From eaeb5c3964b330ae052727fc0430e9a8d01b0cc3 Mon Sep 17 00:00:00 2001
From: Alfredo Esteban <aedelatorre@gmail.com>
Date: Wed, 16 Sep 2015 16:05:44 +0200
Subject: [PATCH] Dev: Automatically granting survey creation permission to
 LDAP automatically created users

Dev: Improving code (returning null instead -1, new function setGlobalPermission)
---
 .../core/plugins/AuthLDAP/AuthLDAP.php        | 19 ++++++------
 application/models/Permission.php             | 30 +++++++++++++++++++
 2 files changed, 39 insertions(+), 10 deletions(-)

diff --git a/application/core/plugins/AuthLDAP/AuthLDAP.php b/application/core/plugins/AuthLDAP/AuthLDAP.php
index b4edb915e92..591005d813c 100644
--- a/application/core/plugins/AuthLDAP/AuthLDAP.php
+++ b/application/core/plugins/AuthLDAP/AuthLDAP.php
@@ -150,7 +150,7 @@ private function _createNewUser($new_user)
             $oEvent->set('errorCode',self::ERROR_LDAP_CONNECTION);
             $oEvent->set('errorMessageTitle','');
             $oEvent->set('errorMessageBody',$ldapconn['errorMessage']);
-            return -1;
+            return null;
         }
 
         if (empty($ldapmode) || $ldapmode=='simplebind')
@@ -158,7 +158,7 @@ private function _createNewUser($new_user)
             $oEvent->set('errorCode',self::ERROR_LDAP_MODE);
             $oEvent->set('errorMessageTitle',gT("Failed to add user"));
             $oEvent->set('errorMessageBody',gT("Simple bind LDAP configuration doesn't allow LDAP user creation"));
-            return -1;
+            return null;
         }
 
         // Search email address and full name
@@ -178,7 +178,7 @@ private function _createNewUser($new_user)
             $oEvent->set('errorMessageTitle',gT('Could not connect to LDAP server.'));
             $oEvent->set('errorMessageBody',gT(ldap_error($ldapconn)));
             ldap_close($ldapconn); // all done? close connection
-            return -1;
+            return null;
         }
         // Now prepare the search fitler
         if ( $extrauserfilter != "")
@@ -204,7 +204,7 @@ private function _createNewUser($new_user)
             $oEvent->set('errorMessageTitle',gT('Username not found in LDAP server'));
             $oEvent->set('errorMessageBody',gT('Verify username and try again'));
             ldap_close($ldapconn); // all done? close connection
-            return -1;
+            return null;
         }
 
         if (!validateEmailAddress($new_email))
@@ -212,7 +212,7 @@ private function _createNewUser($new_user)
             $oEvent->set('errorCode',self::ERROR_INVALID_EMAIL);
             $oEvent->set('errorMessageTitle',gT("Failed to add user"));
             $oEvent->set('errorMessageBody',gT("The email address is not valid."));
-            return -1;
+            return null;
         }
         $new_pass = createPassword();
         // If user is being auto created we set parent ID to 1 (admin user)
@@ -230,10 +230,10 @@ private function _createNewUser($new_user)
             $oEvent->set('errorCode',self::ERROR_ALREADY_EXISTING_USER);
             $oEvent->set('errorMessageTitle','');
             $oEvent->set('errorMessageBody',gT("Failed to add user"));
-            return -1;
+            return null;
         }
 
-        $this->setAuthPermission($iNewUID,'auth_ldap');
+        Permission::model()->setGlobalPermission($iNewUID,'auth_ldap');
 
         $oEvent->set('newUserID',$iNewUID);
         $oEvent->set('newPassword',$new_pass);
@@ -486,10 +486,9 @@ public function newUserSession()
         // Finally, if user didn't exist and auto creation is enabled, we create it
         if ($autoCreateFlag)
         {
-            $iNewUID = $this->_createNewUser($username);
-            if ($this->get('automaticsurveycreation', null, null, false) == true)
+            if (($iNewUID = $this->_createNewUser($username)) && $this->get('automaticsurveycreation', null, null, false))
             {
-                $this->setAuthPermission($iNewUID, 'surveys', array('create_p'));
+                Permission::model()->setGlobalPermission($iNewUID, 'surveys', array('create_p'));
             }
         }
         $user = $this->api->getUserByName($username);
diff --git a/application/models/Permission.php b/application/models/Permission.php
index 74c8e1fc493..29c5df9e7e3 100644
--- a/application/models/Permission.php
+++ b/application/models/Permission.php
@@ -409,6 +409,36 @@ public static function setPermissions($iUserID, $iEntityID, $sEntityName, $aPerm
         return true;
     }
 
+    /**
+     * Set global permissions to the user id
+     *
+     * @param int $iNewUID
+     * @param string $sAuthType
+     * @param array $aPermissions
+     */
+    public function setGlobalPermission($iNewUID,$sPermType,array $aPermissions=array('read_p'))
+    {
+        $aPerm = array(
+            'entity_id' => 0,
+            'entity' => 'global',
+            'uid' => $iNewUID,
+            'permission' => $sPermType,
+            'create_p' => 0,
+            'read_p' => 0,
+            'update_p' => 0,
+            'delete_p' => 0,
+            'import_p' => 0,
+            'export_p' => 0
+        );
+
+        foreach ($aPermissions as $sPermType)
+        {
+            $aPerm[$sPermType] = 1;
+        }
+
+        $this->insertSomeRecords($aPerm);
+    }
+
     function giveAllSurveyPermissions($iUserID, $iSurveyID)
     {
         $aPermissions=$this->getSurveyBasePermissions();