chore: Run ABAC LDAP sync on license/setting changes (#37562)

Author: KevLehman

apps/meteor/ee/server/configuration/abac.ts

@@ -1,13 +1,29 @@
 import { License } from '@rocket.chat/license';
+import { Users } from '@rocket.chat/models';
+
+import { settings } from '../../../app/settings/server';
+import { LDAPEE } from '../sdk';
 
 Meteor.startup(async () => {
-	await License.onLicense('abac', async () => {
-		const { addSettings } = await import('../settings/abac');
-		const { createPermissions } = await import('../lib/abac');
+	let stopWatcher: () => void;
+	License.onToggledFeature('abac', {
+		up: async () => {
+			const { addSettings } = await import('../settings/abac');
+			const { createPermissions } = await import('../lib/abac');
+
+			await addSettings();
+			await createPermissions();
 
-		await addSettings();
-		await createPermissions();
+			await import('../hooks/abac');
 
-		await import('../hooks/abac');
+			stopWatcher = settings.watch('ABAC_Enabled', async (value) => {
+				if (value) {
+					await LDAPEE.syncUsersAbacAttributes(Users.findLDAPUsers());
+				}
+			});
+		},
+		down: () => {
+			stopWatcher?.();
+		},
 	});
 });

apps/meteor/ee/server/lib/ldap/Manager.ts

@@ -138,6 +138,7 @@ export class LDAPEEManager extends LDAPManager {
 			await ldap.connect();
 
 			try {
+				logger.debug({ msg: 'Starting ABAC attributes sync for LDAP users' });
 				for await (const user of users) {
 					await this.syncUserAbacAttribute(ldap, user);
 				}

apps/meteor/ee/server/settings/abac.ts

@@ -1,7 +1,7 @@
 import { settingsRegistry } from '../../../app/settings/server';
 
-export function addSettings(): void {
-	void settingsRegistry.addGroup('General', async function () {
+export function addSettings(): Promise<void> {
+	return settingsRegistry.addGroup('General', async function () {
 		await this.with(
 			{
 				enterprise: true,