Permission Overview

Adds an overview of the permissions of a user including its groups. To do so, a new cache is introduced that stores the groups of a user, when the user is authenticated. In doing so, SCM-Manager can also list groups assigned by external authentication plugins such as LDAP. On the other hand, the user has to have been logged in at least once to get external groups, and even then the cached groups may be out of date when the overview is created. Internal groups will always be added correctly, nonetheless.

Due to the cache, another problem arised: On some logins, the xml dao for the cache failed to be read, because it was read and written at the same time. To fix this, a more thorough synchronization of the stores has been implemented.

Committed-by: Konstantin Schaper <konstantin.schaper@cloudogu.com>
Co-authored-by: René Pfeuffer <rene.pfeuffer@cloudogu.com>

scm-ui/ui-api/src/users.ts

@@ -24,7 +24,7 @@
 
 import { ApiResult, useRequiredIndexLink } from "./base";
 import { useMutation, useQuery, useQueryClient } from "react-query";
-import { Link, Me, User, UserCollection, UserCreation } from "@scm-manager/ui-types";
+import { Link, Me, PermissionOverview, User, UserCollection, UserCreation } from "@scm-manager/ui-types";
 import { apiClient } from "./apiclient";
 import { createQueryString } from "./utils";
 import { concat } from "./urls";
@@ -65,6 +65,13 @@ export const useUser = (name: string): ApiResult<User> => {
   );
 };
 
+export const useUserPermissionOverview = (user: User): ApiResult<PermissionOverview> => {
+  const overviewLink = user._links.permissionOverview as Link;
+  return useQuery<PermissionOverview, Error>(["user", user.name, "permissionOverview"], () =>
+    apiClient.get(overviewLink.href).then((response) => response.json())
+  );
+};
+
 const createUser = (link: string) => {
   return (user: UserCreation) => {
     return apiClient