Ejemplos de ca_users::addRoles en PHP

Ejemplo n.º 1

Archivo: AccessControlTest.php Proyecto: idiscussforum/providence

 protected function setUp()
 {
     $o_dm = new Datamodel(true);
     // PHPUnit seems to barf on the caching code if we don't instanciate a Datamodel instance
     $o_dm->getTableNum("ca_objects");
     // set up test role
     $this->opt_role = new ca_user_roles();
     $this->opt_role->setMode(ACCESS_WRITE);
     $this->opt_role->set("name", "UnitTestRole");
     $this->opt_role->set("code", "unit_test_role");
     if (!$this->opt_role->insert()) {
         print "ERROR inserting role: " . join(" ", $this->opt_role->getErrors()) . "\n";
     }
     $this->opt_role->setMode(ACCESS_READ);
     // set up test user
     $this->ops_username = "******";
     $this->ops_password = "******";
     $this->opt_user = new ca_users();
     $this->opt_user->setMode(ACCESS_WRITE);
     $this->opt_user->set(array('user_name' => $this->ops_username, 'password' => $this->ops_password, 'email' => '*****@*****.**', 'active' => 1, 'userclass' => 0, 'fname' => 'Test', 'lname' => "User"));
     if (!$this->opt_user->insert()) {
         print "ERROR inserting user: "******" ", $this->opt_user->getErrors()) . "\n";
     }
     $this->opt_user->addRoles("unit_test_role");
     $this->opt_user->setMode(ACCESS_READ);
     global $req, $resp;
     $resp = new ResponseHTTP();
     $req = new RequestHTTP($resp, array("dont_create_new_session" => true));
     $this->assertInstanceOf('ca_users', $this->opt_user);
     $this->assertInstanceOf('ca_user_roles', $this->opt_role);
 }

Ejemplo n.º 2

Archivo: Installer.php Proyecto: idiscussforum/providence

 public function processLogins()
 {
     if ($this->ops_base_name) {
         // "merge" profile and its base
         $va_logins = array();
         if ($this->opo_base->logins) {
             foreach ($this->opo_base->logins->children() as $vo_login) {
                 $vs_logins[self::getAttribute($vo_login, "user_name")] = $vo_login;
             }
         }
         if ($this->opo_profile->logins) {
             foreach ($this->opo_profile->logins->children() as $vo_login) {
                 $va_logins[self::getAttribute($vo_login, "user_name")] = $vo_login;
             }
         }
     } else {
         if ($this->opo_profile->logins) {
             foreach ($this->opo_profile->logins->children() as $vo_login) {
                 $va_logins[self::getAttribute($vo_login, "user_name")] = $vo_login;
             }
         }
     }
     // If no logins are defined in the profile create an admin login with random password
     if (!sizeof($va_logins)) {
         $vs_password = $this->createAdminAccount();
         return array('administrator' => $vs_password);
     }
     $va_login_info = array();
     foreach ($va_logins as $vs_user_name => $vo_login) {
         if (!($vs_password = trim((string) self::getAttribute($vo_login, "password")))) {
             $vs_password = $this->getRandomPassword();
         }
         $t_user = new ca_users();
         $t_user->setMode(ACCESS_WRITE);
         $t_user->set('user_name', $vs_user_name = trim((string) self::getAttribute($vo_login, "user_name")));
         $t_user->set('password', $vs_password);
         $t_user->set('fname', trim((string) self::getAttribute($vo_login, "fname")));
         $t_user->set('lname', trim((string) self::getAttribute($vo_login, "lname")));
         $t_user->set('email', trim((string) self::getAttribute($vo_login, "email")));
         $t_user->set('active', 1);
         $t_user->set('userclass', 0);
         $t_user->insert();
         $va_roles = array();
         if ($vo_login->role) {
             foreach ($vo_login->role as $vo_role) {
                 $va_roles[] = trim((string) self::getAttribute($vo_role, "code"));
             }
         }
         if (sizeof($va_roles)) {
             $t_user->addRoles($va_roles);
         }
         $va_groups = array();
         if ($vo_login->group) {
             foreach ($vo_login->group as $vo_group) {
                 $va_groups[] = trim((string) self::getAttribute($vo_group, "code"));
             }
         }
         if (sizeof($va_groups)) {
             $t_user->addToGroups($va_groups);
         }
         if ($t_user->numErrors()) {
             $this->addError("Errors adding login {$vs_user_name}: " . join("; ", $t_user->getErrors()));
             return false;
         }
         $va_login_info[$vs_user_name] = $vs_password;
     }
     return $va_login_info;
 }

