Merge branch 'ent-4181-7962-LDAP-no-parsea-Advanced-Permissions-LDAP' into 'develop'
Fixed Advanced Permissions LDAP See merge request artica/pandorafms!2521
This commit is contained in:
Daniel Rodriguez
commit
35c914dc34
|
|
@ -1257,11 +1257,8 @@ function fill_permissions_ldap($sr)
|
||||||
global $config;
|
global $config;
|
||||||
$permissions = [];
|
$permissions = [];
|
||||||
$permissions_profile = [];
|
$permissions_profile = [];
|
||||||
if (defined('METACONSOLE')) {
|
|
||||||
$meta = true;
|
|
||||||
}
|
|
||||||
|
|
||||||
if ($meta && (bool) $config['ldap_save_profile'] === false && $config['ldap_advanced_config'] == 0) {
|
if ((bool) $config['ldap_save_profile'] === false && ($config['ldap_advanced_config'] == 0 || $config['ldap_advanced_config'] == '')) {
|
||||||
$result = 0;
|
$result = 0;
|
||||||
$result = db_get_all_rows_filter(
|
$result = db_get_all_rows_filter(
|
||||||
'tusuario_perfil',
|
'tusuario_perfil',
|
||||||
|
|
@ -1287,43 +1284,9 @@ function fill_permissions_ldap($sr)
|
||||||
return $permissions_profile;
|
return $permissions_profile;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((bool) $config['ldap_save_profile'] === false && $config['ldap_advanced_config'] == '') {
|
|
||||||
$result = db_get_all_rows_filter(
|
|
||||||
'tusuario_perfil',
|
|
||||||
['id_usuario' => $sr['uid'][0]]
|
|
||||||
);
|
|
||||||
if ($result == false) {
|
|
||||||
$permissions[0]['profile'] = $config['default_remote_profile'];
|
|
||||||
$permissions[0]['groups'][] = $config['default_remote_group'];
|
|
||||||
$permissions[0]['tags'] = $config['default_assign_tags'];
|
|
||||||
$permissions[0]['no_hierarchy'] = $config['default_no_hierarchy'];
|
|
||||||
return $permissions;
|
|
||||||
}
|
|
||||||
|
|
||||||
foreach ($result as $perms) {
|
|
||||||
$permissions_profile[] = [
|
|
||||||
'profile' => $perms['id_perfil'],
|
|
||||||
'groups' => [$perms['id_grupo']],
|
|
||||||
'tags' => $perms['tags'],
|
|
||||||
'no_hierarchy' => (bool) $perms['no_hierarchy'] ? 1 : 0,
|
|
||||||
];
|
|
||||||
}
|
|
||||||
|
|
||||||
return $permissions_profile;
|
|
||||||
}
|
|
||||||
|
|
||||||
if ($config['ldap_advanced_config'] == 1 && $config['ldap_save_profile'] == 1) {
|
if ($config['ldap_advanced_config'] == 1 && $config['ldap_save_profile'] == 1) {
|
||||||
$ldap_adv_perms = json_decode(io_safe_output($config['ldap_adv_perms']), true);
|
$ldap_adv_perms = json_decode(io_safe_output($config['ldap_adv_perms']), true);
|
||||||
foreach ($ldap_adv_perms as $ldap_adv_perm) {
|
return get_advanced_permissions($ldap_adv_perms, $sr);
|
||||||
$permissions[] = [
|
|
||||||
'profile' => $ldap_adv_perm['profile'],
|
|
||||||
'groups' => $ldap_adv_perm['group'],
|
|
||||||
'tags' => implode(',', $ldap_adv_perm['tags']),
|
|
||||||
'no_hierarchy' => (bool) $ldap_adv_perm['no_hierarchy'] ? 1 : 0,
|
|
||||||
];
|
|
||||||
}
|
|
||||||
|
|
||||||
return $permissions;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($config['ldap_advanced_config'] == 1 && $config['ldap_save_profile'] == 0) {
|
if ($config['ldap_advanced_config'] == 1 && $config['ldap_save_profile'] == 0) {
|
||||||
|
|
@ -1333,25 +1296,16 @@ function fill_permissions_ldap($sr)
|
||||||
);
|
);
|
||||||
if ($result == false) {
|
if ($result == false) {
|
||||||
