Check if Teams authorization is enabled

2025-09-13 08:24:22 +08:00 · 2025-05-07 11:46:47 -03:00 · 2025-05-07 11:46:47 -03:00 · b12ca61a9b
commit b12ca61a9b
parent 2324400f39
3 changed files with 21 additions and 1 deletions
--- a/lib/livebook/hubs/team_client.ex
+++ b/lib/livebook/hubs/team_client.ex
@ -158,6 +158,14 @@ defmodule Livebook.Hubs.TeamClient do
    GenServer.call(registry_name(id), {:check_app_access, groups, slug})
  end

+  @doc """
+  Returns if the Team client uses Livebook Teams authorization groups.
+  """
+  @spec authorization_groups_enabled?(String.t()) :: boolean()
+  def authorization_groups_enabled?(id) do
+    GenServer.call(registry_name(id), :authorization_groups_enabled?)
+  end
+
  @doc """
  Returns if the Team client is connected.
  """
@ -319,6 +327,13 @@ defmodule Livebook.Hubs.TeamClient do
    end
  end

+  def handle_call(:authorization_groups_enabled?, _caller, %{deployment_group_id: id} = state) do
+    case fetch_deployment_group(id, state) do
+      {:ok, deployment_group} -> {:reply, deployment_group.groups_auth, state}
+      _ -> {:reply, false, state}
+    end
+  end
+
  @impl true
  def handle_info(:connected, state) do
    Hubs.Broadcasts.hub_connected(state.hub.id)
@ -492,6 +507,7 @@ defmodule Livebook.Hubs.TeamClient do
      clustering: nullify(deployment_group.clustering),
      url: nullify(deployment_group.url),
      teams_auth: deployment_group.teams_auth,
+      groups_auth: deployment_group.groups_auth,
      authorization_groups: authorization_groups
    }
  end
@ -531,6 +547,7 @@ defmodule Livebook.Hubs.TeamClient do
        clustering: atomize(deployment_group_updated.clustering),
        url: nullify(deployment_group_updated.url),
        teams_auth: deployment_group_updated.teams_auth,
+        groups_auth: deployment_group_updated.groups_auth,
        authorization_groups: authorization_groups
    }
  end
--- a/lib/livebook/teams/deployment_group.ex
+++ b/lib/livebook/teams/deployment_group.ex
@ -13,6 +13,7 @@ defmodule Livebook.Teams.DeploymentGroup do
          clustering: :auto | :dns | nil,
          hub_id: String.t() | nil,
          teams_auth: boolean(),
+          groups_auth: boolean(),
          authorization_groups: Ecto.Schema.embeds_many(Teams.AuthorizationGroup.t()),
          secrets: Ecto.Schema.has_many(Secrets.Secret.t()),
          agent_keys: Ecto.Schema.has_many(Teams.AgentKey.t()),
@ -27,6 +28,7 @@ defmodule Livebook.Teams.DeploymentGroup do
    field :clustering, Ecto.Enum, values: [:auto, :dns]
    field :url, :string
    field :teams_auth, :boolean, default: true
+    field :groups_auth, :boolean, default: false

    has_many :secrets, Secrets.Secret
    has_many :agent_keys, Teams.AgentKey
--- a/lib/livebook/zta/livebook_teams.ex
+++ b/lib/livebook/zta/livebook_teams.ex
@ -168,7 +168,8 @@ defmodule Livebook.ZTA.LivebookTeams do
      } = payload

      restricted_apps_groups =
-        if Livebook.Hubs.TeamClient.user_full_access?(team.id, groups) do
+        if Livebook.Hubs.TeamClient.authorization_groups_enabled?(team.id) and
+             Livebook.Hubs.TeamClient.user_full_access?(team.id, groups) do
          nil
        else
          groups