From 38d757c65bfda10063279213cbc2870e2e6042bc Mon Sep 17 00:00:00 2001
From: Thorsten Eckel <te@znuny.com>
Date: Wed, 24 Jan 2018 15:07:35 +0100
Subject: [PATCH] Fixed issue #1771 - LDAP sync should keep local role
 assignments if no LDAP Group <-> Zammad Role map is configured.

---
 .../ldap/user/attributes/role_ids/signup.rb   |  7 ++-
 .../user/attributes/role_ids/signup_spec.rb   | 54 +++++++++++++++++++
 2 files changed, 60 insertions(+), 1 deletion(-)
 create mode 100644 spec/lib/sequencer/unit/import/ldap/user/attributes/role_ids/signup_spec.rb

diff --git a/lib/sequencer/unit/import/ldap/user/attributes/role_ids/signup.rb b/lib/sequencer/unit/import/ldap/user/attributes/role_ids/signup.rb
index 484c97a43..fc3649f26 100644
--- a/lib/sequencer/unit/import/ldap/user/attributes/role_ids/signup.rb
+++ b/lib/sequencer/unit/import/ldap/user/attributes/role_ids/signup.rb
@@ -11,12 +11,17 @@ class Sequencer
 
                 skip_any_action
 
-                uses :mapped
+                uses :mapped, :ldap_config
 
                 def process
                   # return if a mapping entry was found
                   return if mapped[:role_ids].present?
 
+                  # return if no general mapping is configured
+                  # to let Zammad be the leading source of
+                  # Role assignments
+                  return if ldap_config[:group_role_map].blank?
+
                   # LDAP is the leading source if
                   # a mapping entry is present
                   provide_mapped do
diff --git a/spec/lib/sequencer/unit/import/ldap/user/attributes/role_ids/signup_spec.rb b/spec/lib/sequencer/unit/import/ldap/user/attributes/role_ids/signup_spec.rb
new file mode 100644
index 000000000..29698336f
--- /dev/null
+++ b/spec/lib/sequencer/unit/import/ldap/user/attributes/role_ids/signup_spec.rb
@@ -0,0 +1,54 @@
+require 'rails_helper'
+
+RSpec.describe Sequencer::Unit::Import::Ldap::User::Attributes::RoleIds::Signup, sequencer: :unit do
+
+  it "doesn't provide mapped role_ids if already provided" do
+
+    ldap_config = {
+      group_role_map: {
+        'a' => 'b'
+      }
+    }
+
+    mapped = {
+      role_ids: [1, 2]
+    }
+
+    provided = process(
+      ldap_config: ldap_config,
+      mapped:      mapped,
+    )
+
+    expect(provided[:mapped][:role_ids]).to eq(mapped[:role_ids])
+  end
+
+  it "doesn't provide mapped role_ids if no LDAP Group <-> Zammad Role mapping is configured" do
+
+    ldap_config = {
+      group_role_map: {}
+    }
+
+    provided = process(
+      ldap_config: ldap_config,
+      mapped:      {},
+    )
+
+    expect(provided[:mapped]).not_to have_key(:role_ids)
+  end
+
+  it 'ensures Signup Roles if no mapped role_ids are assigned' do
+
+    ldap_config = {
+      group_role_map: {
+        'a' => 'b'
+      }
+    }
+
+    provided = process(
+      ldap_config: ldap_config,
+      mapped:      {},
+    )
+
+    expect(provided[:mapped][:role_ids]).not_to be_nil
+  end
+end