Skip to content

feat(settings): implement admin delegation for SSO & SAML authentication#1053

Open
printminion-co wants to merge 2 commits intonextcloud:masterfrom
IONOS-Productivity:mk/dev/admin-delegation-user_saml
Open

feat(settings): implement admin delegation for SSO & SAML authentication#1053
printminion-co wants to merge 2 commits intonextcloud:masterfrom
IONOS-Productivity:mk/dev/admin-delegation-user_saml

Conversation

@printminion-co
Copy link
Copy Markdown

@printminion-co printminion-co commented Mar 24, 2026
edited
Loading

Summary

  • Implement IDelegatedSettings in the Admin settings class, adding
    getName() and getAuthorizedAppConfig() with the global config keys
    required for delegated access (type, general-require_provisioned_account,
    general-allow_multiple_user_back_ends, directLoginName)
  • Add #[AuthorizedAdminSetting(Admin::class)] to all SettingsController
    read and write methods so delegated admins can fully load and save settings

Why

IDelegatedSettings allows Nextcloud admins to grant non-admin users access
to the SSO & SAML settings panel without giving them full admin rights.

Test plan

  • Unit tests pass: composer run test:unit
  • Code style: composer run cs:fix (no changes expected)
  • Manually verify a delegated admin can open and save SSO & SAML settings

@printminion-co printminion-co mentioned this pull request Mar 24, 2026
Merged
6 tasks
@printminion-co printminion-co force-pushed the mk/dev/admin-delegation-user_saml branch from 423eba0 to 53bf5f7 Compare March 24, 2026 16:06
@printminion-co printminion-co mentioned this pull request Mar 24, 2026
Merged
@printminion-co printminion-co force-pushed the mk/dev/admin-delegation-user_saml branch 4 times, most recently from fc21b71 to 7385ea1 Compare March 27, 2026 12:36
@printminion-co
feat(settings): implement IDelegatedSettings
952db80 
Signed-off-by: Misha M.-Kupriyanov <kupriyanov@strato.de>
@printminion-co
feat(settings): add AuthorizedAdminSetting to SettingsController
58e2510 
- populate getAuthorizedAppConfig() with global oc_appconfig keys:
  type, general-require_provisioned_account,
  general-allow_multiple_user_back_ends, directLoginName
- add #[AuthorizedAdminSetting(Admin::class)] to all SettingsController
  methods (reads + writes) so delegated admins can load and save settings

Signed-off-by: Misha M.-Kupriyanov <kupriyanov@strato.de>
@printminion-co printminion-co force-pushed the mk/dev/admin-delegation-user_saml branch from 7385ea1 to 58e2510 Compare March 27, 2026 12:37
@printminion-co printminion-co changed the title feat(settings): implement IDelegatedSettings for SSO & SAML authentication feat(settings): implement admin delegation for SSO & SAML authentication Mar 27, 2026
@printminion-co printminion-co marked this pull request as ready for review March 30, 2026 09:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@blizzz blizzz Awaiting requested review from blizzz blizzz is a code owner

@CarlSchwan CarlSchwan Awaiting requested review from CarlSchwan CarlSchwan is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@printminion-co