33058b5f3f
This PR adds the foundation for account-level SAML SSO configuration in Chatwoot Enterprise. It introduces a new `AccountSamlSettings` model and management API that allows accounts to configure their own SAML identity providers independently, this also includes the certificate generation flow The implementation includes a new controller (`Api::V1::Accounts::SamlSettingsController`) that provides CRUD operations for SAML configuration The feature is properly gated behind the 'saml' feature flag and includes administrator-only authorization via Pundit policies.
49 lines
1.1 KiB
Ruby
49 lines
1.1 KiB
Ruby
class Api::V1::Accounts::SamlSettingsController < Api::V1::Accounts::BaseController
|
|
before_action :check_saml_feature_enabled
|
|
before_action :check_authorization
|
|
before_action :set_saml_settings
|
|
|
|
def show; end
|
|
|
|
def create
|
|
@saml_settings = Current.account.build_saml_settings(saml_settings_params)
|
|
@saml_settings.save!
|
|
end
|
|
|
|
def update
|
|
@saml_settings.update!(saml_settings_params)
|
|
end
|
|
|
|
def destroy
|
|
@saml_settings.destroy!
|
|
head :no_content
|
|
end
|
|
|
|
private
|
|
|
|
def set_saml_settings
|
|
@saml_settings = Current.account.saml_settings ||
|
|
Current.account.build_saml_settings
|
|
end
|
|
|
|
def saml_settings_params
|
|
params.require(:saml_settings).permit(
|
|
:sso_url,
|
|
:certificate,
|
|
:idp_entity_id,
|
|
:sp_entity_id,
|
|
role_mappings: {}
|
|
)
|
|
end
|
|
|
|
def check_authorization
|
|
authorize(AccountSamlSettings)
|
|
end
|
|
|
|
def check_saml_feature_enabled
|
|
return if Current.account.feature_enabled?('saml')
|
|
|
|
render json: { error: I18n.t('errors.saml.feature_not_enabled') }, status: :forbidden
|
|
end
|
|
end
|