mirror of
https://github.com/snipe/snipe-it.git
synced 2024-11-09 23:24:06 -08:00
Merge pull request #11736 from Godmartinz/gh6508_ldap_default_group
Adds a permission group selection for directory sync
This commit is contained in:
snipe
GitHub
commit
227fef76ee
|
|
@ -3,6 +3,7 @@
|
||||||
namespace App\Console\Commands;
|
namespace App\Console\Commands;
|
||||||
|
|
||||||
use App\Models\Department;
|
use App\Models\Department;
|
||||||
|
use App\Models\Group;
|
||||||
use Illuminate\Console\Command;
|
use Illuminate\Console\Command;
|
||||||
use App\Models\Setting;
|
use App\Models\Setting;
|
||||||
use App\Models\Ldap;
|
use App\Models\Ldap;
|
||||||
|
|
@ -57,6 +58,7 @@ class LdapSync extends Command
|
||||||
$ldap_result_country = Setting::getSettings()->ldap_country;
|
$ldap_result_country = Setting::getSettings()->ldap_country;
|
||||||
$ldap_result_dept = Setting::getSettings()->ldap_dept;
|
$ldap_result_dept = Setting::getSettings()->ldap_dept;
|
||||||
$ldap_result_manager = Setting::getSettings()->ldap_manager;
|
$ldap_result_manager = Setting::getSettings()->ldap_manager;
|
||||||
|
$ldap_default_group = Setting::getSettings()->ldap_default_group;
|
||||||
|
|
||||||
try {
|
try {
|
||||||
$ldapconn = Ldap::connectToLdap();
|
$ldapconn = Ldap::connectToLdap();
|
||||||
|
|
@ -192,6 +194,7 @@ class LdapSync extends Command
|
||||||
$item['department'] = isset($results[$i][$ldap_result_dept][0]) ? $results[$i][$ldap_result_dept][0] : '';
|
$item['department'] = isset($results[$i][$ldap_result_dept][0]) ? $results[$i][$ldap_result_dept][0] : '';
|
||||||
$item['manager'] = isset($results[$i][$ldap_result_manager][0]) ? $results[$i][$ldap_result_manager][0] : '';
|
$item['manager'] = isset($results[$i][$ldap_result_manager][0]) ? $results[$i][$ldap_result_manager][0] : '';
|
||||||
|
|
||||||
|
|
||||||
$department = Department::firstOrCreate([
|
$department = Department::firstOrCreate([
|
||||||
'name' => $item['department'],
|
'name' => $item['department'],
|
||||||
]);
|
]);
|
||||||
|
|
@ -218,6 +221,13 @@ class LdapSync extends Command
|
||||||
$user->country = $item['country'];
|
$user->country = $item['country'];
|
||||||
$user->department_id = $department->id;
|
$user->department_id = $department->id;
|
||||||
|
|
||||||
|
if($ldap_default_group != null) {
|
||||||
|
|
||||||
|
$default = Group::select()->where('id', $ldap_default_group)->first();
|
||||||
|
$user->permissions = $default->permissions;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
if($item['manager'] != null) {
|
if($item['manager'] != null) {
|
||||||
// Check Cache first
|
// Check Cache first
|
||||||
if (isset($manager_cache[$item['manager']])) {
|
if (isset($manager_cache[$item['manager']])) {
|
||||||
|
|
@ -326,6 +336,7 @@ class LdapSync extends Command
|
||||||
if ($user->save()) {
|
if ($user->save()) {
|
||||||
$item['note'] = $item['createorupdate'];
|
$item['note'] = $item['createorupdate'];
|
||||||
$item['status'] = 'success';
|
$item['status'] = 'success';
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
foreach ($user->getErrors()->getMessages() as $key => $err) {
|
foreach ($user->getErrors()->getMessages() as $key => $err) {
|
||||||
$errors .= $err[0];
|
$errors .= $err[0];
|
||||||
|
|
|
||||||
|
|
@ -7,6 +7,7 @@ use App\Helpers\StorageHelper;
|
||||||
use App\Http\Requests\ImageUploadRequest;
|
use App\Http\Requests\ImageUploadRequest;
|
||||||
use App\Http\Requests\SettingsSamlRequest;
|
use App\Http\Requests\SettingsSamlRequest;
|
||||||
use App\Http\Requests\SetupUserRequest;
|
use App\Http\Requests\SetupUserRequest;
|
||||||
|
use App\Models\Group;
|
||||||
use App\Models\Setting;
|
use App\Models\Setting;
|
||||||
use App\Models\Asset;
|
use App\Models\Asset;
|
||||||
use App\Models\User;
|
use App\Models\User;
|
||||||
|
|
@ -911,6 +912,8 @@ class SettingsController extends Controller
|
||||||
public function getLdapSettings()
|
public function getLdapSettings()
|
||||||
{
|
{
|
||||||
$setting = Setting::getSettings();
|
$setting = Setting::getSettings();
|
||||||
|
$groups = Group::pluck('name', 'id');
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* This validator is only temporary (famous last words.) - @snipe
|
* This validator is only temporary (famous last words.) - @snipe
|
||||||
|
|
@ -929,7 +932,7 @@ class SettingsController extends Controller
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
return view('settings.ldap', compact('setting'))->withErrors($validator);
|
return view('settings.ldap', compact('setting', 'groups'))->withErrors($validator);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
@ -956,6 +959,7 @@ class SettingsController extends Controller
|
||||||
$setting->ldap_pword = Crypt::encrypt($request->input('ldap_pword'));
|
$setting->ldap_pword = Crypt::encrypt($request->input('ldap_pword'));
|
||||||
}
|
}
|
||||||
$setting->ldap_basedn = $request->input('ldap_basedn');
|
$setting->ldap_basedn = $request->input('ldap_basedn');
|
||||||
|
$setting->ldap_default_group = $request->input('ldap_default_group');
|
||||||
$setting->ldap_filter = $request->input('ldap_filter');
|
$setting->ldap_filter = $request->input('ldap_filter');
|
||||||
$setting->ldap_username_field = $request->input('ldap_username_field');
|
$setting->ldap_username_field = $request->input('ldap_username_field');
|
||||||
$setting->ldap_lname_field = $request->input('ldap_lname_field');
|
$setting->ldap_lname_field = $request->input('ldap_lname_field');
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,33 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
use Illuminate\Database\Migrations\Migration;
|
||||||
|
use Illuminate\Database\Schema\Blueprint;
|
||||||
|
use Illuminate\Support\Facades\Schema;
|
||||||
|
|
||||||
|
class AddsLdapDefaultGroupToSettingsTable extends Migration
|
||||||
|
{
|
||||||
|
/**
|
||||||
|
* Run the migrations.
