On allow login for users that have at least one role

sbsdev · Oct 16, 2024 · 9715d52 · 9715d52
1 parent 655e67c
commit 9715d52
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/src/clj/mdr2/ldap.clj b/src/clj/mdr2/ldap.clj
@@ -43,6 +43,11 @@
                    set)]
     (assoc user :roles roles)))
 
+(defn- not-empty-roles
+  "Return the given `user` if it has any roles, otherwise return nil"
+  [{:keys [roles] :as user}]
+  (when (not-empty roles) user))
+
 (defn authenticate [username password & [attributes]]
   (let [conn           (ldap/get-connection ldap-pool)
         qualified-name (str "uid=" username ",cn=users,cn=accounts,dc=sbszh,dc=ch")]
@@ -54,5 +59,6 @@
                           :attributes (or attributes [])})
             first
             add-roles
-            (select-keys [:uid :mail :initials :givenName :displayName :telephoneNumber :roles])))
+            (select-keys [:uid :mail :initials :givenName :displayName :telephoneNumber :roles])
+            not-empty-roles)) ;; only return users that have a role
       (finally (ldap/release-connection ldap-pool conn)))))