$ldap_adv_perms = json_decode(io_safe_output($config['ldap_adv_perms']), true);
|
$ldap_adv_perms = json_decode(io_safe_output($config['ldap_adv_perms']), true);
|
||||||
foreach ($ldap_adv_perms as $ldap_adv_perm) {
|
return get_advanced_permissions($ldap_adv_perms, $sr);
|
||||||
$permissions[] = [
|
|
||||||
'profile' => $ldap_adv_perm['profile'],
|
|
||||||
'groups' => $ldap_adv_perm['group'],
|
|
||||||
'tags' => implode(',', $ldap_adv_perm['tags']),
|
|
||||||
'no_hierarchy' => (bool) $ldap_adv_perm['no_hierarchy'] ? 1 : 0,
|
|
||||||
];
|
|
||||||
}
|
|
||||||
|
|
||||||
return $permissions;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
foreach ($result as $perms) {
|
foreach ($result as $perms) {
|
||||||
$permissions_profile[] = [
|
$permissions_profile[] = [
|
||||||
'profile' => $perms['id_perfil'],
|
'profile' => $perms['id_perfil'],
|
||||||
'groups' => [$perms['id_grupo']],
|
'groups' => [$perms['id_grupo']],
|
||||||
'tags' => $perms['tags'],
|
'tags' => $perms['tags'],
|
||||||
'no_hierarchy' => (bool) $perms['no_hierarchy'] ? 1 : 0,
|
'no_hierarchy' => (bool) $perms['no_hierarchy'] ? 1 : 0,
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
return $permissions_profile;
|
return $permissions_profile;
|
||||||
|
|
@ -1365,22 +1319,43 @@ function fill_permissions_ldap($sr)
|
||||||
return $permissions;
|
return $permissions;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Decode permissions in advanced mode
|
return $permissions;
|
||||||
$ldap_adv_perms = json_decode(io_safe_output($config['ldap_adv_perms']), true);
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get permissions in advanced mode.
|
||||||
|
*
|
||||||
|
* @param array ldap_adv_perms
|
||||||
|
*
|
||||||
|
* @return array
|
||||||
|
*/
|
||||||
|
function get_advanced_permissions($ldap_adv_perms, $sr)
|
||||||
|
{
|
||||||
|
$permissions = [];
|
||||||
foreach ($ldap_adv_perms as $ldap_adv_perm) {
|
foreach ($ldap_adv_perms as $ldap_adv_perm) {
|
||||||
$attributes = $ldap_adv_perm['groups_ldap'];
|
$attributes = $ldap_adv_perm['groups_ldap'];
|
||||||
foreach ($attributes as $attr) {
|
if (!empty($attributes[0])) {
|
||||||
$attr = explode('=', $attr, 2);
|
foreach ($attributes as $attr) {
|
||||||
foreach ($sr[$attr[0]] as $s_attr) {
|
$attr = explode('=', $attr, 2);
|
||||||
if (preg_match('/'.$attr[1].'/', $s_attr)) {
|
foreach ($sr[$attr[0]] as $s_attr) {
|
||||||
$permissions[] = [
|
if (preg_match('/'.$attr[1].'/', $s_attr)) {
|
||||||
'profile' => $ldap_adv_perm['profile'],
|
$permissions[] = [
|
||||||
'groups' => $ldap_adv_perm['group'],
|
'profile' => $ldap_adv_perm['profile'],
|
||||||
'tags' => implode(',', $ldap_adv_perm['tags']),
|
'groups' => $ldap_adv_perm['group'],
|
||||||
'no_hierarchy' => (bool) $ldap_adv_perm['no_hierarchy'] ? 1 : 0,
|
'tags' => implode(',', $ldap_adv_perm['tags']),
|
||||||
];
|
'no_hierarchy' => (bool) $ldap_adv_perm['no_hierarchy'] ? 1 : 0,
|
||||||
|
];
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
$permissions[] = [
|
||||||
|
'profile' => $ldap_adv_perm['profile'],
|
||||||
|
'groups' => $ldap_adv_perm['group'],
|
||||||
|
'tags' => implode(',', $ldap_adv_perm['tags']),
|
||||||
|
'no_hierarchy' => (bool) $ldap_adv_perm['no_hierarchy'] ? 1 : 0,
|
||||||
|
];
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue