From 9115d1312aecfbe0f4d6bb815a130083997fdb0a Mon Sep 17 00:00:00 2001
From: WrenIX <dev@wrenix.eu>
Date: Wed, 31 Jan 2024 22:34:36 +0100
Subject: [PATCH] fix(mycloud-nextcloud): add support for oidc groups mapping

---
 mycloud-nextcloud/templates/authentik-application.yaml | 2 +-
 mycloud-nextcloud/templates/release.yaml               | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/mycloud-nextcloud/templates/authentik-application.yaml b/mycloud-nextcloud/templates/authentik-application.yaml
index 8388abc..1606619 100644
--- a/mycloud-nextcloud/templates/authentik-application.yaml
+++ b/mycloud-nextcloud/templates/authentik-application.yaml
@@ -41,7 +41,7 @@ spec:
             - name: "OAuth Mapping: Nextcloud Profile"
               scope_name: profile
               expression: |-
-                groups = [group.name for group in user.ak_groups.all()]
+                groups = [group.name for group in user.ak_groups.all() if group.attributes.get("nextcloud_group", False)]
                 if user.is_superuser and "admin" not in groups:
                     groups.append("admin")
 
diff --git a/mycloud-nextcloud/templates/release.yaml b/mycloud-nextcloud/templates/release.yaml
index 02fe5cc..8dbdd08 100644
--- a/mycloud-nextcloud/templates/release.yaml
+++ b/mycloud-nextcloud/templates/release.yaml
@@ -87,6 +87,7 @@ spec:
             enabled: true
             config:
               allow_multiple_user_backends: "0"
+              provider-1-groupProvisioning: "1"
           ##
           # collabora
           ##
@@ -139,6 +140,7 @@ spec:
               --mapping-email=email \
               --mapping-display-name=name \
               --mapping-quota=quota \
+              --mapping-groups=groups \
               --check-bearer=true \
               --unique-uid=0;