/**
* Gets the LDAP and TYPO3 user groups for a given user.
*
* @param array $ldapUser LDAP user data
* @param array $configuration LDAP configuration
* @param string $groupTable Name of the group table (should normally be either "be_groups" or "fe_groups")
* @return array|NULL Array of groups or NULL if required LDAP groups are missing
* @throws \Causal\IgLdapSsoAuth\Exception\InvalidUserGroupTableException
*/
public static function getUserGroups(array $ldapUser, array $configuration = NULL, $groupTable = '')
{
if ($configuration === NULL) {
$configuration = static::$config;
}
if (empty($groupTable)) {
if (isset(static::$authenticationService)) {
$groupTable = static::$authenticationService->authInfo['db_groups']['table'];
} else {
if (TYPO3_MODE === 'BE') {
$groupTable = 'be_groups';
} else {
$groupTable = 'fe_groups';
}
}
}
// User is valid only if exist in TYPO3.
// Get LDAP groups from LDAP user.
$typo3_groups = array();
$ldapGroups = static::getLdapGroups($ldapUser);
unset($ldapGroups['count']);
/** @var \TYPO3\CMS\Extbase\Domain\Model\BackendUserGroup[]|\TYPO3\CMS\Extbase\Domain\Model\FrontendUserGroup[] $requiredLDAPGroups */
$requiredLDAPGroups = Configuration::getValue('requiredLDAPGroups');
if (count($ldapGroups) === 0) {
if (count($requiredLDAPGroups) > 0) {
return NULL;
}
} else {
// Get pid from group mapping
$typo3GroupPid = Configuration::getPid($configuration['groups']['mapping']);
$typo3GroupsTemp = static::getTypo3Groups($ldapGroups, $groupTable, $typo3GroupPid);
if (count($requiredLDAPGroups) > 0) {
$hasRequired = FALSE;
$groupUids = array();
foreach ($typo3GroupsTemp as $typo3Group) {
$groupUids[] = $typo3Group['uid'];
}
foreach ($requiredLDAPGroups as $group) {
if (in_array($group->getUid(), $groupUids)) {
$hasRequired = TRUE;
break;
}
}
if (!$hasRequired) {
return NULL;
}
}
if (Configuration::getValue('IfGroupExist') && count($typo3GroupsTemp) === 0) {
return array();
}
$i = 0;
foreach ($typo3GroupsTemp as $typo3Group) {
if (Configuration::getValue('GroupsNotSynchronize') && !$typo3Group['uid']) {
// Groups should not get synchronized and the current group is invalid
continue;
}
if (Configuration::getValue('GroupsNotSynchronize')) {
$typo3_groups[] = $typo3Group;
} elseif (!$typo3Group['uid']) {
$newGroup = Typo3GroupRepository::add($groupTable, $typo3Group);
$typo3_group_merged = static::merge($ldapGroups[$i], $newGroup, $configuration['groups']['mapping']);
Typo3GroupRepository::update($groupTable, $typo3_group_merged);
$typo3Group = Typo3GroupRepository::fetch($groupTable, $typo3_group_merged['uid']);
$typo3_groups[] = $typo3Group[0];
} else {
// Restore group that may have been previously deleted
$typo3Group['deleted'] = 0;
$typo3_group_merged = static::merge($ldapGroups[$i], $typo3Group, $configuration['groups']['mapping']);
Typo3GroupRepository::update($groupTable, $typo3_group_merged);
$typo3Group = Typo3GroupRepository::fetch($groupTable, $typo3_group_merged['uid']);
$typo3_groups[] = $typo3Group[0];
}
$i++;
}
}
// Hook for processing the groups
if (is_array($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['ig_ldap_sso_auth']['getGroupsProcessing'])) {
foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['ig_ldap_sso_auth']['getGroupsProcessing'] as $className) {
/** @var $postProcessor \Causal\IgLdapSsoAuth\Utility\GetGroupsProcessorInterface */
$postProcessor = GeneralUtility::getUserObj($className);
if ($postProcessor instanceof \Causal\IgLdapSsoAuth\Utility\GetGroupsProcessorInterface) {
$postProcessor->getUserGroups($groupTable, $ldapUser, $typo3_groups);
} else {
throw new \RuntimeException('Processor ' . get_class($postProcessor) . ' must implement the \\Causal\\IgLdapSsoAuth\\Utility\\GetGroupsProcessorInterface interface', 1431340191);
}
}
}
return $typo3_groups;
}
/**
* Sets the parent groups for a given TYPO3 user group record.
*
* @param array $ldapParentGroups
* @param string $fieldParent
* @param int $childUid
* @param int $pid
* @param string $mode
* @return void
* @throws \Causal\IgLdapSsoAuth\Exception\InvalidUserGroupTableException
*/
protected function setParentGroup(array $ldapParentGroups, $fieldParent, $childUid, $pid, $mode)
{
$subGroupList = array();
if ($mode === 'be') {
$table = 'be_groups';
$config = Configuration::getBackendConfiguration();
} else {
$table = 'fe_groups';
$config = Configuration::getFrontendConfiguration();
}
foreach ($ldapParentGroups as $parentDn) {
$typo3ParentGroup = Typo3GroupRepository::fetch($table, FALSE, $pid, $parentDn);
if (is_array($typo3ParentGroup[0])) {
if (!empty($typo3ParentGroup[0]['subgroup'])) {
$subGroupList = GeneralUtility::trimExplode(',', $typo3ParentGroup[0]['subgroup']);
}
$subGroupList[] = $childUid;
$subGroupList = array_unique($subGroupList);
$typo3ParentGroup[0]['subgroup'] = implode(',', $subGroupList);
Typo3GroupRepository::update($table, $typo3ParentGroup[0]);
} else {
$filter = '(&' . Configuration::replaceFilterMarkers($config['groups']['filter']) . '&(distinguishedName=' . $parentDn . '))';
$attributes = Configuration::getLdapAttributes($config['groups']['mapping']);
$ldapGroups = Ldap::getInstance()->search($config['groups']['basedn'], $filter, $attributes);
unset($ldapGroups['count']);
if (count($ldapGroups) > 0) {
$pid = Configuration::getPid($config['groups']['mapping']);
// Populate an array of TYPO3 group records corresponding to the LDAP groups
// If a given LDAP group has no associated group in TYPO3, a fresh record
// will be created so that $ldapGroups[i] <=> $typo3Groups[i]
$typo3Groups = Authentication::getTypo3Groups($ldapGroups, $table, $pid);
foreach ($ldapGroups as $index => $ldapGroup) {
$typo3Group = Authentication::merge($ldapGroup, $typo3Groups[$index], $config['groups']['mapping']);
$typo3Group['subgroup'] = $childUid;
$typo3Group = Typo3GroupRepository::add($table, $typo3Group);
if (is_array($ldapGroup[$fieldParent])) {
unset($ldapGroup[$fieldParent]['count']);
$this->setParentGroup($ldapGroup[$fieldParent], $fieldParent, $typo3Group['uid'], $pid, $mode);
}
}
}
}
}
}
