[PR #1334] [CLOSED] server: Adding User Manager group (`lldap_user_manager`) #1265

New issue

Closed

opened 2026-02-27 09:11:32 +03:00 by kerem · 0 comments

kerem commented

2026-02-27 09:11:32 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/lldap/lldap/pull/1334
Author: @asalimonov
Created: 10/22/2025
Status: ❌ Closed

Base: main ← Head: feature/lldap-user-manager-role

📝 Commits (2)

73f08e8 server: Adding User Manager group (lldap_user_manager)
5f090b1 Refactoring cookies

📊 Changes

14 files changed (+273 additions, -75 deletions)

View changed files

📝 app/src/components/app.rs (+32 -16)
📝 app/src/components/banner.rs (+30 -25)
📝 app/src/components/login.rs (+3 -3)
📝 app/src/infra/api.rs (+10 -6)
📝 crates/access-control/src/lib.rs (+26 -5)
📝 crates/auth/src/access_control.rs (+14 -2)
📝 crates/graphql-server/src/api.rs (+5 -1)
📝 crates/graphql-server/src/mutation/mod.rs (+50 -6)
📝 crates/ldap/src/handler.rs (+6 -0)
📝 crates/ldap/src/modify.rs (+81 -4)
📝 crates/ldap/src/password.rs (+7 -3)
📝 scripts/bootstrap.sh (+1 -1)
📝 server/src/auth_service.rs (+7 -3)
📝 server/src/main.rs (+1 -0)

📄 Description

Hello! Can you please consider this PR for adding a role for managing of users?

Use case: we want to grant access rights for several persons who should be responsible for onboarding of new employees. Usually they are HR managers or assistants. They shouldn't be able to modify of admins and other user managers, just manage regular accounts.

User Manager can:

create new users
delete users
modify users
change user passwords
add a users to groups

User Manager cannot:

add users to the 'lldap_admin' or 'lldap_user_manager' groups
remove users from the 'lldap_admin' or 'lldap_user_manager' groups
delete users who belongs to the 'lldap_admin' and 'lldap_user_manager' groups
change passwords of a users who belongs to the 'lldap_admin' and 'lldap_user_manager' groups

Added several tests to verify behavior.
Built and tested docker image. Added several screenshots.
Would be very thankful for review and accept!
Screenshot 2025-10-22 at 09 07 47
Screenshot 2025-10-22 at 09 08 02
Screenshot 2025-10-22 at 09 10 28

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/lldap/lldap/pull/1334 **Author:** [@asalimonov](https://github.com/asalimonov) **Created:** 10/22/2025 **Status:** ❌ Closed **Base:** `main` ← **Head:** `feature/lldap-user-manager-role` --- ### 📝 Commits (2) - [`73f08e8`](https://github.com/lldap/lldap/commit/73f08e8f0bb7198aedfe8a690d03512836f4bc05) server: Adding User Manager group (`lldap_user_manager`) - [`5f090b1`](https://github.com/lldap/lldap/commit/5f090b132be69f67519775d85708ebcd74d14d03) Refactoring cookies ### 📊 Changes **14 files changed** (+273 additions, -75 deletions) <details> <summary>View changed files</summary> 📝 `app/src/components/app.rs` (+32 -16) 📝 `app/src/components/banner.rs` (+30 -25) 📝 `app/src/components/login.rs` (+3 -3) 📝 `app/src/infra/api.rs` (+10 -6) 📝 `crates/access-control/src/lib.rs` (+26 -5) 📝 `crates/auth/src/access_control.rs` (+14 -2) 📝 `crates/graphql-server/src/api.rs` (+5 -1) 📝 `crates/graphql-server/src/mutation/mod.rs` (+50 -6) 📝 `crates/ldap/src/handler.rs` (+6 -0) 📝 `crates/ldap/src/modify.rs` (+81 -4) 📝 `crates/ldap/src/password.rs` (+7 -3) 📝 `scripts/bootstrap.sh` (+1 -1) 📝 `server/src/auth_service.rs` (+7 -3) 📝 `server/src/main.rs` (+1 -0) </details> ### 📄 Description Hello! Can you please consider this PR for adding a role for managing of users? Use case: we want to grant access rights for several persons who should be responsible for onboarding of new employees. Usually they are HR managers or assistants. They shouldn't be able to modify of admins and other user managers, just manage regular accounts. User Manager can: - create new users - delete users - modify users - change user passwords - add a users to groups User Manager cannot: - add users to the 'lldap_admin' or 'lldap_user_manager' groups - remove users from the 'lldap_admin' or 'lldap_user_manager' groups - delete users who belongs to the 'lldap_admin' and 'lldap_user_manager' groups - change passwords of a users who belongs to the 'lldap_admin' and 'lldap_user_manager' groups Added several tests to verify behavior. Built and tested docker image. Added several screenshots. Would be very thankful for review and accept! <img width="1100" height="751" alt="Screenshot 2025-10-22 at 09 07 47" src="https://github.com/user-attachments/assets/77367a29-dcb6-421e-a3d5-db31bf30a298" /> <img width="1102" height="754" alt="Screenshot 2025-10-22 at 09 08 02" src="https://github.com/user-attachments/assets/268be982-e50d-42c1-9b3f-01a3ae6d4fef" /> <img width="1086" height="750" alt="Screenshot 2025-10-22 at 09 10 28" src="https://github.com/user-attachments/assets/cb17d671-8f72-4665-b550-995721f5dae3" /> --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>