Ejemplo n.º 3

Archivo: LoginRegController.php Proyecto: kai-iak/pawtucket2

 function register()
 {
     if ($this->request->config->get('dont_allow_registration_and_login')) {
         $this->notification->addNotification(_t("Registration is not enabled"), __NOTIFICATION_TYPE_ERROR__);
         $this->redirect(caNavUrl($this->request, '', 'Front', 'Index'));
         return;
     }
     MetaTagManager::setWindowTitle($this->request->config->get("app_display_name") . ": " . _t("Register"));
     # logout user in case is already logged in
     $this->request->deauthenticate();
     $t_user = new ca_users();
     $t_user->purify(true);
     # --- process incoming registration attempt
     $ps_email = $this->request->getParameter("email", pString);
     $ps_fname = $this->request->getParameter("fname", pString);
     $ps_lname = $this->request->getParameter("lname", pString);
     $ps_password = $this->request->getParameter("password", pString);
     $ps_password2 = $this->request->getParameter("password2", pString);
     $ps_security = $this->request->getParameter("security", pString);
     $va_errors = array();
     if (!caCheckEmailAddress($ps_email)) {
         $va_errors["email"] = _t("E-mail address is not valid.");
     } else {
         $t_user->set("email", $ps_email);
     }
     if (!$ps_fname) {
         $va_errors["fname"] = _t("Please enter your first name");
     } else {
         $t_user->set("fname", $ps_fname);
     }
     if (!$ps_lname) {
         $va_errors["lname"] = _t("Please enter your last name");
     } else {
         $t_user->set("lname", $ps_lname);
     }
     if (!$ps_password || !$ps_password2) {
         $va_errors["password"] = _t("Please enter and re-type your password.");
     } else {
         if ($ps_password != $ps_password2) {
             $va_errors["password"] = _t("Passwords do not match");
         } else {
             $t_user->set("password", $ps_password);
         }
     }
     if (!$ps_security) {
         $va_errors["security"] = _t("Please answer the security question.");
     } else {
         if ($ps_security != $_REQUEST["sum"]) {
             $va_errors["security"] = _t("Your answer was incorrect, please try again");
         }
     }
     // Check user profile responses
     $va_profile_prefs = $t_user->getValidPreferences('profile');
     if (is_array($va_profile_prefs) && sizeof($va_profile_prefs)) {
         foreach ($va_profile_prefs as $vs_pref) {
             $vs_pref_value = $this->request->getParameter('pref_' . $vs_pref, pString);
             if (!$t_user->isValidPreferenceValue($vs_pref, $vs_pref_value)) {
                 $va_errors[$vs_pref] = join("; ", $t_user->getErrors());
                 $t_user->clearErrors();
             }
         }
     }
     # --- does deleted user login record for this user already exist?
     # --- (look for active records only; inactive records will effectively block reregistration)
     $vb_user_exists_but_is_deleted = false;
     if ($t_user->load(array('user_name' => $ps_email))) {
         if ((int) $t_user->get('userclass') == 255) {
             if ($t_user->get('active') == 1) {
                 // yeah... so allow registration
                 $vb_user_exists_but_is_deleted = true;
             } else {
                 // existing inactive user record blocks registration
                 $va_errors["email"] = _t("User cannot register");
             }
         } else {
             // already valid login with this user name
             $va_errors["email"] = _t("A user has already registered with this email address");
         }
     }
     # get names of form fields
     $va_fields = $t_user->getFormFields();
     # loop through fields
     foreach ($va_fields as $vs_f => $va_attr) {
         switch ($vs_f) {
             case "user_name":
                 if (!$vb_user_exists_but_is_deleted && !sizeof($va_errors)) {
                     # set field value
                     $t_user->set("user_name", $ps_email);
                     if ($t_user->numErrors() > 0) {
                         $va_errors[$vs_f] = join("; ", $t_user->getErrors());
                     }
                 }
                 break;
                 # -------------
             # -------------
             case "active":
                 if ($this->request->config->get('dont_approve_logins_on_registration')) {
                     $t_user->set("active", 0);
                 } else {
                     $t_user->set("active", 1);
                 }
                 break;
                 # -------------
             # -------------
             case "userclass":
                 $t_user->set("userclass", 1);
                 // 1=public-only
                 break;
                 # -------------
             # -------------
             default:
                 if (!$va_errors[$vs_f]) {
                     $t_user->set($vs_f, $_REQUEST[$vs_f]);
                     # set field values
                     if ($t_user->numErrors() > 0) {
                         $va_errors[$vs_f] = join("; ", $t_user->getErrors());
                     }
                 }
                 break;
                 # -------------
         }
     }
     // Save user profile responses
     if (is_array($va_profile_prefs) && sizeof($va_profile_prefs)) {
         foreach ($va_profile_prefs as $vs_pref) {
