Skip to content
This repository was archived by the owner on Nov 25, 2020. It is now read-only.

Commit 3f3750c

Browse files
c12simplec12simple
committed
Recommit improvement of role sync.
1 parent 83bf7bd commit 3f3750c

File tree

1 file changed

+84
-13
lines changed

1 file changed

+84
-13
lines changed

core/src/plugins/auth.ldap/LdapAuthDriver.php

Lines changed: 84 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -780,36 +780,107 @@ public function updateUserObject(&$userObject)
780780
$userroles = $userObject->getRoles();
781781
//remove all mapped roles before
782782

783+
$oldRoles = array();
784+
$newRoles = array();
785+
783786
if (is_array($userroles)) {
784-
foreach ($userroles as $key => $role) {
785-
if ((RolesService::getRole($key)) && !(strpos($key, $this->mappedRolePrefix) === false)) {
786-
$userObject->removeRole($key);
787+
foreach ($userroles as $rkey => $role) {
788+
if ((AuthService::getRole($rkey)) && !(strpos($rkey, $this->mappedRolePrefix) === false)) {
789+
if (isSet($matchFilter) && !preg_match($matchFilter, $rkey)) continue;
790+
if (isSet($valueFilters) && !in_array($rkey, $valueFilters)) continue;
791+
//$userObject->removeRole($key);
792+
$oldRoles[$rkey] = $role;
787793
}
788794
}
789795
}
790-
$userObject->recomputeMergedRole();
796+
//$userObject->recomputeMergedRole();
791797

798+
// Detect changes
792799
foreach ($memberValues as $uniqValue => $fullDN) {
793800
$uniqValueWithPrefix = $rolePrefix . $uniqValue;
794801
if (isSet($matchFilter) && !preg_match($matchFilter, $uniqValueWithPrefix)) continue;
795802
if (isSet($valueFilters) && !in_array($uniqValueWithPrefix, $valueFilters)) continue;
796-
$roleToAdd = RolesService::getRole($uniqValueWithPrefix);
797-
if ($roleToAdd === false) {
798-
$roleToAdd = RolesService::getOrCreateRole($uniqValueWithPrefix, $userObject->getGroupPath());
803+
$roleToAdd = AuthService::getRole($uniqValueWithPrefix);
804+
if($roleToAdd === false){
805+
$roleToAdd = AuthService::getRole($uniqValueWithPrefix, true);
799806
$roleToAdd->setLabel($uniqValue);
800-
RolesService::updateRole($roleToAdd);
807+
AuthService::updateRole($roleToAdd);
808+
}
809+
$newRoles[$roleToAdd->getId()] = $roleToAdd;
810+
//$userObject->addRole($roleToAdd);
811+
}
812+
813+
if((count(array_diff(array_keys($oldRoles), array_keys($newRoles))) > 0) ||
814+
(count(array_diff(array_keys($newRoles), array_keys($oldRoles))) > 0) )
815+
{
816+
// remove old roles
817+
foreach ($oldRoles as $rkey => $role) {
818+
if ((AuthService::getRole($rkey)) && !(strpos($rkey, $this->mappedRolePrefix) === false)) {
819+
$userObject->removeRole($rkey);
820+
}
821+
}
822+
823+
//Add new roles;
824+
foreach($newRoles as $rkey => $role){
825+
if ((AuthService::getRole($rkey)) && !(strpos($rkey, $this->mappedRolePrefix) === false)) {
826+
$userObject->addRole($role);
827+
}
801828
}
802-
$userObject->addRole($roleToAdd);
829+
$userObject->recomputeMergedRole();
803830
$changes = true;
804831
}
805-
} else {
832+
833+
} else { // Others attributes mapping
834+
$oldRoles = array();
835+
$newRoles = array();
836+
$userroles = $userObject->getRoles();
837+
838+
// Get old roles
839+
if (is_array($userroles)) {
840+
foreach ($userroles as $rkey => $role) {
841+
if ((AuthService::getRole($rkey)) && (strpos($rkey, $this->mappedRolePrefix) === false)) {
842+
if (isSet($matchFilter) && !preg_match($matchFilter, $rkey)) continue;
843+
if (isSet($valueFilters) && !in_array($rkey, $valueFilters)) continue;
844+
//$userObject->removeRole($key);
845+
$oldRoles[$rkey] = $rkey;
846+
}
847+
}
848+
}
849+
850+
// Get new roles
806851
foreach ($entry[$key] as $uniqValue) {
807852
if (isSet($matchFilter) && !preg_match($matchFilter, $uniqValue)) continue;
808853
if (isSet($valueFilters) && !in_array($uniqValue, $valueFilters)) continue;
809-
if ((!in_array($uniqValue, array_keys($userObject->getRoles()))) && !empty($uniqValue)) {
810-
$userObject->addRole(RolesService::getOrCreateRole($uniqValue, $userObject->getGroupPath()));
811-
$changes = true;
854+
if (!empty($uniqValue)) {
855+
$roleToAdd = AuthService::getRole($uniqValue);
856+
if($roleToAdd === false){
857+
$roleToAdd = AuthService::getRole($uniqValue, true);
858+
$roleToAdd->setLabel($uniqValue);
859+
AuthService::updateRole($roleToAdd);
860+
}
861+
//$userObject->addRole(AuthService::getRole($uniqValue, true));
862+
//$changes = true;
863+
$newRoles[$uniqValue] = $roleToAdd;
864+
}
865+
}
866+
867+
// Do the sync if two sets of roles are different
868+
if ( (count(array_diff(array_keys($oldRoles), array_keys($newRoles))) > 0) ||
869+
(count(array_diff(array_keys($newRoles), array_keys($oldRoles))) > 0)){
870+
// remove old roles
871+
foreach ($oldRoles as $rkey => $role) {
872+
if ((AuthService::getRole($rkey)) && (strpos($rkey, $this->mappedRolePrefix) === false)) {
873+
$userObject->removeRole($rkey);
874+
}
812875
}
876+
//Add new roles;
877+
foreach($newRoles as $rkey => $role){
878+
if ((AuthService::getRole($rkey)) && (strpos($rkey, $this->mappedRolePrefix) === false)) {
879+
$userObject->addRole($role);
880+
}
881+
}
882+
$userObject->recomputeMergedRole();
883+
$changes = true;
813884
}
814885
}
815886
break;

0 commit comments

Comments
 (0)