|
||||||
|
*
|
||||||
|
* @return void
|
||||||
|
*/
|
||||||
|
public function up()
|
||||||
|
{
|
||||||
|
Schema::table('settings', function (Blueprint $table) {
|
||||||
|
$table->integer('ldap_default_group')
|
||||||
|
->after('ldap_basedn')->default(null);
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Reverse the migrations.
|
||||||
|
*
|
||||||
|
* @return void
|
||||||
|
*/
|
||||||
|
public function down()
|
||||||
|
{
|
||||||
|
Schema::table('settings', function (Blueprint $table) {
|
||||||
|
$table->dropColumn('ldap_default_group');
|
||||||
|
});
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
@ -75,6 +75,8 @@ return [
|
||||||
'label_logo_size' => 'Square logos look best - will be displayed in the top right of each asset label. ',
|
'label_logo_size' => 'Square logos look best - will be displayed in the top right of each asset label. ',
|
||||||
'laravel' => 'Laravel Version',
|
'laravel' => 'Laravel Version',
|
||||||
'ldap' => 'LDAP',
|
'ldap' => 'LDAP',
|
||||||
|
'ldap_default_group' => 'Default Permissions Group',
|
||||||
|
'ldap_default_group_info' => 'Select a group to assign to newly synced users. Remember that a user takes on the permissions of the group they are assigned.',
|
||||||
'ldap_help' => 'LDAP/Active Directory',
|
'ldap_help' => 'LDAP/Active Directory',
|
||||||
'ldap_client_tls_key' => 'LDAP Client TLS Key',
|
'ldap_client_tls_key' => 'LDAP Client TLS Key',
|
||||||
'ldap_client_tls_cert' => 'LDAP Client-Side TLS Certificate',
|
'ldap_client_tls_cert' => 'LDAP Client-Side TLS Certificate',
|
||||||
|
|
|
||||||
|
|
@ -91,6 +91,53 @@
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
<!-- Default LDAP Permissions Group Select -->
|
||||||
|
|
||||||
|
<div class="form-group{{ $errors->has('group') ? ' has-error' : '' }}">
|
||||||
|
<div class="col-md-3">
|
||||||
|
{{ Form::label('ldap_default_group', trans('admin/settings/general.ldap_default_group')) }}
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="col-md-9">
|
||||||
|
|
||||||
|
@if ($groups->count())
|
||||||
|
@if ((Config::get('app.lock_passwords') || (!Auth::user()->isSuperUser())))
|
||||||
|
<ul>
|
||||||
|
@foreach ($groups as $id => $group)
|
||||||
|
{!! '<li>'.e($group).'</li>' !!}
|
||||||
|
@endforeach
|
||||||
|
</ul>
|
||||||
|
|
||||||
|
|
||||||
|
<span class="help-block">{{ trans('admin/users/general.group_memberships_helpblock') }}</span>
|
||||||
|
@else
|
||||||
|
<div class="controls">
|
||||||
|
<select
|
||||||
|
name="ldap_default_group"
|
||||||
|
aria-label="ldap_default_group"
|
||||||
|
id="ldap_default_group"
|
||||||
|
class="form-control"
|
||||||
|
>
|
||||||
|
<option></option>
|
||||||
|
@foreach ($groups as $id => $group)
|
||||||
|
<option value="{{ $id }}">
|
||||||
|
{{ $group }}
|
||||||
|
</option>
|
||||||
|
@endforeach
|
||||||
|
</select>
|
||||||
|
|
||||||
|
<span class="help-block">
|
||||||
|
{{ trans('admin/settings/general.ldap_default_group_info') }}
|
||||||
|
</span>
|
||||||
|
</div>
|
||||||
|
@endif
|
||||||
|
@else
|
||||||
|
<p>No groups have been created yet. Visit <code>Admin Settings > Permission Groups</code> to add one.</p>
|
||||||
|
@endif
|
||||||
|
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
|
||||||
<!-- AD Flag -->
|
<!-- AD Flag -->
|
||||||
<div class="form-group">
|
<div class="form-group">
|
||||||
<div class="col-md-3">
|
<div class="col-md-3">
|
||||||
|
|
|
||||||
|
|
@ -503,7 +503,7 @@
|
||||||
</ul>
|
</ul>
|
||||||
@endif
|
@endif
|
||||||
|
|
||||||
<span class="help-block">{{ trans('admin/users/general.group_memberships_helpblock') }}</p>
|
<span class="help-block">{{ trans('admin/users/general.group_memberships_helpblock') }}</span>
|
||||||
@else
|
@else
|
||||||
<div class="controls">
|
<div class="controls">
|
||||||
<select
|
<select
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue