/** * Create a new user * * When creating a user we also need to create a lot of default models and * set permissions for this user. This function creates the user with permissions * and the right models in one go. * * @param array $attributes * @param array $groups array of group names array('Internal','Some group'); * @param array $modulePermissionLevels array('calendar'=>1,'projects'=>4) * @return User */ public static function newInstance($attributes, $groups = array(), $modulePermissionLevels = array()) { $user = new User(); $user->setAttributes($attributes); $user->save(); $user->addToGroups($groups); foreach ($modulePermissionLevels as $module => $permissionLevel) { GO::modules()->{$module}->acl->addUser($user->id, $permissionLevel); } $user->checkDefaultModels(); return $user; }
/** * * @param \GO\Base\Ldap\Record $user * @param type $password * @return \GO\Base\Model\User */ public function syncUserWithLdapRecord(\GO\Base\Ldap\Record $record, $password = null) { //disable password validation because we can't control the external passwords \GO::config()->password_validate = false; $attr = $this->getUserAttributes($record); if (!empty($attr['exclude'])) { \GO::debug("LDAPAUTH: User is excluded from LDAP by mapping!"); return false; } unset($attr['exclude']); try { $user = \GO\Base\Model\User::model()->findSingleByAttribute('username', $attr['username']); if ($user) { \GO::debug("LDAPAUTH: Group-Office user already exists."); if (isset($password) && !$user->checkPassword($password)) { \GO::debug('LDAPAUTH: LDAP password has been changed. Updating Group-Office database'); $user->password = $password; } if (empty(\GO::config()->ldap_auth_dont_update_profiles)) { //never update the e-mail address because the user //can't change it to something invalid. if ($this->validateUserEmail($record, $user->email)) { unset($attr['email']); } $user->setAttributes($attr); $user->cutAttributeLengths(); \GO::debug('LDAPAUTH: updating user profile'); \GO::debug($attr); $this->_updateContact($user, $attr); } else { \GO::debug('LDAPAUTH: Profile updating from LDAP is disabled'); } if (!$user->save()) { throw new \Exception("Could not save user: "******"\n", $user->getValidationErrors())); } } else { \GO::debug("LDAPAUTH: Group-Office user does not exist. Attempting to create it."); \GO::debug($attr); $user = new \GO\Base\Model\User(); $user->setAttributes($attr); $user->cutAttributeLengths(); $user->password = $password; if (!$user->save()) { throw new \Exception("Could not save user: "******"\n", $user->getValidationErrors())); } if (!empty(\GO::config()->ldap_groups)) { $user->addToGroups(explode(',', \GO::config()->ldap_groups)); } $this->_updateContact($user, $attr); $user->checkDefaultModels(); } } catch (\Exception $e) { \GO::debug('LDAPAUTH: Failed creating user ' . $attr['username'] . ' Exception: ' . $e->getMessage(), E_USER_WARNING); return false; } return $user; }