feat: add role mappings for SAML configuration (#1210)

packages/backend/src/graphql/mutation-resolvers.ts

@@ -26,6 +26,7 @@ import updateRole from './mutations/update-role.ee';
 import updateStep from './mutations/update-step';
 import updateUser from './mutations/update-user.ee';
 import upsertSamlAuthProvider from './mutations/upsert-saml-auth-provider.ee';
+import upsertSamlAuthProvidersRoleMappings from './mutations/upsert-saml-auth-providers-role-mappings.ee';
 import verifyConnection from './mutations/verify-connection';
 
 const mutationResolvers = {
@@ -57,6 +58,7 @@ const mutationResolvers = {
   updateStep,
   updateUser,
   upsertSamlAuthProvider,
+  upsertSamlAuthProvidersRoleMappings,
   verifyConnection,
 };
 

packages/backend/src/graphql/mutations/upsert-saml-auth-provider.ee.ts

@@ -33,17 +33,15 @@ const upsertSamlAuthProvider = async (
     .limit(1)
     .first();
 
-  let samlAuthProvider: SamlAuthProvider;
-
   if (!existingSamlAuthProvider) {
-    samlAuthProvider = await SamlAuthProvider.query().insert(
+    const samlAuthProvider = await SamlAuthProvider.query().insert(
       samlAuthProviderPayload
     );
 
     return samlAuthProvider;
   }
 
-  samlAuthProvider = await SamlAuthProvider.query().patchAndFetchById(
+  const samlAuthProvider = await SamlAuthProvider.query().patchAndFetchById(
     existingSamlAuthProvider.id,
     samlAuthProviderPayload
   );

packages/backend/src/graphql/mutations/upsert-saml-auth-providers-role-mappings.ee.ts

@@ -0,0 +1,54 @@
+import SamlAuthProvider from '../../models/saml-auth-provider.ee';
+import SamlAuthProvidersRoleMapping from '../../models/saml-auth-providers-role-mapping.ee';
+import Context from '../../types/express/context';
+
+type Params = {
+  input: {
+    samlAuthProviderId: string;
+    samlAuthProvidersRoleMappings: [
+      {
+        roleId: string;
+        remoteRoleName: string;
+      }
+    ];
+  };
+};
+
+const upsertSamlAuthProvidersRoleMappings = async (
+  _parent: unknown,
+  params: Params,
+  context: Context
+) => {
+  context.currentUser.can('update', 'SamlAuthProvider');
+
+  const samlAuthProviderId = params.input.samlAuthProviderId;
+
+  const samlAuthProvider = await SamlAuthProvider.query()
+    .findById(samlAuthProviderId)
+    .throwIfNotFound();
+
+  await samlAuthProvider
+    .$relatedQuery('samlAuthProvidersRoleMappings')
+    .delete();
+
+  if (!params.input.samlAuthProvidersRoleMappings) {
+    return [];
+  }
+
+  const samlAuthProvidersRoleMappingsData =
+    params.input.samlAuthProvidersRoleMappings.map(
+      (samlAuthProvidersRoleMapping) => ({
+        ...samlAuthProvidersRoleMapping,
+        samlAuthProviderId: samlAuthProvider.id,
+      })
+    );
+
+  const samlAuthProvidersRoleMappings =
+    await SamlAuthProvidersRoleMapping.query().insert(
+      samlAuthProvidersRoleMappingsData
+    );
+
+  return samlAuthProvidersRoleMappings;
+};
+
+export default upsertSamlAuthProvidersRoleMappings;

packages/backend/src/graphql/schema.graphql

@@ -81,6 +81,9 @@ type Mutation {
   updateStep(input: UpdateStepInput): Step
   updateUser(input: UpdateUserInput): User
   upsertSamlAuthProvider(input: UpsertSamlAuthProviderInput): SamlAuthProvider
+  upsertSamlAuthProvidersRoleMappings(
+    input: UpsertSamlAuthProvidersRoleMappingsInput
+  ): [SamlAuthProvidersRoleMapping]
   verifyConnection(input: VerifyConnectionInput): Connection
 }
 
@@ -307,6 +310,13 @@ type SamlAuthProvider {
   active: Boolean
 }
 
+type SamlAuthProvidersRoleMapping {
+  id: String
+  samlAuthProviderId: String
+  roleId: String
+  remoteRoleName: String
+}
+
 type UserConnection {
   edges: [UserEdge]
   pageInfo: PageInfo
@@ -352,6 +362,16 @@ input UpsertSamlAuthProviderInput {
   active: Boolean!
 }
 
+input UpsertSamlAuthProvidersRoleMappingsInput {
+  samlAuthProviderId: String!
+  samlAuthProvidersRoleMappings: [SamlAuthProviderRoleMappingInput]
+}
+
+input SamlAuthProviderRoleMappingInput {
+  roleId: String!
+  remoteRoleName: String!
+}
+
 input DeleteConnectionInput {
   id: String!
 }