Skip to content
This repository has been archived by the owner on Nov 25, 2020. It is now read-only.

Commit

Permalink
Recommit improvement of role sync.
Browse files Browse the repository at this point in the history
  • Loading branch information
@c12simple
c12simple committed Sep 26, 2016
1 parent 83bf7bd commit 3f3750c
Showing 1 changed file with 84 additions and 13 deletions.
97 changes: 84 additions & 13 deletions core/src/plugins/auth.ldap/LdapAuthDriver.php
View file
Expand Up @@ -780,36 +780,107 @@ public function updateUserObject(&$userObject)
$userroles = $userObject->getRoles();
//remove all mapped roles before

$oldRoles = array();
$newRoles = array();

if (is_array($userroles)) {
foreach ($userroles as $key => $role) {
if ((RolesService::getRole($key)) && !(strpos($key, $this->mappedRolePrefix) === false)) {
$userObject->removeRole($key);
foreach ($userroles as $rkey => $role) {
if ((AuthService::getRole($rkey)) && !(strpos($rkey, $this->mappedRolePrefix) === false)) {
if (isSet($matchFilter) && !preg_match($matchFilter, $rkey)) continue;
if (isSet($valueFilters) && !in_array($rkey, $valueFilters)) continue;
//$userObject->removeRole($key);
$oldRoles[$rkey] = $role;
}
}
}
$userObject->recomputeMergedRole();
//$userObject->recomputeMergedRole();

// Detect changes
foreach ($memberValues as $uniqValue => $fullDN) {
$uniqValueWithPrefix = $rolePrefix . $uniqValue;
if (isSet($matchFilter) && !preg_match($matchFilter, $uniqValueWithPrefix)) continue;
if (isSet($valueFilters) && !in_array($uniqValueWithPrefix, $valueFilters)) continue;
$roleToAdd = RolesService::getRole($uniqValueWithPrefix);
if ($roleToAdd === false) {
$roleToAdd = RolesService::getOrCreateRole($uniqValueWithPrefix, $userObject->getGroupPath());
$roleToAdd = AuthService::getRole($uniqValueWithPrefix);
if($roleToAdd === false){
$roleToAdd = AuthService::getRole($uniqValueWithPrefix, true);
$roleToAdd->setLabel($uniqValue);
RolesService::updateRole($roleToAdd);
AuthService::updateRole($roleToAdd);
}
$newRoles[$roleToAdd->getId()] = $roleToAdd;
//$userObject->addRole($roleToAdd);
}

if((count(array_diff(array_keys($oldRoles), array_keys($newRoles))) > 0) ||
(count(array_diff(array_keys($newRoles), array_keys($oldRoles))) > 0) )
{
// remove old roles
foreach ($oldRoles as $rkey => $role) {
if ((AuthService::getRole($rkey)) && !(strpos($rkey, $this->mappedRolePrefix) === false)) {
$userObject->removeRole($rkey);
}
}

//Add new roles;
foreach($newRoles as $rkey => $role){
if ((AuthService::getRole($rkey)) && !(strpos($rkey, $this->mappedRolePrefix) === false)) {
$userObject->addRole($role);
}
}
$userObject->addRole($roleToAdd);
$userObject->recomputeMergedRole();
$changes = true;
}
} else {

} else { // Others attributes mapping
$oldRoles = array();
$newRoles = array();
$userroles = $userObject->getRoles();

// Get old roles
if (is_array($userroles)) {
foreach ($userroles as $rkey => $role) {
if ((AuthService::getRole($rkey)) && (strpos($rkey, $this->mappedRolePrefix) === false)) {
if (isSet($matchFilter) && !preg_match($matchFilter, $rkey)) continue;
if (isSet($valueFilters) && !in_array($rkey, $valueFilters)) continue;
//$userObject->removeRole($key);
$oldRoles[$rkey] = $rkey;
}
}
}

// Get new roles
foreach ($entry[$key] as $uniqValue) {
if (isSet($matchFilter) && !preg_match($matchFilter, $uniqValue)) continue;
if (isSet($valueFilters) && !in_array($uniqValue, $valueFilters)) continue;
if ((!in_array($uniqValue, array_keys($userObject->getRoles()))) && !empty($uniqValue)) {
$userObject->addRole(RolesService::getOrCreateRole($uniqValue, $userObject->getGroupPath()));
$changes = true;
if (!empty($uniqValue)) {
$roleToAdd = AuthService::getRole($uniqValue);
if($roleToAdd === false){
$roleToAdd = AuthService::getRole($uniqValue, true);
$roleToAdd->setLabel($uniqValue);
AuthService::updateRole($roleToAdd);
}
//$userObject->addRole(AuthService::getRole($uniqValue, true));
//$changes = true;
$newRoles[$uniqValue] = $roleToAdd;
}
}

// Do the sync if two sets of roles are different
if ( (count(array_diff(array_keys($oldRoles), array_keys($newRoles))) > 0) ||
(count(array_diff(array_keys($newRoles), array_keys($oldRoles))) > 0)){
// remove old roles
foreach ($oldRoles as $rkey => $role) {
if ((AuthService::getRole($rkey)) && (strpos($rkey, $this->mappedRolePrefix) === false)) {
$userObject->removeRole($rkey);
}
}
//Add new roles;
foreach($newRoles as $rkey => $role){
if ((AuthService::getRole($rkey)) && (strpos($rkey, $this->mappedRolePrefix) === false)) {
$userObject->addRole($role);
}
}
$userObject->recomputeMergedRole();
$changes = true;
}
}
break;
Expand Down

0 comments on commit 3f3750c

Please sign in to comment.