: false
|
71
|
+
t.text "redirect_uri", null: false
|
72
|
+
t.datetime "created_at", null: false
|
73
|
+
t.datetime "revoked_at"
|
74
|
+
t.string "scopes", default: "", null: false
|
75
|
+
t.index ["application_id"], name: "index_oauth_access_grants_on_application_id"
|
76
|
+
t.index ["token"], name: "index_oauth_access_grants_on_token", unique: true
|
77
|
+
end
|
78
|
+
|
79
|
+
create_table "oauth_access_tokens", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
|
80
|
+
t.uuid "resource_owner_id"
|
81
|
+
t.uuid "application_id"
|
82
|
+
t.string "token", null: false
|
83
|
+
t.string "refresh_token"
|
84
|
+
t.integer "expires_in"
|
85
|
+
t.datetime "revoked_at"
|
86
|
+
t.datetime "created_at", null: false
|
87
|
+
t.string "scopes"
|
88
|
+
t.string "previous_refresh_token", default: "", null: false
|
89
|
+
t.index ["application_id"], name: "index_oauth_access_tokens_on_application_id"
|
90
|
+
t.index ["refresh_token"], name: "index_oauth_access_tokens_on_refresh_token", unique: true
|
91
|
+
t.index ["token"], name: "index_oauth_access_tokens_on_token", unique: true
|
92
|
+
end
|
93
|
+
|
94
|
+
create_table "oauth_applications", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
|
95
|
+
t.string "name", null: false
|
96
|
+
t.string "secret", null: false
|
97
|
+
t.text "redirect_uri", null: false
|
98
|
+
t.string "scopes", default: "", null: false
|
99
|
+
t.boolean "confidential", default: true, null: false
|
100
|
+
t.datetime "created_at", precision: 6, null: false
|
101
|
+
t.datetime "updated_at", precision: 6, null: false
|
102
|
+
end
|
103
|
+
|
104
|
+
create_table "oauth_clients", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
|
105
|
+
t.string "name", null: false
|
106
|
+
t.string "secret", null: false
|
107
|
+
t.string "identifier", null: false
|
108
|
+
t.index ["identifier"], name: "index_oauth_clients_on_identifier", unique: true
|
109
|
+
end
|
110
|
+
|
111
|
+
create_table "redirect_uris", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
|
112
|
+
t.string "uri", null: false
|
113
|
+
t.boolean "primary", default: false, null: false
|
114
|
+
t.uuid "oauth_client_id"
|
115
|
+
t.index ["oauth_client_id"], name: "index_redirect_uris_on_oauth_client_id"
|
116
|
+
t.index ["uri", "primary"], name: "index_redirect_uris_on_uri_and_primary", unique: true
|
117
|
+
end
|
118
|
+
|
119
|
+
create_table "users", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
|
120
|
+
t.string "email", null: false
|
121
|
+
t.string "idp_id", null: false
|
122
|
+
t.uuid "identity_provider_id"
|
123
|
+
t.uuid "enterprise_account_id"
|
124
|
+
t.index ["email", "idp_id"], name: "index_users_on_email_and_idp_id", unique: true
|
125
|
+
t.index ["enterprise_account_id"], name: "index_users_on_enterprise_account_id"
|
126
|
+
end
|
127
|
+
|
128
|
+
add_foreign_key "oauth_access_grants", "oauth_applications", column: "application_id"
|
129
|
+
add_foreign_key "oauth_access_grants", "users", column: "resource_owner_id"
|
130
|
+
add_foreign_key "oauth_access_tokens", "oauth_applications", column: "application_id"
|
131
|
+
