Update ExternalUser on membership changeas (#541)

- **Propage a ReplaceEvent for users when a membership change happens**
- **Change ExternalUser SCIM to represent current groups from
relationships**

---------

Co-authored-by: Greg Blake <[email protected]>

Author: xjunior

audiences/app/models/audiences/external_user.rb

@@ -64,7 +64,52 @@ def picture_urls=(urls)
     end
 
     def as_json(...)
-      data&.slice(*Audiences.exposed_user_attributes)
+      as_scim.slice(*Audiences.exposed_user_attributes)
     end
+
+    def as_scim(...)
+      (data || {}).merge(groups_as_scim)
+    end
+
+    def groups_as_scim
+      names = groups.reduce({}) { |nam, group| nam.merge(group.resource_type => group.display_name) }
+
+      {
+        "groups" => groups.map { |g| { "value" => g.scim_id, "display" => g.display_name } },
+        "title" => names["Titles"],
+        "urn:ietf:params:scim:schemas:extension:authservice:2.0:User" => {
+          "role" => names["Roles"], "department" => names["Departments"],
+          "territory" => names["Territories"], "territoryAbbr" => TERRITORY_ABBRS[names["Territories"]]
+        },
+      }
+    end
+
+    TERRITORY_ABBRS = {
+      "Philadelphia" => "PHL",
+      "New Jersey" => "NJ",
+      "Maryland" => "MD",
+      "Connecticut" => "CT",
+      "Long Island" => "LI",
+      "Boston" => "BOS",
+      "Atlanta" => "ATL",
+      "Chicago" => "CHI",
+      "Detroit" => "DET",
+      "Houston" => "HOU",
+      "Dallas" => "DAL",
+      "Denver" => "DEN",
+      "Tampa" => "TPA",
+      "Austin" => "AUS",
+      "Charlotte" => "CLT",
+      "Nashville" => "NSH",
+      "Phoenix" => "PHX",
+      "Pittsburgh" => "PIT",
+      "San Antonio" => "SAO",
+      "Fort Lauderdale" => "FLL",
+      "Las Vegas" => "LVS",
+      "Orlando" => "ORL",
+      "Cincinnati" => "CIN",
+      "Columbus" => "CLB",
+      "Jacksonville" => "JAX",
+    }.freeze
   end
 end

audiences/lib/audiences/scim/patch_groups_observer.rb

@@ -13,6 +13,8 @@ def process
         patch_op.process(group, attributes_mapping)
 
         group.save!
+
+        propagate_changes_to_users!
       rescue => e
         Audiences.logger.error e
         raise
@@ -34,6 +36,16 @@ def group
         @group ||= Group.find_by!(resource_type: event_payload.resource,
                                   scim_id: event_payload.id)
       end
+
+      def propagate_changes_to_users!
+        patch_op.operations.each do |operation|
+          next unless operation.path == "members"
+
+          ExternalUser.where(user_id: operation.value.pluck("value")).find_each do |user|
+            TwoPercent::ReplaceEvent.create(resource: "Users", id: user.scim_id, params: user.as_scim)
+          end
+        end
+      end
     end
   end
 end

audiences/spec/models/audiences/external_user_spec.rb

@@ -158,4 +158,51 @@
       expect(users).to match_array [user1]
     end
   end
+
+  describe "#as_json" do
+    it "returns only exposed attributes" do
+      user = create_user(
+        scim_id: "scim-id",
+        user_id: "user-id",
+        display_name: "Display Name",
+        active: true,
+        data: { "displayName" => "value", "hiddenAttribute" => "Does Not Matter" }
+      )
+
+      expect(user.as_json).to eq("displayName" => "value")
+    end
+  end
+
+  describe "#as_scim" do
+    it "includes the updated groups from the relational data" do
+      user = create_user(
+        scim_id: "scim-id",
+        user_id: "user-id",
+        display_name: "Display Name",
+        active: true,
+        data: { "displayName" => "Display Name", "groups" => [] }
+      )
+      title = create_group(resource_type: "Titles", display_name: "Engineer", external_users: [user])
+      role = create_group(resource_type: "Roles", display_name: "Admin", external_users: [user])
+      department = create_group(resource_type: "Departments", display_name: "Engineering", external_users: [user])
+      territory = create_group(resource_type: "Territories", display_name: "Long Island", external_users: [user])
+
+      expect(user.as_scim).to eq(
+        "displayName" => "Display Name",
+        "groups" => [
+          { "value" => title.scim_id, "display" => "Engineer" },
+          { "value" => role.scim_id, "display" => "Admin" },
+          { "value" => department.scim_id, "display" => "Engineering" },
+          { "value" => territory.scim_id, "display" => "Long Island" },
+        ],
+        "title" => "Engineer",
+        "urn:ietf:params:scim:schemas:extension:authservice:2.0:User" => {
+          "role" => "Admin",
+          "department" => "Engineering",
+          "territory" => "Long Island",
+          "territoryAbbr" => "LI",
+        }
+      )
+    end
+  end
 end

audiences/spec/observers/audiences/scim/patch_groups_observer_spec.rb

@@ -160,4 +160,31 @@
 
     expect(new_member.reload.groups).to match_array []
   end
+
+  it "publishes a replace event for the users involved" do
+    member = Audiences::ExternalUser.create(scim_id: "123", user_id: 1)
+    new_member1 = Audiences::ExternalUser.create(scim_id: "321", user_id: 2)
+    new_member2 = Audiences::ExternalUser.create(scim_id: "333", user_id: 3)
+    group = create_group(external_users: [member])
+
+    allow(TwoPercent::ReplaceEvent).to receive(:create)
+
+    TwoPercent::UpdateEvent.create(resource: "Groups",
+                                   id: group.scim_id,
+                                   params: {
+                                     "Operations" => [
+                                       {
+                                         "op" => "add",
+                                         "path" => "members",
+                                         "value" => [{ "value" => new_member1.user_id },
+                                                     { "value" => new_member2.user_id }],
+                                       },
+                                     ],
+                                   })
+
+    expect(TwoPercent::ReplaceEvent).to have_received(:create).with(resource: "Users", id: new_member1.scim_id,
+                                                                    params: anything)
+    expect(TwoPercent::ReplaceEvent).to have_received(:create).with(resource: "Users", id: new_member2.scim_id,
+                                                                    params: anything)
+  end
 end