From 43547267a0b90c694e3a7f6122e57c41bca7438a Mon Sep 17 00:00:00 2001
From: "marcos.alconada" <marcos.alconada@artica.es>
Date: Tue, 14 May 2019 15:59:35 +0200
Subject: [PATCH 1/3] Changed condition for ldap Force automatically create
 profile user

Former-commit-id: caa1218b7ae4dc09649a6a4bb54b158255ea268f
---
 pandora_console/include/auth/mysql.php | 58 ++++++++++++++++++++------
 1 file changed, 46 insertions(+), 12 deletions(-)

diff --git a/pandora_console/include/auth/mysql.php b/pandora_console/include/auth/mysql.php
index 718a3a6c71..bc30a34de2 100644
--- a/pandora_console/include/auth/mysql.php
+++ b/pandora_console/include/auth/mysql.php
@@ -1254,7 +1254,7 @@ function fill_permissions_ldap($sr)
     global $config;
     $permissions = [];
     $permissions_profile = [];
-    if ((bool) $config['ldap_save_profile'] === false) {
+    if ((bool) $config['ldap_save_profile'] === false && $config['ldap_advanced_config'] == 1) {
         $result = db_get_all_rows_filter(
             'tusuario_perfil',
             ['id_usuario' => $sr['uid'][0]]
@@ -1267,19 +1267,9 @@ function fill_permissions_ldap($sr)
                    'no_hierarchy' => (bool) $perms['no_hierarchy'] ? 1 : 0,
                ];
         }
-
-        if (empty($permissions_profile)) {
-            $permissions[0]['profile'] = $config['default_remote_profile'];
-            $permissions[0]['groups'][] = $config['default_remote_group'];
-            $permissions[0]['tags'] = $config['default_assign_tags'];
-            $permissions[0]['no_hierarchy'] = $config['default_no_hierarchy'];
-            return $permissions;
-        } else {
-            return $permissions_profile;
-        }
     }
 
-    if ($config['autocreate_remote_users']) {
+    if ($config['autocreate_remote_users'] && $config['ldap_advanced_config'] == '') {
         $permissions[0]['profile'] = $config['default_remote_profile'];
         $permissions[0]['groups'][] = $config['default_remote_group'];
         $permissions[0]['tags'] = $config['default_assign_tags'];
@@ -1287,6 +1277,50 @@ function fill_permissions_ldap($sr)
         return $permissions;
     }
 
+    if ($config['ldap_advanced_config'] == 1 && $config['ldap_save_profile'] == '') {
+        $ldap_adv_perms = json_decode(io_safe_output($config['ldap_adv_perms']), true);
+        foreach ($ldap_adv_perms as $ldap_adv_perm) {
+            $permissions[] = [
+                'profile'      => $ldap_adv_perm['profile'],
+                'groups'       => $ldap_adv_perm['group'],
+                'tags'         => implode(',', $ldap_adv_perm['tags']),
+                'no_hierarchy' => (bool) $ldap_adv_perm['no_hierarchy'] ? 1 : 0,
+            ];
+        }
+
+        return $permissions;
+    }
+
+    if ($config['ldap_advanced_config'] == 1 && $config['ldap_save_profile'] == 1) {
+        $result = db_get_all_rows_filter(
+            'tusuario_perfil',
+            ['id_usuario' => $sr['uid'][0]]
+        );
+        if ($result == false) {
+            $ldap_adv_perms = json_decode(io_safe_output($config['ldap_adv_perms']), true);
+            foreach ($ldap_adv_perms as $ldap_adv_perm) {
+                $permissions[] = [
+                    'profile'      => $ldap_adv_perm['profile'],
+                    'groups'       => $ldap_adv_perm['group'],
+                    'tags'         => implode(',', $ldap_adv_perm['tags']),
+                    'no_hierarchy' => (bool) $ldap_adv_perm['no_hierarchy'] ? 1 : 0,
+                ];
+                return $permissions;
+            }
+        }
+
+        foreach ($result as $perms) {
+               $permissions_profile[] = [
+                   'profile'      => $perms['id_perfil'],
+                   'groups'       => [$perms['id_grupo']],
+                   'tags'         => $perms['tags'],
+                   'no_hierarchy' => (bool) $perms['no_hierarchy'] ? 1 : 0,
+               ];
+        };
+
+        return $permissions_profile;
+    }
+
     // Decode permissions in advanced mode
     $ldap_adv_perms = json_decode(io_safe_output($config['ldap_adv_perms']), true);
     foreach ($ldap_adv_perms as $ldap_adv_perm) {

From 0c9f8892e0daf11bb9f9295cc81d01960bdd656b Mon Sep 17 00:00:00 2001
From: "marcos.alconada" <marcos.alconada@artica.es>
Date: Fri, 17 May 2019 13:58:34 +0200
Subject: [PATCH 2/3] Changed evaluates permissions