             $t_user->setPreference($vs_pref, $this->request->getParameter('pref_' . $vs_pref, pString));
         }
     }
     if (sizeof($va_errors) == 0) {
         # --- there are no errors so make new user record
         $t_user->setMode(ACCESS_WRITE);
         if ($vb_user_exists_but_is_deleted) {
             $t_user->update();
         } else {
             $t_user->insert();
         }
         $pn_user_id = $t_user->get("user_id");
         if ($t_user->numErrors()) {
             $va_errors["register"] = join("; ", $t_user->getErrors());
         } else {
             # --- add default roles
             if (($va_default_roles = $this->request->config->getList('registration_default_roles')) && sizeof($va_default_roles)) {
                 $t_user->addRoles($va_default_roles);
             }
             # --- user is joining a user group from a supplied link
             if ($this->request->session->getVar("join_user_group_id")) {
                 if (!$t_user->inGroup($this->request->session->getVar("join_user_group_id"))) {
                     $t_user->addToGroups($this->request->session->getVar("join_user_group_id"));
                     $this->request->session->setVar("join_user_group_id", "");
                     $vs_group_message = _t(" You were added to the group");
                 } else {
                     $this->request->session->setVar("join_user_group_id", "");
                     $vs_group_message = _t(" You are already a member of the group");
                 }
             }
             # --- send email confirmation
             $o_view = new View($this->request, array($this->request->getViewsDirectoryPath()));
             # -- generate email subject line from template
             $vs_subject_line = $o_view->render("mailTemplates/reg_conf_subject.tpl");
             # -- generate mail text from template - get both the text and the html versions
             $vs_mail_message_text = $o_view->render("mailTemplates/reg_conf.tpl");
             $vs_mail_message_html = $o_view->render("mailTemplates/reg_conf_html.tpl");
             caSendmail($t_user->get('email'), $this->request->config->get("ca_admin_email"), $vs_subject_line, $vs_mail_message_text, $vs_mail_message_html);
             if ($this->request->config->get("email_notification_for_new_registrations")) {
                 # --- send email to admin
                 $o_view = new View($this->request, array($this->request->getViewsDirectoryPath()));
                 $o_view->setVar("t_user", $t_user);
                 # -- generate email subject line from template
                 $vs_subject_line = $o_view->render("mailTemplates/reg_admin_notification_subject.tpl");
                 # -- generate mail text from template - get both the text and the html versions
                 $vs_mail_message_text = $o_view->render("mailTemplates/reg_admin_notification.tpl");
                 $vs_mail_message_html = $o_view->render("mailTemplates/reg_admin_notification_html.tpl");
                 caSendmail($this->request->config->get("ca_admin_email"), $this->request->config->get("ca_admin_email"), $vs_subject_line, $vs_mail_message_text, $vs_mail_message_html);
             }
             $t_user = new ca_users();
             $vs_action = $vs_controller = $vs_module_path = '';
             if ($vs_default_action = $this->request->config->get('default_action')) {
                 $va_tmp = explode('/', $vs_default_action);
                 $vs_action = array_pop($va_tmp);
                 if (sizeof($va_tmp)) {
                     $vs_controller = array_pop($va_tmp);
                 }
                 if (sizeof($va_tmp)) {
                     $vs_module_path = join('/', $va_tmp);
                 }
             } else {
                 $vs_controller = 'Splash';
                 $vs_action = 'Index';
             }
             $vs_url = caNavUrl($this->request, $vs_module_path, $vs_controller, $vs_action);
             if ($t_user->get("active")) {
                 # log in the new user
                 $this->request->doAuthentication(array('dont_redirect' => true, 'user_name' => $ps_email, 'password' => $ps_password));
                 if ($this->request->isLoggedIn()) {
                     if ($this->request->isAjax()) {
                         $this->view->setVar("message", _t('Thank you for registering!  You are now logged in.') . $vs_group_message);
                         $this->render("Form/reload_html.php");
                         return;
                     } else {
                         $this->notification->addNotification(_t('Thank you for registering!  You are now logged in.') . $vs_group_message, __NOTIFICATION_TYPE_INFO__);
                         $this->response->setRedirect($vs_url);
                     }
                 } else {
                     $va_errors["register"] = _t("Login failed.");
                 }
             } else {
                 # --- registration needs approval
                 $this->notification->addNotification(_t('Thank you for registering!  Your account will be activated after review.') . $vs_group_message, __NOTIFICATION_TYPE_INFO__);
                 $this->response->setRedirect($vs_url);
             }
         }
     }
     if (sizeof($va_errors) > 0) {
         $this->view->setVar('errors', $va_errors);
         $this->registerForm($t_user);
     }
 }

