fix: no need to restrict api endpoints when ldap auth is applied

api/src/controllers/group.ts

@@ -12,6 +12,7 @@ import {
 
 import Group, { GroupPayload, PUBLIC_GROUP_NAME } from '../model/Group'
 import User from '../model/User'
+import { AuthProviderType } from '../utils'
 import { UserResponse } from './user'
 
 export interface GroupResponse {
@@ -147,12 +148,22 @@ export class GroupController {
   @Delete('{groupId}')
   public async deleteGroup(@Path() groupId: number) {
     const group = await Group.findOne({ groupId })
-    if (group) return await group.remove()
-    throw {
-      code: 404,
-      status: 'Not Found',
-      message: 'Group not found.'
+    if (!group)
+      throw {
+        code: 404,
+        status: 'Not Found',
+        message: 'Group not found.'
+      }
+
+    if (group.authProvider !== AuthProviderType.Internal) {
+      throw {
+        code: 405,
+        status: 'Method Not Allowed',
+        message: 'Can not delete group created by an external auth provider.'
+      }
     }
+
+    return await group.remove()
   }
 }
 
@@ -248,6 +259,13 @@ const updateUsersListInGroup = async (
       message: `Can't add/remove user to '${PUBLIC_GROUP_NAME}' group.`
     }
 
+  if (group.authProvider !== AuthProviderType.Internal)
+    throw {
+      code: 405,
+      status: 'Method Not Allowed',
+      message: `Can't add/remove user to group created by external auth provider.`
+    }
+
   const user = await User.findOne({ id: userId })
   if (!user)
     throw {
@@ -256,6 +274,13 @@ const updateUsersListInGroup = async (
       message: 'User not found.'
     }
 
+  if (user.authProvider !== AuthProviderType.Internal)
+    throw {
+      code: 405,
+      status: 'Method Not Allowed',
+      message: `Can't add/remove user to group created by external auth provider.`
+    }
+
   const updatedGroup =
     action === 'addUser'
       ? await group.addUser(user)