Merge pull request #12325 from uberbrady/ldap_permissions_fix

Fixed #12288 - LDAP default group feature refactor
This commit is contained in:
snipe 2023-01-09 15:52:02 -08:00 committed by GitHub
commit ae04a8c872
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 17 additions and 10 deletions

View file

@ -179,6 +179,16 @@ class LdapSync extends Command
$manager_cache = []; $manager_cache = [];
if($ldap_default_group != null) {
$default = Group::find($ldap_default_group);
if (!$default) {
$ldap_default_group = null; // un-set the default group if that group doesn't exist
}
}
for ($i = 0; $i < $results['count']; $i++) { for ($i = 0; $i < $results['count']; $i++) {
$item = []; $item = [];
$item['username'] = isset($results[$i][$ldap_result_username][0]) ? $results[$i][$ldap_result_username][0] : ''; $item['username'] = isset($results[$i][$ldap_result_username][0]) ? $results[$i][$ldap_result_username][0] : '';
@ -221,13 +231,6 @@ class LdapSync extends Command
$user->country = $item['country']; $user->country = $item['country'];
$user->department_id = $department->id; $user->department_id = $department->id;
if($ldap_default_group != null) {
$default = Group::select()->where('id', $ldap_default_group)->first();
$user->permissions = $default->permissions;
}
if($item['manager'] != null) { if($item['manager'] != null) {
// Check Cache first // Check Cache first
if (isset($manager_cache[$item['manager']])) { if (isset($manager_cache[$item['manager']])) {
@ -336,6 +339,9 @@ class LdapSync extends Command
if ($user->save()) { if ($user->save()) {
$item['note'] = $item['createorupdate']; $item['note'] = $item['createorupdate'];
$item['status'] = 'success'; $item['status'] = 'success';
if ( $item['createorupdate'] === 'created' && $ldap_default_group) {
$user->groups()->attach($ldap_default_group);
}
} else { } else {
foreach ($user->getErrors()->getMessages() as $key => $err) { foreach ($user->getErrors()->getMessages() as $key => $err) {

View file

@ -77,6 +77,7 @@ return [
'ldap' => 'LDAP', 'ldap' => 'LDAP',
'ldap_default_group' => 'Default Permissions Group', 'ldap_default_group' => 'Default Permissions Group',
'ldap_default_group_info' => 'Select a group to assign to newly synced users. Remember that a user takes on the permissions of the group they are assigned.', 'ldap_default_group_info' => 'Select a group to assign to newly synced users. Remember that a user takes on the permissions of the group they are assigned.',
'no_default_group' => 'No Default Group',
'ldap_help' => 'LDAP/Active Directory', 'ldap_help' => 'LDAP/Active Directory',
'ldap_client_tls_key' => 'LDAP Client TLS Key', 'ldap_client_tls_key' => 'LDAP Client TLS Key',
'ldap_client_tls_cert' => 'LDAP Client-Side TLS Certificate', 'ldap_client_tls_cert' => 'LDAP Client-Side TLS Certificate',

View file

@ -116,11 +116,11 @@
name="ldap_default_group" name="ldap_default_group"
aria-label="ldap_default_group" aria-label="ldap_default_group"
id="ldap_default_group" id="ldap_default_group"
class="form-control" class="form-control select2"
> >
<option></option> <option value="">{{ trans('admin/settings/general.no_default_group') }}</option>
@foreach ($groups as $id => $group) @foreach ($groups as $id => $group)
<option value="{{ $id }}"> <option value="{{ $id }}" {{ $setting->ldap_default_group == $id ? 'selected' : '' }}>
{{ $group }} {{ $group }}
</option> </option>
@endforeach @endforeach