Add support for filtering users based on their group membership (#9)

* Add support for filtering users based on their group membership. * Fix async call in if statement and proper keyword detection. * Handle case where the checkMemberGroups was failing due to deleted user. * Pass UseEntry into the filter and simplify filter condition. * Revert changes in package-lock.json
2025-12-16 00:04:34 +00:00 · 2018-10-26 13:29:58 +02:00
parent 7cb2147569
commit 447b674469
2 changed files with 81 additions and 3 deletions
--- a/package-lock.json
+++ b/package-lock.json
@@ -13050,4 +13050,4 @@
      "integrity": "sha512-W9Nj+UmBJG251wkCacIkETgra4QgBo/vgoEkb4a2uoLzpQG7qF9nzwoLXWU5xj3Fg2mxGvEDh47mg24vXccYjA=="
    }
  }
-}
+}
--- a/src/services/azure-directory.service.ts
+++ b/src/services/azure-directory.service.ts
@@ -86,7 +86,7 @@ export class AzureDirectoryService extends BaseDirectoryService implements Direc
            res = await userReq.get();
        }
-        const setFilter = this.createCustomSet(this.syncConfig.userFilter);
+        const setFilter = this.createCustomUserSet(this.syncConfig.userFilter);
        while (true) {
            const users: graphType.User[] = res.value;
            if (users != null) {
@@ -95,7 +95,7 @@ export class AzureDirectoryService extends BaseDirectoryService implements Direc
                        continue;
                    }
                    const entry = this.buildUser(user);
-                    if (this.filterOutResult(setFilter, entry.email)) {
+                    if (await this.filterOutUserResult(setFilter, entry)) {
                        continue;
                    }
@@ -123,6 +123,77 @@ export class AzureDirectoryService extends BaseDirectoryService implements Direc
        return entries;
    }
    private createCustomUserSet(filter: string): [UserSetType, Set<string>] {
        if (filter == null || filter === '') {
            return null;
        }
        const mainParts = filter.split('|');
        if (mainParts.length < 1 || mainParts[0] == null || mainParts[0].trim() === '') {
            return null;
        }
        const parts = mainParts[0].split(':');
        if (parts.length !== 2) {
            return null;
        }
        const keyword = parts[0].trim().toLowerCase();
        let userSetType = UserSetType.IncludeUser;
        if (keyword === 'include') {
            userSetType = UserSetType.IncludeUser;
        } else if (keyword === 'exclude') {
            userSetType = UserSetType.ExcludeUser;
        } else if (keyword === 'includegroup') {
            userSetType = UserSetType.IncludeGroup;
        } else if (keyword === 'excludegroup') {
            userSetType = UserSetType.ExcludeGroup;
        } else {
            return null;
        }
        const set = new Set<string>();
        const pieces = parts[1].split(',');
        for (const p of pieces) {
            set.add(p.trim().toLowerCase());
        }
        return [userSetType, set];
    }
    private async filterOutUserResult(setFilter: [UserSetType, Set<string>], user: UserEntry): Promise<boolean> {
        if (setFilter != null) {
            let userSetTypeExclude = null;
            if (setFilter[0] === UserSetType.IncludeUser) {
                userSetTypeExclude = false;
            } else if (setFilter[0] === UserSetType.ExcludeUser) {
                userSetTypeExclude = true;
            }
            if (userSetTypeExclude != null) {
                return this.filterOutResult([userSetTypeExclude, setFilter[1]], user.email);
            } else {
                try {
                    let memberGroups = await this.client.api(`/users/${user.externalId}/checkMemberGroups`).post({
                        groupIds: Array.from(setFilter[1])
                    });
                    if (memberGroups.value.length > 0 && setFilter[0] == UserSetType.IncludeGroup) {
                        return false;
                    } else if (memberGroups.value.length > 0 && setFilter[0] == UserSetType.ExcludeGroup) {
                        return true;
                    } else if (memberGroups.value.length == 0 && setFilter[0] == UserSetType.IncludeGroup) {
                        return true;
                    } else if (memberGroups.value.length == 0 && setFilter[0] == UserSetType.ExcludeGroup) {
                        return false;
                    }
                } catch(ex) {
                    return false;
                }
            }
        }
        return false;
    }
    private buildUser(user: graphType.User): UserEntry {
        const entry = new UserEntry();
        entry.referenceId = user.id;
@@ -278,3 +349,10 @@ export class AzureDirectoryService extends BaseDirectoryService implements Direc
        this.accessTokenExpiration = exp;
    }
 }
 enum UserSetType {
    IncludeUser,
    ExcludeUser,
    IncludeGroup,
    ExcludeGroup
 }