Ejemplo n.º 4

Archivo: OpenLDAP.php Proyecto: kai-iak/pawtucket2

 public static function authenticate($ps_username, $ps_password = '', $pa_options = null)
 {
     $po_auth_config = Configuration::load(Configuration::load()->get('authentication_config'));
     if (!function_exists("ldap_connect")) {
         throw new OpenLDAPException(_t("PHP's LDAP module is required for LDAP authentication!"));
     }
     if (!$ps_username) {
         return false;
     }
     // ldap config
     $vs_ldaphost = $po_auth_config->get("ldap_host");
     $vs_ldapport = $po_auth_config->get("ldap_port");
     $vs_base_dn = $po_auth_config->get("ldap_base_dn");
     $vs_user_ou = $po_auth_config->get("ldap_user_ou");
     $vs_bind_rdn = self::postProcessLDAPConfigValue("ldap_bind_rdn_format", $ps_username, $vs_user_ou, $vs_base_dn);
     $va_default_roles = $po_auth_config->get("ldap_users_default_roles");
     if (!is_array($va_default_roles)) {
         $va_default_roles = array();
     }
     $va_default_groups = $po_auth_config->get("ldap_users_default_groups");
     if (!is_array($va_default_groups)) {
         $va_default_groups = array();
     }
     $vo_ldap = ldap_connect($vs_ldaphost, $vs_ldapport);
     ldap_set_option($vo_ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
     if (!$vo_ldap) {
         return false;
     }
     $vs_bind_rdn_filter = self::postProcessLDAPConfigValue("ldap_bind_rdn_filter", $ps_username, $vs_user_ou, $vs_base_dn);
     if (strlen($vs_bind_rdn_filter) > 0) {
         $vo_dn_search_results = ldap_search($vo_ldap, $vs_base_dn, $vs_bind_rdn_filter);
         $va_dn_search_results = ldap_get_entries($vo_ldap, $vo_dn_search_results);
         if (isset($va_dn_search_results[0]['dn'])) {
             $vs_bind_rdn = $va_dn_search_results[0]['dn'];
         }
     }
     // log in
     $vo_bind = @ldap_bind($vo_ldap, $vs_bind_rdn, $ps_password);
     if (!$vo_bind) {
         // wrong credentials
         if (ldap_get_option($vo_ldap, 0x32, $extended_error)) {
             caLogEvent("ERR", "LDAP ERROR (" . ldap_errno($vo_ldap) . ") {$extended_error} [{$vs_bind_rdn}]", "OpenLDAP::Authenticate");
         }
         ldap_unbind($vo_ldap);
         return false;
     }
     // check group membership
     if (!self::isMemberinAtLeastOneGroup($ps_username, $vo_ldap)) {
         ldap_unbind($vo_ldap);
         return false;
     }
     // user role and group membership syncing with directory
     $t_user = new ca_users();
     if ($t_user->load($ps_username)) {
         // don't try to sync roles for non-existing users (the first auth call is before the user is actually created)
         if ($po_auth_config->get('ldap_sync_user_roles')) {
             $va_expected_roles = array_merge($va_default_roles, self::getRolesToAddFromDirectory($ps_username, $vo_ldap));
             foreach ($va_expected_roles as $vs_role) {
                 if (!$t_user->hasUserRole($vs_role)) {
                     $t_user->addRoles($vs_role);
                 }
             }
             foreach ($t_user->getUserRoles() as $vn_id => $va_role_info) {
                 if (!in_array($va_role_info['code'], $va_expected_roles)) {
                     $t_user->removeRoles($vn_id);
                 }
             }
         }
         if ($po_auth_config->get('ldap_sync_user_groups')) {
             $va_expected_groups = array_merge($va_default_groups, self::getGroupsToAddFromDirectory($ps_username, $vo_ldap));
             foreach ($va_expected_groups as $vs_group) {
                 if (!$t_user->inGroup($vs_group)) {
                     $t_user->addToGroups($vs_group);
                 }
             }
             foreach ($t_user->getUserGroups() as $vn_id => $va_group_info) {
                 if (!in_array($va_group_info['code'], $va_expected_groups)) {
                     $t_user->removeFromGroups($vn_id);
                 }
             }
         }
     }
     ldap_unbind($vo_ldap);
     return true;
 }

