[FEAT] Add DISABLE_SSO_IDP_AUTHORIZATION flag for SSO user mgmt

backend/account_v2/dto.py

@@ -62,6 +62,7 @@ class UserSessionInfo:
     role: str
     provider: str
     is_staff: bool = False
+    disable_sso_idp_authorization: bool = False
 
     @staticmethod
     def from_dict(data: dict[str, Any]) -> "UserSessionInfo":
@@ -73,6 +74,9 @@ def from_dict(data: dict[str, Any]) -> "UserSessionInfo":
             role=data["role"],
             provider=data["provider"],
             is_staff=data.get("is_staff", False),
+            disable_sso_idp_authorization=data.get(
+                "disable_sso_idp_authorization", False
+            ),
         )
 
     def to_dict(self) -> Any:
@@ -83,6 +87,7 @@ def to_dict(self) -> Any:
             "organization_id": self.organization_id,
             "role": self.role,
             "is_staff": self.is_staff,
+            "disable_sso_idp_authorization": self.disable_sso_idp_authorization,
         }
 
 

backend/account_v2/serializer.py

@@ -127,3 +127,4 @@ class UserSessionResponseSerializer(serializers.Serializer):
     role = serializers.CharField()
     provider = serializers.CharField()
     is_staff = serializers.BooleanField()
+    disable_sso_idp_authorization = serializers.BooleanField()

backend/account_v2/views.py

@@ -1,6 +1,7 @@
 import logging
 from typing import Any
 
+from django.conf import settings
 from rest_framework import status
 from rest_framework.decorators import api_view
 from rest_framework.request import Request
@@ -151,6 +152,7 @@ def make_session_response(
             role=UserSessionUtils.get_organization_member_role(request),
             provider=provider,
             is_staff=request.user.is_staff,
+            disable_sso_idp_authorization=settings.DISABLE_SSO_IDP_AUTHORIZATION,
         )
     ).data
 

backend/backend/settings/base.py

@@ -434,6 +434,10 @@ def filter(self, record):
 TENANT_SUBFOLDER_PREFIX = f"{PATH_PREFIX}/unstract"
 SHOW_PUBLIC_IF_NO_TENANT_FOUND = True
 
+DISABLE_SSO_IDP_AUTHORIZATION = (
+    os.environ.get("DISABLE_SSO_IDP_AUTHORIZATION", "False").strip().lower() == "true"
+)
+
 TEMPLATES = [
     {
         "BACKEND": "django.template.backends.django.DjangoTemplates",

frontend/src/components/settings/users/Users.jsx

@@ -96,46 +96,51 @@ function Users() {
     }
   };
 
-  const actionItems = [
-    {
-      key: "1",
-      label: (
-        <Space
-          direction="horizontal"
-          className="action-items"
-          onClick={() =>
-            navigate(`/${sessionDetails?.orgName}/users/edit`, {
-              state: selectedUserEmail,
-            })
-          }
-        >
-          <div>
-            <EditOutlined />
-          </div>
-          <div>
-            <Typography.Text>Edit</Typography.Text>
-          </div>
-        </Space>
-      ),
-    },
-    {
-      key: "2",
-      label: (
-        <Space
-          direction="horizontal"
-          className="action-items"
-          onClick={showModal}
-        >
-          <div>
-            <DeleteOutlined />
-          </div>
-          <div>
-            <Typography.Text>Delete</Typography.Text>
-          </div>
-        </Space>
-      ),
-    },
-  ];
+  const isSsoLocalAuthz =
+    !!sessionDetails?.provider && !!sessionDetails?.disableSsoIdpAuthorization;
+
+  const editItem = {
+    key: "1",
+    label: (
+      <Space
+        direction="horizontal"
+        className="action-items"
+        onClick={() =>
+          navigate(`/${sessionDetails?.orgName}/users/edit`, {
+            state: selectedUserEmail,
+          })
+        }
+      >
+        <div>
+          <EditOutlined />
+        </div>
+        <div>
+          <Typography.Text>Edit</Typography.Text>
+        </div>
+      </Space>
+    ),
+  };
+
+  const deleteItem = {
+    key: "2",
+    label: (
+      <Space
+        direction="horizontal"
+        className="action-items"
+        onClick={showModal}
+      >
+        <div>
+          <DeleteOutlined />
+        </div>
+        <div>
+          <Typography.Text>Delete</Typography.Text>
+        </div>
+      </Space>
+    ),
+  };
+
+  const actionItems = isSsoLocalAuthz ? [editItem] : [editItem, deleteItem];
+
   const baseColumns = [
     {
       title: "Email",
@@ -165,9 +170,10 @@ function Users() {
     ),
   };
 
-  const columns = !sessionDetails?.provider
-    ? [...baseColumns, actionColumn]
-    : baseColumns;
+  const columns =
+    !sessionDetails?.provider || isSsoLocalAuthz
+      ? [...baseColumns, actionColumn]
+      : baseColumns;
 
   const handleInviteUsers = () => {
     navigate(`/${sessionDetails?.orgName}/users/invite`);

frontend/src/helpers/GetSessionData.js

@@ -28,6 +28,7 @@ function getSessionData(sessionData) {
     role: sessionData?.role,
     provider: sessionData?.provider,
     isStaff: sessionData?.is_staff,
+    disableSsoIdpAuthorization: sessionData?.disable_sso_idp_authorization,
   };
 }
 

frontend/src/hooks/useSessionValid.js

@@ -167,6 +167,8 @@ function useSessionValid() {
       }
       userAndOrgDetails["role"] = userSessionData.role;
       userAndOrgDetails["provider"] = userSessionData.provider;
+      userAndOrgDetails["disable_sso_idp_authorization"] =
+        userSessionData.disable_sso_idp_authorization;
     } catch (err) {
       // TODO: Throw popup error message
       // REVIEW: Add condition to check for trial period status