Merge branch 'ent-4181-7962-LDAP-no-parsea-Advanced-Permissions-LDAP' into 'develop'

Fixed Advanced Permissions LDAP See merge request artica/pandorafms!2521
2019-06-25 18:21:42 +02:00 · 2019-06-25 18:21:42 +02:00 · 35c914dc34
parent 6af895b9c1 e828fd6690
commit 35c914dc34
1 changed files with 42 additions and 67 deletions
--- a/pandora_console/include/auth/mysql.php
+++ b/pandora_console/include/auth/mysql.php
@ -1257,11 +1257,8 @@ function fill_permissions_ldap($sr)
    global $config;
    $permissions = [];
    $permissions_profile = [];
-    if (defined('METACONSOLE')) {
-        $meta = true;
-    }

-    if ($meta && (bool) $config['ldap_save_profile'] === false && $config['ldap_advanced_config'] == 0) {
+    if ((bool) $config['ldap_save_profile'] === false && ($config['ldap_advanced_config'] == 0 || $config['ldap_advanced_config'] == '')) {
        $result = 0;
        $result = db_get_all_rows_filter(
            'tusuario_perfil',
@ -1287,43 +1284,9 @@ function fill_permissions_ldap($sr)
        return $permissions_profile;
    }

-    if ((bool) $config['ldap_save_profile'] === false && $config['ldap_advanced_config'] == '') {
-        $result = db_get_all_rows_filter(
-            'tusuario_perfil',
-            ['id_usuario' => $sr['uid'][0]]
-        );
-        if ($result == false) {
-            $permissions[0]['profile'] = $config['default_remote_profile'];
-            $permissions[0]['groups'][] = $config['default_remote_group'];
-            $permissions[0]['tags'] = $config['default_assign_tags'];
-            $permissions[0]['no_hierarchy'] = $config['default_no_hierarchy'];
-            return $permissions;
-        }
-
-        foreach ($result as $perms) {
-               $permissions_profile[] = [
-                   'profile'      => $perms['id_perfil'],
-                   'groups'       => [$perms['id_grupo']],
-                   'tags'         => $perms['tags'],
-                   'no_hierarchy' => (bool) $perms['no_hierarchy'] ? 1 : 0,
-               ];
-        }
-
-        return $permissions_profile;
-    }
-
    if ($config['ldap_advanced_config'] == 1 && $config['ldap_save_profile'] == 1) {
        $ldap_adv_perms = json_decode(io_safe_output($config['ldap_adv_perms']), true);
-        foreach ($ldap_adv_perms as $ldap_adv_perm) {
-            $permissions[] = [
-                'profile'      => $ldap_adv_perm['profile'],
-                'groups'       => $ldap_adv_perm['group'],
-                'tags'         => implode(',', $ldap_adv_perm['tags']),
-                'no_hierarchy' => (bool) $ldap_adv_perm['no_hierarchy'] ? 1 : 0,
-            ];
-        }
-
-        return $permissions;
+        return get_advanced_permissions($ldap_adv_perms, $sr);
    }

    if ($config['ldap_advanced_config'] == 1 && $config['ldap_save_profile'] == 0) {
@ -1333,16 +1296,7 @@ function fill_permissions_ldap($sr)
        );
        if ($result == false) {
            $ldap_adv_perms = json_decode(io_safe_output($config['ldap_adv_perms']), true);
-            foreach ($ldap_adv_perms as $ldap_adv_perm) {
-                $permissions[] = [
-                    'profile'      => $ldap_adv_perm['profile'],
-                    'groups'       => $ldap_adv_perm['group'],
-                    'tags'         => implode(',', $ldap_adv_perm['tags']),
-                    'no_hierarchy' => (bool) $ldap_adv_perm['no_hierarchy'] ? 1 : 0,
-                ];
-            }
-
-            return $permissions;
+            return get_advanced_permissions($ldap_adv_perms, $sr);
        }

        foreach ($result as $perms) {
@ -1365,10 +1319,23 @@ function fill_permissions_ldap($sr)
        return $permissions;
    }

-    // Decode permissions in advanced mode
-    $ldap_adv_perms = json_decode(io_safe_output($config['ldap_adv_perms']), true);
+    return $permissions;
+}
+
+
+/**
+ * Get permissions in advanced mode.
+ *
+ * @param array ldap_adv_perms
+ *
+ * @return array
+ */
+function get_advanced_permissions($ldap_adv_perms, $sr)
+{
+    $permissions = [];
    foreach ($ldap_adv_perms as $ldap_adv_perm) {
        $attributes = $ldap_adv_perm['groups_ldap'];
+        if (!empty($attributes[0])) {
            foreach ($attributes as $attr) {
                $attr = explode('=', $attr, 2);
                foreach ($sr[$attr[0]] as $s_attr) {
@ -1382,6 +1349,14 @@ function fill_permissions_ldap($sr)
                    }
                }
            }
+        } else {
+            $permissions[] = [
+                'profile'      => $ldap_adv_perm['profile'],
+                'groups'       => $ldap_adv_perm['group'],
+                'tags'         => implode(',', $ldap_adv_perm['tags']),
+                'no_hierarchy' => (bool) $ldap_adv_perm['no_hierarchy'] ? 1 : 0,
+            ];
+        }
    }

    return $permissions;