Merge pull request #12325 from uberbrady/ldap_permissions_fix

Fixed #12288 - LDAP default group feature refactor
2024-11-10 07:34:06 -08:00 · 2023-01-09 15:52:02 -08:00 · 2023-01-09 15:52:02 -08:00 · ae04a8c872
parent e1263155b1 cbffd105a2
commit ae04a8c872
3 changed files with 17 additions and 10 deletions
--- a/app/Console/Commands/LdapSync.php
+++ b/app/Console/Commands/LdapSync.php
@ -179,6 +179,16 @@ class LdapSync extends Command

        $manager_cache = [];

+        if($ldap_default_group != null) {
+
+            $default = Group::find($ldap_default_group);
+            if (!$default) {
+                $ldap_default_group = null; // un-set the default group if that group doesn't exist
+            }
+
+        }
+
+
        for ($i = 0; $i < $results['count']; $i++) {
                $item = [];
                $item['username'] = isset($results[$i][$ldap_result_username][0]) ? $results[$i][$ldap_result_username][0] : '';
@ -221,13 +231,6 @@ class LdapSync extends Command
                $user->country = $item['country'];
                $user->department_id = $department->id;

-                if($ldap_default_group != null) {
-
-                    $default = Group::select()->where('id', $ldap_default_group)->first();
-                    $user->permissions = $default->permissions;
-
-                }
-
                if($item['manager'] != null) {
                    // Check Cache first
                    if (isset($manager_cache[$item['manager']])) {
@ -336,6 +339,9 @@ class LdapSync extends Command
                if ($user->save()) {
                    $item['note'] = $item['createorupdate'];
                    $item['status'] = 'success';
+                    if ( $item['createorupdate'] === 'created' && $ldap_default_group) {
+                         $user->groups()->attach($ldap_default_group);
+                    }

                } else {
                    foreach ($user->getErrors()->getMessages() as $key => $err) {
--- a/resources/lang/en/admin/settings/general.php
+++ b/resources/lang/en/admin/settings/general.php
@ -77,6 +77,7 @@ return [
    'ldap'                      => 'LDAP',
    'ldap_default_group'        => 'Default Permissions Group',
    'ldap_default_group_info'   => 'Select a group to assign to newly synced users. Remember that a user takes on the permissions of the group they are assigned.',
+    'no_default_group'          => 'No Default Group',
    'ldap_help'                 => 'LDAP/Active Directory',
    'ldap_client_tls_key'       => 'LDAP Client TLS Key',
    'ldap_client_tls_cert'      => 'LDAP Client-Side TLS Certificate',
--- a/resources/views/settings/ldap.blade.php
+++ b/resources/views/settings/ldap.blade.php
@ -116,11 +116,11 @@
                                                    name="ldap_default_group"
                                                    aria-label="ldap_default_group"
                                                    id="ldap_default_group"
-                                                    class="form-control"
+                                                    class="form-control select2"
                                            >
-                                                <option></option>
+                                                <option value="">{{ trans('admin/settings/general.no_default_group') }}</option>
                                                @foreach ($groups as $id => $group)
-                                                    <option value="{{ $id }}">
+                                                    <option value="{{ $id }}" {{ $setting->ldap_default_group == $id ? 'selected' : '' }}>
                                                        {{ $group }}
                                                    </option>
                                                @endforeach