Ejemplo n.º 5

Archivo: LoginRegController.php Proyecto: guaykuru/pawtucket

 function register()
 {
     # logout user in case is already logged in
     $this->request->deauthenticate();
     $t_user = new ca_users();
     # --- process incoming registration attempt
     $ps_email = strip_tags($this->request->getParameter("email", pString));
     $ps_fname = strip_tags($this->request->getParameter("fname", pString));
     $ps_lname = strip_tags($this->request->getParameter("lname", pString));
     $ps_password = $this->request->getParameter("password", pString);
     $ps_password2 = $this->request->getParameter("password2", pString);
     $ps_security = $this->request->getParameter("security", pString);
     $va_errors = array();
     if (!caCheckEmailAddress($ps_email)) {
         $va_errors["email"] = _t("E-mail address is not valid.");
     } else {
         $t_user->set("email", $ps_email);
     }
     if (!$ps_fname) {
         $va_errors["fname"] = _t("Please enter your first name");
     } else {
         $t_user->set("fname", $ps_fname);
     }
     if (!$ps_lname) {
         $va_errors["lname"] = _t("Please enter your last name");
     } else {
         $t_user->set("lname", $ps_lname);
     }
     if (!$ps_password || !$ps_password2) {
         $va_errors["password"] = _t("Please enter and re-type your password.");
     } else {
         if ($ps_password != $ps_password2) {
             $va_errors["password"] = _t("Passwords do not match");
         } else {
             $t_user->set("password", $ps_password);
         }
     }
     if (!$ps_security) {
         $va_errors["security"] = _t("Please answer the security question.");
     } else {
         if ($ps_security != $_REQUEST["sum"]) {
             $va_errors["security"] = _t("Your answer was incorrect, please try again");
         }
     }
     // Check user profile responses
     $va_profile_prefs = $t_user->getValidPreferences('profile');
     if (is_array($va_profile_prefs) && sizeof($va_profile_prefs)) {
         foreach ($va_profile_prefs as $vs_pref) {
             $vs_pref_value = $this->request->getParameter('pref_' . $vs_pref, pString);
             if (!$t_user->isValidPreferenceValue($vs_pref, $vs_pref_value)) {
                 $va_errors[$vs_pref] = join("; ", $t_user->getErrors());
                 $t_user->clearErrors();
             }
         }
     }
     # --- does deleted user login record for this user already exist?
     # --- (look for active records only; inactive records will effectively block reregistration)
     $vb_user_exists_but_is_deleted = false;
     if ($t_user->load(array('user_name' => $ps_email))) {
         if ((int) $t_user->get('userclass') == 255) {
             if ($t_user->get('active') == 1) {
                 // yeah... so allow registration
                 $vb_user_exists_but_is_deleted = true;
             } else {
                 // existing inactive user record blocks registration
                 $va_errors["email"] = _t("User cannot register");
             }
         } else {
             // already valid login with this user name
             $va_errors["email"] = _t("A user has already registered with this email address");
         }
     }
     # get names of form fields
     $va_fields = $t_user->getFormFields();
     # loop through fields
     foreach ($va_fields as $vs_f => $va_attr) {
         switch ($vs_f) {
             case "user_name":
                 if (!$vb_user_exists_but_is_deleted && !sizeof($va_errors)) {
                     # set field value
                     $t_user->set("user_name", $ps_email);
                     if ($t_user->numErrors() > 0) {
                         $va_errors[$vs_f] = join("; ", $t_user->getErrors());
                     }
                 }
                 break;
                 # -------------
             # -------------
             case "active":
                 $t_user->set("active", 1);
                 break;
                 # -------------
             # -------------
             case "userclass":
                 $t_user->set("userclass", 1);
                 // 1=public-only
                 break;
                 # -------------