add_foreign_key "oauth_access_tokens", "users", column: "resource_owner_id"
|
132
|
+
add_foreign_key "users", "identity_providers"
|
133
|
+
end
|
data/lib/osso.rb
CHANGED
@@ -4,6 +4,8 @@ module Osso
|
|
4
4
|
require_relative 'osso/helpers/helpers'
|
5
5
|
require_relative 'osso/lib/app_config'
|
6
6
|
require_relative 'osso/lib/oauth2_token'
|
7
|
+
require_relative 'osso/lib/route_map'
|
7
8
|
require_relative 'osso/models/models'
|
8
9
|
require_relative 'osso/routes/routes'
|
10
|
+
require_relative 'osso/graphql/schema'
|
9
11
|
end
|
@@ -0,0 +1,12 @@
|
|
1
|
+
class CreateIdentityProviders < ActiveRecord::Migration[6.0]
|
2
|
+
def change
|
3
|
+
create_table :identity_providers, id: :uuid do |t|
|
4
|
+
t.string :service
|
5
|
+
t.string :domain, null: false
|
6
|
+
t.string :idp_sso_target_url
|
7
|
+
t.text :idp_cert
|
8
|
+
end
|
9
|
+
|
10
|
+
add_index :identity_providers, :domain
|
11
|
+
end
|
12
|
+
end
|
@@ -1,7 +1,7 @@
|
|
1
1
|
class AddProviderIdToUsers < ActiveRecord::Migration[6.0]
|
2
2
|
def change
|
3
|
-
add_column :users, :
|
3
|
+
add_column :users, :identity_provider_id, :uuid
|
4
4
|
|
5
|
-
add_foreign_key :users, :
|
5
|
+
add_foreign_key :users, :identity_providers
|
6
6
|
end
|
7
7
|
end
|
@@ -9,7 +9,7 @@ class CreateEnterpriseAccounts < ActiveRecord::Migration[6.0]
|
|
9
9
|
|
10
10
|
add_index :enterprise_accounts, :domain, unique: true
|
11
11
|
|
12
|
-
add_reference :
|
12
|
+
add_reference :identity_providers, :enterprise_account, type: :uuid, index: true
|
13
13
|
add_reference :users, :enterprise_account, type: :uuid, index: true
|
14
14
|
end
|
15
15
|
end
|
@@ -0,0 +1,6 @@
|
|
1
|
+
class AddOauthClientIdToEnterpriseAccountsAndIdentityProviders < ActiveRecord::Migration[6.0]
|
2
|
+
def change
|
3
|
+
add_reference :enterprise_accounts, :oauth_client, type: :uuid, index: true
|
4
|
+
add_reference :identity_providers, :oauth_client, type: :uuid, index: true
|
5
|
+
end
|
6
|
+
end
|
@@ -0,0 +1,17 @@
|
|
1
|
+
class AddIdentityProviderServiceEnum < ActiveRecord::Migration[6.0]
|
2
|
+
def change
|
3
|
+
def up
|
4
|
+
execute <<-SQL
|
5
|
+
CREATE TYPE identity_provider_service AS ENUM ('OKTA', 'AZURE');
|
6
|
+
SQL
|
7
|
+
chnage_column :identity_providers, :service, :identity_provider_service
|
8
|
+
end
|
9
|
+
|
10
|
+
def down
|
11
|
+
chnage_column :identity_providers, :service, :text
|
12
|
+
execute <<-SQL
|
13
|
+
DROP TYPE identity_provider_service;
|
14
|
+
SQL
|
15
|
+
end
|
16
|
+
end
|
17
|
+
end
|
@@ -2,10 +2,15 @@
|
|
2
2
|
|
3
3
|
require_relative 'mutations'
|
4
4
|
|
5
|
-
module
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
5
|
+
module Osso
|
6
|
+
module GraphQL
|
7
|
+
module Types
|
8
|
+
class MutationType < BaseObject
|
9
|
+
field :configure_identity_provider, mutation: Mutations::ConfigureIdentityProvider, null: true
|
10
|
+
field :create_identity_provider, mutation: Mutations::CreateIdentityProvider
|
11
|
+
field :create_enterprise_account, mutation: Mutations::CreateEnterpriseAccount
|
12
|
+
field :set_identity_provider, mutation: Mutations::SetSamlProvider
|
13
|
+
end
|
14
|
+
end
|
10
15
|
end
|
11
16
|
end
|
