/** * Sets a WordPress user's role based on their AAD group memberships * * @param WP_User $user * @param string $aad_user_id The AAD object id of the user * @param string $aad_tenant_id The AAD directory tenant ID * * @return WP_User|WP_Error Return the WP_User with updated rols, or WP_Error if failed. */ function update_wp_user_roles($user, $aad_user_id, $aad_tenant_id) { // Pass the settings to GraphHelper AADSSO_GraphHelper::$settings = $this->settings; AADSSO_GraphHelper::$tenant_id = $aad_tenant_id; // Of the AAD groups defined in the settings, get only those where the user is a member $group_ids = array_keys($this->settings->aad_group_to_wp_role_map); $group_memberships = AADSSO_GraphHelper::user_check_member_groups($aad_user_id, $group_ids); // Determine which WordPress role the AAD group corresponds to. // TODO: Check for error in the group membership response $role_to_set = $this->settings->default_wp_role; if (!empty($group_memberships->value)) { foreach ($this->settings->aad_group_to_wp_role_map as $aad_group => $wp_role) { if (in_array($aad_group, $group_memberships->value)) { $role_to_set = $wp_role; break; } } } if (null != $role_to_set || "" != $role_to_set) { // Set the role on the WordPress user $user->set_role($role_to_set); } else { return new WP_Error('user_not_member_of_required_group', sprintf(__('ERROR: AAD user %s is not a member of any group granting a role.', AADSSO), $aad_user_id)); } return $user; }
public function get_groups() { static $groups = null; if (!$this->tenant_domain) { return; } if (is_null($groups)) { AADSSO_GraphHelper::$tenant_id = $this->tenant_domain; AADSSO_GraphHelper::$settings = $this; $groups = AADSSO_GraphHelper::getGroups(); } return $groups; }