             # -------------
             default:
                 if (!$va_errors[$vs_f]) {
                     $t_user->set($vs_f, $_REQUEST[$vs_f]);
                     # set field values
                     if ($t_user->numErrors() > 0) {
                         $va_errors[$vs_f] = join("; ", $t_user->getErrors());
                     }
                 }
                 break;
                 # -------------
         }
     }
     // Save user profile responses
     if (is_array($va_profile_prefs) && sizeof($va_profile_prefs)) {
         foreach ($va_profile_prefs as $vs_pref) {
             $t_user->setPreference($vs_pref, $this->request->getParameter('pref_' . $vs_pref, pString));
         }
     }
     if (sizeof($va_errors) == 0) {
         # --- there are no errors so make new user record
         $t_user->setMode(ACCESS_WRITE);
         if ($vb_user_exists_but_is_deleted) {
             $t_user->update();
         } else {
             $t_user->insert();
         }
         $pn_user_id = $t_user->get("user_id");
         if ($t_user->numErrors()) {
             $va_errors["register"] = join("; ", $t_user->getErrors());
         } else {
             # --- add default roles
             if (($va_default_roles = $this->request->config->getList('registration_default_roles')) && sizeof($va_default_roles)) {
                 $t_user->addRoles($va_default_roles);
             }
             # --- send email confirmation
             # -- generate email subject line from template
             ob_start();
             require $this->request->getViewsDirectoryPath() . "/mailTemplates/reg_conf_subject.tpl";
             $vs_subject_line = ob_get_contents();
             ob_end_clean();
             # -- generate mail text from template - get both the text and the html versions
             ob_start();
             require $this->request->getViewsDirectoryPath() . "/mailTemplates/reg_conf.tpl";
             $vs_mail_message_text = ob_get_contents();
             ob_end_clean();
             ob_start();
             require $this->request->getViewsDirectoryPath() . "/mailTemplates/reg_conf_html.tpl";
             $vs_mail_message_html = ob_get_contents();
             ob_end_clean();
             caSendmail($t_user->get('email'), $this->request->config->get("ca_admin_email"), $vs_subject_line, $vs_mail_message_text, $vs_mail_message_html);
             $t_user = new ca_users();
             # log in the new user
             $this->request->doAuthentication(array('dont_redirect' => true, 'user_name' => $ps_email, 'password' => $ps_password));
             if ($this->request->isLoggedIn()) {
                 # --- login successful so redirect to search page
                 $this->notification->addNotification(_t('Thank you for registering!  You are now logged in.'), __NOTIFICATION_TYPE_INFO__);
                 $vo_session = $this->request->getSession();
                 $vs_last_page = $vo_session->getVar('site_last_page');
                 $vo_session->setVar('site_last_page', "");
                 switch ($vs_last_page) {
                     case "Sets":
                         $this->response->setRedirect(caNavUrl($this->request, "", "Sets", "addItem", array("object_id" => $vo_session->getVar('site_last_page_object_id'))));
                         break;
                         # --------------------
                     # --------------------
                     case "ObjectDetail":
                         $this->response->setRedirect(caNavUrl($this->request, "Detail", "Object", "Show", array("object_id" => $vo_session->getVar('site_last_page_object_id'))));
                         break;
                         # --------------------
                     # --------------------
                     default:
                         $this->response->setRedirect(caNavUrl($this->request, "", "", ""));
                         break;
                         # --------------------
                 }
             } else {
                 $va_errors["register"] = _t("Login failed.");
             }
         }
     } else {
         $this->view->setVar('reg_errors', $va_errors);
     }
     $this->form($t_user);
 }