@@ -1,9 +1,12 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
module
|
3
|
+
module Osso
|
4
|
+
module Mutations
|
5
|
+
end
|
4
6
|
end
|
5
7
|
|
6
8
|
require_relative 'mutations/base_mutation'
|
7
9
|
require_relative 'mutations/configure_identity_provider'
|
8
10
|
require_relative 'mutations/create_identity_provider'
|
9
|
-
require_relative 'mutations/
|
11
|
+
require_relative 'mutations/create_enterprise_account'
|
12
|
+
require_relative 'mutations/set_identity_provider'
|
@@ -1,20 +1,41 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
module
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
3
|
+
module Osso
|
4
|
+
module GraphQL
|
5
|
+
module Mutations
|
6
|
+
class BaseMutation < ::GraphQL::Schema::RelayClassicMutation
|
7
|
+
object_class Types::BaseObject
|
8
|
+
input_object_class Types::BaseInputObject
|
9
|
+
|
10
|
+
def response_data(data)
|
11
|
+
data.merge(errors: [])
|
12
|
+
end
|
13
|
+
|
14
|
+
def response_error(error)
|
15
|
+
error.merge(data: nil)
|
16
|
+
end
|
17
|
+
|
18
|
+
def ready?(enterprise_account_id: nil, domain: nil, identity_provider_id: nil, **args)
|
19
|
+
return true if context[:scope] == :admin
|
20
|
+
|
21
|
+
domain ||= account_domain(enterprise_account_id) || provider_domain(identity_provider_id)
|
22
|
+
return true if domain == context[:scope]
|
23
|
+
|
24
|
+
raise ::GraphQL::ExecutionError, "This user lacks the scope to mutate records belonging to #{args[:domain]}"
|
25
|
+
end
|
26
|
+
|
27
|
+
def account_domain(id)
|
28
|
+
return false unless id
|
29
|
+
|
30
|
+
Osso::Models::EnterpriseAccount.find(id)&.domain
|
31
|
+
end
|
32
|
+
|
33
|
+
def provider_domain(id)
|
34
|
+
return false unless id
|
15
35
|
|
16
|
-
|
17
|
-
|
36
|
+
Osso::Models::IdentityProvider.find(id)&.domain
|
37
|
+
end
|
38
|
+
end
|
18
39
|
end
|
19
40
|
end
|
20
41
|
end
|
@@ -1,26 +1,36 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
module
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
3
|
+
module Osso
|
4
|
+
module GraphQL
|
5
|
+
module Mutations
|
6
|
+
class ConfigureIdentityProvider < BaseMutation
|
7
|
+
null false
|
8
|
+
argument :id, ID, required: true
|
9
|
+
argument :service, Types::IdentityProviderService, required: false
|
10
|
+
argument :sso_url, String, required: false
|
11
|
+
argument :sso_cert, String, required: false
|
12
|
+
|
13
|
+
field :identity_provider, Types::IdentityProvider, null: false
|
14
|
+
field :errors, [String], null: false
|
15
|
+
|
16
|
+
def resolve(id:, **args)
|
17
|
+
provider = Osso::Models::IdentityProvider.find(id)
|
18
|
+
|
19
|
+
return response_data(identity_provider: provider) if provider.update(args)
|
20
|
+
|
21
|
+
response_error(errors: provder.errors.messages)
|
22
|
+
end
|
23
|
+
|
24
|
+
def ready?(id:, **args)
|
25
|
+
return true if context[:scope] == :admin
|
26
|
+
|
27
|
+
domain = Osso::Models::IdentityProvider.find(id)&.domain
|
28
|
+
|
29
|
+
return true if domain == context[:scope]
|
30
|
+
|
31
|
+
raise ::GraphQL::ExecutionError, "This user lacks the scope to mutate records belonging to #{domain}"
|
32
|
+
end
|
33
|
+
end
|
24
34
|
end
|
25
35
|
end
|
26
36
|
end
|