search

imulab / go-scim

Building blocks for servers implementing Simple Cloud Identity Management v2
MIT License
145 stars 56 forks source link

Failed to delete non-last member of group #96

Open turing-lihaitao opened 1 year ago

turing-lihaitao commented 1 year ago

When I create a new group and add 3 members, the content I store in the database is as follows:

{
    "schemas": ["urn:ietf:params:scim:schemas:core:2.0:Group"],
    "id": "a608ff25-b6f8-4bd6-a78a-771f8e039088",
    "externalId": "aaaaaa",
    "meta": {
        "resourceType": "Group",
        "created": "2023-04-20T15:33:35",
        "lastModified": "2023-04-20T16:10:58",
        "location": "/Groups/a608ff25-b6f8-4bd6-a78a-771f8e039088",
        "version": "W/\"02915506ddc93d91d2929c82b582749328925188\""
    },
    "displayName": "Group1DisplayName2",
    "members": [{
        "value": "1f01127a-076e-400c-b4d9-a30bb63e8c30"
    }, {
        "value": "fdab798c-8cea-4ab1-8c48-68b1969a1b16"
    }, {
        "value": "3d1d7217-e900-4ec9-a9ea-bb58c8beade6"
    }]
}

Next, when I try to delete the first and second members of the group, an error occurs as follows:

{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:Error"
    ],
    "status": 400,
    "scimType": "noTarget",
    "detail": "noTarget: no target at index '2' from 'members'"
}

Body like this: 

{
    "schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"],
    "Operations": [{
        "op": "remove",
        "path": "members[value eq \"fdab798c-8cea-4ab1-8c48-68b1969a1b16\"]"
    }]
}

But removing the last member can be successful

I need how to fix this, because deleting members won't delete only the last one, Thank you so much!

dineshudayakumar commented 2 months ago

It may be too late for you and you might already figured it out. In case if you are still looking for an answer...

I faced the same issue and looking into the code I saw that internally when remove operation happens it loops through the members using the index and deletes the matched members. And the group schema has @Autocompact annotation in members field, so when a child in members[] (multi value) is removed, it autocompacts the internal array. So whenever a member is removed, the autocompacts makes sure the array size is also reduced. So looping through the index will fails with index not found error

To avoid this, look for @Autocompact annotation in the groups schema for member attribute and remove it. But you need to understand that there could be nil members and you need to check for that. (Or you can invoke the Compact() method in the members property manually as required