Ejemplo n.º 6

Archivo: AbstractLDAPAuthAdapter.php Proyecto: idiscussforum/providence

 private function syncWithDirectory($ps_username)
 {
     $va_default_roles = $this->getConfigValue("ldap_users_default_roles", array());
     $va_default_groups = $this->getConfigValue("ldap_users_default_groups", array());
     $t_user = new ca_users();
     // don't try to sync roles for non-existing users (the first auth call is before the user is actually created)
     if (!$t_user->load($ps_username)) {
         return;
     }
     if ($this->getConfigValue('ldap_sync_user_roles')) {
         $va_expected_roles = array_merge($va_default_roles, $this->getRolesToAddFromDirectory($ps_username));
         foreach ($va_expected_roles as $vs_role) {
             if (!$t_user->hasUserRole($vs_role)) {
                 $t_user->addRoles($vs_role);
             }
         }
         foreach ($t_user->getUserRoles() as $vn_id => $va_role_info) {
             if (!in_array($va_role_info['code'], $va_expected_roles)) {
                 $t_user->removeRoles($vn_id);
             }
         }
     }
     if ($this->getConfigValue('ldap_sync_user_groups')) {
         $va_expected_groups = array_merge($va_default_groups, $this->getGroupsToAddFromDirectory($ps_username));
         foreach ($va_expected_groups as $vs_group) {
             if (!$t_user->inGroup($vs_group)) {
                 $t_user->addToGroups($vs_group);
             }
         }
         foreach ($t_user->getUserGroups() as $vn_id => $va_group_info) {
             if (!in_array($va_group_info['code'], $va_expected_groups)) {
                 $t_user->removeFromGroups($vn_id);
             }
         }
     }
 }