Skip to content

Comments

Add allowedGroups check#277

Draft
tomrf1 wants to merge 8 commits intomainfrom
tf-allowed-groups
Draft

Add allowedGroups check#277
tomrf1 wants to merge 8 commits intomainfrom
tf-allowed-groups

Conversation

@tomrf1
Copy link
Member

@tomrf1 tomrf1 commented Dec 20, 2024
edited
Loading

The requiredGroups parameter is used to ensure a user is in all groups in the set.

It would also be useful to be able to check if a user is in at least one of the groups in a set.

This PR refactors the group checking logic in processOauth2Callback, to optionally support both:

  • requiredGroups, with the existing behaviour
  • allowedGroups, of which a user must be in a least one group

davidfurey
davidfurey reviewed Jan 10, 2025
View reviewed changes
play-v29/src/main/scala/com/gu/googleauth/actions.scala
* Also ensures the user is in the correct Google Groups, as defined by the given GroupCheckConfig
*/
def processOauth2Callback(requiredGoogleGroups: Set[String], groupChecker: GoogleGroupChecker)
def processOauth2Callback(groupCheckConfig: GroupCheckConfig, groupChecker: GoogleGroupChecker)
Copy link
Member

@davidfurey davidfurey Jan 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Instead of changing the signature of this method, I would be inclined to add a new method with this new signature, and keep the old method but marked as deprecated. Should hopefully make upgrades easier for other teams.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@davidfurey davidfurey davidfurey left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tomrf1 @davidfurey