Permalink
Browse files

Recommit improvement of role sync.

  • Loading branch information...
1 parent 83bf7bd commit 3f3750c4f5c1fd737917b3a1d5103ea6282ece3b @c12simple c12simple committed Sep 26, 2016
Showing with 84 additions and 13 deletions.
  1. +84 −13 core/src/plugins/auth.ldap/LdapAuthDriver.php
@@ -780,36 +780,107 @@ public function updateUserObject(&$userObject)
$userroles = $userObject->getRoles();
//remove all mapped roles before
+ $oldRoles = array();
+ $newRoles = array();
+
if (is_array($userroles)) {
- foreach ($userroles as $key => $role) {
- if ((RolesService::getRole($key)) && !(strpos($key, $this->mappedRolePrefix) === false)) {
- $userObject->removeRole($key);
+ foreach ($userroles as $rkey => $role) {
+ if ((AuthService::getRole($rkey)) && !(strpos($rkey, $this->mappedRolePrefix) === false)) {
+ if (isSet($matchFilter) && !preg_match($matchFilter, $rkey)) continue;
+ if (isSet($valueFilters) && !in_array($rkey, $valueFilters)) continue;
+ //$userObject->removeRole($key);
+ $oldRoles[$rkey] = $role;
}
}
}
- $userObject->recomputeMergedRole();
+ //$userObject->recomputeMergedRole();
+ // Detect changes
foreach ($memberValues as $uniqValue => $fullDN) {
$uniqValueWithPrefix = $rolePrefix . $uniqValue;
if (isSet($matchFilter) && !preg_match($matchFilter, $uniqValueWithPrefix)) continue;
if (isSet($valueFilters) && !in_array($uniqValueWithPrefix, $valueFilters)) continue;
- $roleToAdd = RolesService::getRole($uniqValueWithPrefix);
- if ($roleToAdd === false) {
- $roleToAdd = RolesService::getOrCreateRole($uniqValueWithPrefix, $userObject->getGroupPath());
+ $roleToAdd = AuthService::getRole($uniqValueWithPrefix);
+ if($roleToAdd === false){
+ $roleToAdd = AuthService::getRole($uniqValueWithPrefix, true);
$roleToAdd->setLabel($uniqValue);
- RolesService::updateRole($roleToAdd);
+ AuthService::updateRole($roleToAdd);
+ }
+ $newRoles[$roleToAdd->getId()] = $roleToAdd;
+ //$userObject->addRole($roleToAdd);
+ }
+
+ if((count(array_diff(array_keys($oldRoles), array_keys($newRoles))) > 0) ||
+ (count(array_diff(array_keys($newRoles), array_keys($oldRoles))) > 0) )
+ {
+ // remove old roles
+ foreach ($oldRoles as $rkey => $role) {
+ if ((AuthService::getRole($rkey)) && !(strpos($rkey, $this->mappedRolePrefix) === false)) {
+ $userObject->removeRole($rkey);
+ }
+ }
+
+ //Add new roles;
+ foreach($newRoles as $rkey => $role){
+ if ((AuthService::getRole($rkey)) && !(strpos($rkey, $this->mappedRolePrefix) === false)) {
+ $userObject->addRole($role);
+ }
}
- $userObject->addRole($roleToAdd);
+ $userObject->recomputeMergedRole();
$changes = true;
}
- } else {
+
+ } else { // Others attributes mapping
+ $oldRoles = array();
+ $newRoles = array();
+ $userroles = $userObject->getRoles();
+
+ // Get old roles
+ if (is_array($userroles)) {
+ foreach ($userroles as $rkey => $role) {
+ if ((AuthService::getRole($rkey)) && (strpos($rkey, $this->mappedRolePrefix) === false)) {
+ if (isSet($matchFilter) && !preg_match($matchFilter, $rkey)) continue;
+ if (isSet($valueFilters) && !in_array($rkey, $valueFilters)) continue;
+ //$userObject->removeRole($key);
+ $oldRoles[$rkey] = $rkey;
+ }
+ }
+ }
+
+ // Get new roles
foreach ($entry[$key] as $uniqValue) {
if (isSet($matchFilter) && !preg_match($matchFilter, $uniqValue)) continue;
if (isSet($valueFilters) && !in_array($uniqValue, $valueFilters)) continue;
- if ((!in_array($uniqValue, array_keys($userObject->getRoles()))) && !empty($uniqValue)) {
- $userObject->addRole(RolesService::getOrCreateRole($uniqValue, $userObject->getGroupPath()));
- $changes = true;
+ if (!empty($uniqValue)) {
+ $roleToAdd = AuthService::getRole($uniqValue);
+ if($roleToAdd === false){
+ $roleToAdd = AuthService::getRole($uniqValue, true);
+ $roleToAdd->setLabel($uniqValue);
+ AuthService::updateRole($roleToAdd);
+ }
+ //$userObject->addRole(AuthService::getRole($uniqValue, true));
+ //$changes = true;
+ $newRoles[$uniqValue] = $roleToAdd;
+ }
+ }
+
+ // Do the sync if two sets of roles are different
+ if ( (count(array_diff(array_keys($oldRoles), array_keys($newRoles))) > 0) ||
+ (count(array_diff(array_keys($newRoles), array_keys($oldRoles))) > 0)){
+ // remove old roles
+ foreach ($oldRoles as $rkey => $role) {
+ if ((AuthService::getRole($rkey)) && (strpos($rkey, $this->mappedRolePrefix) === false)) {
+ $userObject->removeRole($rkey);
+ }
}
+ //Add new roles;
+ foreach($newRoles as $rkey => $role){
+ if ((AuthService::getRole($rkey)) && (strpos($rkey, $this->mappedRolePrefix) === false)) {
+ $userObject->addRole($role);
+ }
+ }
+ $userObject->recomputeMergedRole();
+ $changes = true;
}
}
break;

0 comments on commit 3f3750c

Please sign in to comment.