Merge branch 'ent-3984-7962-ldap-bug-en-token-force-automatically-create-profile-user' into 'develop'

Changed condition for ldap Force automatically create profile user See merge request artica/pandorafms!2422
2019-05-22 16:15:06 +02:00 · 2019-05-22 16:15:06 +02:00 · 8b511c2ca3
parent 892dcc750f 07b42f7241
commit 8b511c2ca3
1 changed files with 85 additions and 11 deletions
--- a/pandora_console/include/auth/mysql.php
+++ b/pandora_console/include/auth/mysql.php
@ -1254,11 +1254,49 @@ function fill_permissions_ldap($sr)
    global $config;
    $permissions = [];
    $permissions_profile = [];
-    if ((bool) $config['ldap_save_profile'] === false) {
+    if (defined('METACONSOLE')) {
+        $meta = true;
+    }
+
+    if ($meta && (bool) $config['ldap_save_profile'] === false && $config['ldap_advanced_config'] == 0) {
+        $result = 0;
        $result = db_get_all_rows_filter(
            'tusuario_perfil',
            ['id_usuario' => $sr['uid'][0]]
        );
+        if ($result == false) {
+            $permissions[0]['profile'] = $config['default_remote_profile'];
+            $permissions[0]['groups'][] = $config['default_remote_group'];
+            $permissions[0]['tags'] = $config['default_assign_tags'];
+            $permissions[0]['no_hierarchy'] = $config['default_no_hierarchy'];
+            return $permissions;
+        }
+
+        foreach ($result as $perms) {
+            $permissions_profile[] = [
+                'profile'      => $perms['id_perfil'],
+                'groups'       => [$perms['id_grupo']],
+                'tags'         => $perms['tags'],
+                'no_hierarchy' => (bool) $perms['no_hierarchy'] ? 1 : 0,
+            ];
+        }
+
+        return $permissions_profile;
+    }
+
+    if ((bool) $config['ldap_save_profile'] === false && $config['ldap_advanced_config'] == '') {
+        $result = db_get_all_rows_filter(
+            'tusuario_perfil',
+            ['id_usuario' => $sr['uid'][0]]
+        );
+        if ($result == false) {
+            $permissions[0]['profile'] = $config['default_remote_profile'];
+            $permissions[0]['groups'][] = $config['default_remote_group'];
+            $permissions[0]['tags'] = $config['default_assign_tags'];
+            $permissions[0]['no_hierarchy'] = $config['default_no_hierarchy'];
+            return $permissions;
+        }
+
        foreach ($result as $perms) {
               $permissions_profile[] = [
                   'profile'      => $perms['id_perfil'],
@ -1268,18 +1306,54 @@ function fill_permissions_ldap($sr)
               ];
        }

-        if (empty($permissions_profile)) {
-            $permissions[0]['profile'] = $config['default_remote_profile'];
-            $permissions[0]['groups'][] = $config['default_remote_group'];
-            $permissions[0]['tags'] = $config['default_assign_tags'];
-            $permissions[0]['no_hierarchy'] = $config['default_no_hierarchy'];
-            return $permissions;
-        } else {
-            return $permissions_profile;
-        }
+        return $permissions_profile;
    }

-    if ($config['autocreate_remote_users']) {
+    if ($config['ldap_advanced_config'] == 1 && $config['ldap_save_profile'] == 1) {
+        $ldap_adv_perms = json_decode(io_safe_output($config['ldap_adv_perms']), true);
+        foreach ($ldap_adv_perms as $ldap_adv_perm) {
+            $permissions[] = [
+                'profile'      => $ldap_adv_perm['profile'],
+                'groups'       => $ldap_adv_perm['group'],
+                'tags'         => implode(',', $ldap_adv_perm['tags']),
+                'no_hierarchy' => (bool) $ldap_adv_perm['no_hierarchy'] ? 1 : 0,
+            ];
+        }
+
+        return $permissions;
+    }
+
+    if ($config['ldap_advanced_config'] == 1 && $config['ldap_save_profile'] == 0) {
+        $result = db_get_all_rows_filter(
+            'tusuario_perfil',
+            ['id_usuario' => $sr['uid'][0]]
+        );
+        if ($result == false) {
+            $ldap_adv_perms = json_decode(io_safe_output($config['ldap_adv_perms']), true);
+            foreach ($ldap_adv_perms as $ldap_adv_perm) {
+                $permissions[] = [
+                    'profile'      => $ldap_adv_perm['profile'],
+                    'groups'       => $ldap_adv_perm['group'],
+                    'tags'         => implode(',', $ldap_adv_perm['tags']),
+                    'no_hierarchy' => (bool) $ldap_adv_perm['no_hierarchy'] ? 1 : 0,
+                ];
+                return $permissions;
+            }
+        }
+
+        foreach ($result as $perms) {
+               $permissions_profile[] = [
+                   'profile'      => $perms['id_perfil'],
+                   'groups'       => [$perms['id_grupo']],
+                   'tags'         => $perms['tags'],
+                   'no_hierarchy' => (bool) $perms['no_hierarchy'] ? 1 : 0,
+               ];
+        };
+
+        return $permissions_profile;
+    }
+
+    if ($config['autocreate_remote_users'] && $config['ldap_save_profile'] == 1) {
        $permissions[0]['profile'] = $config['default_remote_profile'];
        $permissions[0]['groups'][] = $config['default_remote_group'];
        $permissions[0]['tags'] = $config['default_assign_tags'];