---
 pandora_console/include/auth/mysql.php | 32 +++++++++++++++++---------
 1 file changed, 21 insertions(+), 11 deletions(-)

diff --git a/pandora_console/include/auth/mysql.php b/pandora_console/include/auth/mysql.php
index bc30a34de2..2ce943b9da 100644
--- a/pandora_console/include/auth/mysql.php
+++ b/pandora_console/include/auth/mysql.php
@@ -1254,11 +1254,19 @@ function fill_permissions_ldap($sr)
     global $config;
     $permissions = [];
     $permissions_profile = [];
-    if ((bool) $config['ldap_save_profile'] === false && $config['ldap_advanced_config'] == 1) {
+    if ((bool) $config['ldap_save_profile'] === false && $config['ldap_advanced_config'] == '') {
         $result = db_get_all_rows_filter(
             'tusuario_perfil',
             ['id_usuario' => $sr['uid'][0]]
         );
+        if ($result == false) {
+            $permissions[0]['profile'] = $config['default_remote_profile'];
+            $permissions[0]['groups'][] = $config['default_remote_group'];
+            $permissions[0]['tags'] = $config['default_assign_tags'];
+            $permissions[0]['no_hierarchy'] = $config['default_no_hierarchy'];
+            return $permissions;
+        }
+
         foreach ($result as $perms) {
                $permissions_profile[] = [
                    'profile'      => $perms['id_perfil'],
@@ -1267,17 +1275,11 @@ function fill_permissions_ldap($sr)
                    'no_hierarchy' => (bool) $perms['no_hierarchy'] ? 1 : 0,
                ];
         }
+
+        return $permissions_profile;
     }
 
-    if ($config['autocreate_remote_users'] && $config['ldap_advanced_config'] == '') {
-        $permissions[0]['profile'] = $config['default_remote_profile'];
-        $permissions[0]['groups'][] = $config['default_remote_group'];
-        $permissions[0]['tags'] = $config['default_assign_tags'];
-        $permissions[0]['no_hierarchy'] = $config['default_no_hierarchy'];
-        return $permissions;
-    }
-
-    if ($config['ldap_advanced_config'] == 1 && $config['ldap_save_profile'] == '') {
+    if ($config['ldap_advanced_config'] == 1 && $config['ldap_save_profile'] == 1) {
         $ldap_adv_perms = json_decode(io_safe_output($config['ldap_adv_perms']), true);
         foreach ($ldap_adv_perms as $ldap_adv_perm) {
             $permissions[] = [
@@ -1291,7 +1293,7 @@ function fill_permissions_ldap($sr)
         return $permissions;
     }
 
-    if ($config['ldap_advanced_config'] == 1 && $config['ldap_save_profile'] == 1) {
+    if ($config['ldap_advanced_config'] == 1 && $config['ldap_save_profile'] == '') {
         $result = db_get_all_rows_filter(
             'tusuario_perfil',
             ['id_usuario' => $sr['uid'][0]]
@@ -1321,6 +1323,14 @@ function fill_permissions_ldap($sr)
         return $permissions_profile;
     }
 
+    if ($config['autocreate_remote_users'] && $config['ldap_save_profile'] == 1) {
+        $permissions[0]['profile'] = $config['default_remote_profile'];
+        $permissions[0]['groups'][] = $config['default_remote_group'];
+        $permissions[0]['tags'] = $config['default_assign_tags'];
+        $permissions[0]['no_hierarchy'] = $config['default_no_hierarchy'];
+        return $permissions;
+    }
+
     // Decode permissions in advanced mode
     $ldap_adv_perms = json_decode(io_safe_output($config['ldap_adv_perms']), true);
     foreach ($ldap_adv_perms as $ldap_adv_perm) {

From 07b42f72419f6154cac75c86085c0807fc2c37bc Mon Sep 17 00:00:00 2001
From: "marcos.alconada" <marcos.alconada@artica.es>
Date: Wed, 22 May 2019 13:57:31 +0200
Subject: [PATCH 3/3] Changed for metaconsole

---
 pandora_console/include/auth/mysql.php | 32 +++++++++++++++++++++++++-
 1 file changed, 31 insertions(+), 1 deletion(-)

diff --git a/pandora_console/include/auth/mysql.php b/pandora_console/include/auth/mysql.php
index 2ce943b9da..1ab383b672 100644
--- a/pandora_console/include/auth/mysql.php
+++ b/pandora_console/include/auth/mysql.php
@@ -1254,6 +1254,36 @@ function fill_permissions_ldap($sr)
     global $config;
     $permissions = [];
     $permissions_profile = [];
+    if (defined('METACONSOLE')) {
+        $meta = true;
+    }
+
+    if ($meta && (bool) $config['ldap_save_profile'] === false && $config['ldap_advanced_config'] == 0) {
+        $result = 0;
+        $result = db_get_all_rows_filter(
+            'tusuario_perfil',
+            ['id_usuario' => $sr['uid'][0]]
+        );
+        if ($result == false) {
+            $permissions[0]['profile'] = $config['default_remote_profile'];
+            $permissions[0]['groups'][] = $config['default_remote_group'];
+            $permissions[0]['tags'] = $config['default_assign_tags'];
+            $permissions[0]['no_hierarchy'] = $config['default_no_hierarchy'];
+            return $permissions;
+        }
+
+        foreach ($result as $perms) {
+            $permissions_profile[] = [
+                'profile'      => $perms['id_perfil'],
+                'groups'       => [$perms['id_grupo']],
+                'tags'         => $perms['tags'],
+                'no_hierarchy' => (bool) $perms['no_hierarchy'] ? 1 : 0,
+            ];
+        }
+
+        return $permissions_profile;
+    }
+
     if ((bool) $config['ldap_save_profile'] === false && $config['ldap_advanced_config'] == '') {
         $result = db_get_all_rows_filter(
             'tusuario_perfil',
@@ -1293,7 +1323,7 @@ function fill_permissions_ldap($sr)
         return $permissions;
     }
 
-    if ($config['ldap_advanced_config'] == 1 && $config['ldap_save_profile'] == '') {
+    if ($config['ldap_advanced_config'] == 1 && $config['ldap_save_profile'] == 0) {
         $result = db_get_all_rows_filter(
             'tusuario_perfil',
             ['id_usuario' => $sr['uid'][0]]