public function updateUserObject(&$userObject)
{
parent::updateUserObject($userObject);
if (!empty($this->separateGroup)) {
$userObject->setGroupPath("/" . $this->separateGroup);
}
// SHOULD BE DEPRECATED
if (!empty($this->customParamsMapping)) {
$checkValues = array_values($this->customParamsMapping);
$prefs = $userObject->getPref("CUSTOM_PARAMS");
if (!is_array($prefs)) {
$prefs = array();
}
// If one value exist, we consider the mapping has already been done.
foreach ($checkValues as $val) {
if (array_key_exists($val, $prefs)) {
return;
}
}
$changes = false;
$entries = $this->getUserEntries($userObject->getId());
if ($entries["count"]) {
$entry = $entries[0];
foreach ($this->customParamsMapping as $key => $value) {
if (isset($entry[$key])) {
$prefs[$value] = $entry[$key][0];
$changes = true;
}
}
}
if ($changes) {
$userObject->setPref("CUSTOM_PARAMS", $prefs);
$userObject->save();
}
}
if (!empty($this->paramsMapping)) {
$changes = false;
$entries = $this->getUserEntries($userObject->getId());
if ($entries["count"]) {
$entry = $entries[0];
foreach ($this->paramsMapping as $params) {
$key = strtolower($params['MAPPING_LDAP_PARAM']);
if (isset($entry[$key])) {
$value = $entry[$key][0];
$memberValues = array();
if ($key == "memberof") {
// get CN from value
foreach ($entry[$key] as $possibleValue) {
$hnParts = array();
$parts = explode(",", ltrim($possibleValue, '/'));
foreach ($parts as $part) {
list($att, $attVal) = explode("=", $part);
//if (strtolower($att) == "cn") $hnParts[] = $attVal;
/*
* In the example above, 1st CN indicates the name of group, from 2nd, CN indicate a container,
* therefore, we just take the first "cn" element by breaking the for if we found.
*
*/
if (strtolower($att) == "cn") {
$hnParts[] = $attVal;
break;
}
}
if (count($hnParts)) {
$memberValues[implode(",", $hnParts)] = $possibleValue;
}
}
}
switch ($params['MAPPING_LOCAL_TYPE']) {
case "role_id":
$valueFilters = null;
$matchFilter = null;
$filter = $params["MAPPING_LOCAL_PARAM"];
if (strpos($filter, "preg:") !== false) {
$matchFilter = "/" . str_replace("preg:", "", $filter) . "/i";
} else {
if (!empty($filter)) {
$valueFilters = array_map("trim", explode(",", $filter));
}
}
if ($key == "memberof") {
if (empty($valueFilters)) {
$valueFilters = $this->getLdapGroupListFromDN();
}
if ($this->mappedRolePrefix) {
$rolePrefix = $this->mappedRolePrefix;
} else {
$rolePrefix = "";
}
$userroles = $userObject->getRoles();
//remove all mapped roles before
if (is_array($userroles)) {
foreach ($userroles as $key => $role) {
if (AuthService::getRole($key) && !(strpos($key, $this->mappedRolePrefix) === false)) {
$userObject->removeRole($key);
}
}
}
$userObject->recomputeMergedRole();
foreach ($memberValues as $uniqValue => $fullDN) {
$uniqValueWithPrefix = $rolePrefix . $uniqValue;
if (isset($matchFilter) && !preg_match($matchFilter, $uniqValueWithPrefix)) {
continue;
}
if (isset($valueFilters) && !in_array($uniqValueWithPrefix, $valueFilters)) {
continue;
}
$roleToAdd = AuthService::getRole($uniqValueWithPrefix, true);
$roleToAdd->setLabel($uniqValue);
AuthService::updateRole($roleToAdd);
$userObject->addRole($roleToAdd);
$changes = true;
}
} else {
foreach ($entry[$key] as $uniqValue) {
if (isset($matchFilter) && !preg_match($matchFilter, $uniqValue)) {
continue;
}
if (isset($valueFilters) && !in_array($uniqValue, $valueFilters)) {
continue;
}
if (!in_array($uniqValue, array_keys($userObject->getRoles())) && !empty($uniqValue)) {
$userObject->addRole(AuthService::getRole($uniqValue, true));
$changes = true;
}
}
}
break;
case "group_path":
if ($key == "memberof") {
$filter = $params["MAPPING_LOCAL_PARAM"];
if (strpos($filter, "preg:") !== false) {
$matchFilter = "/" . str_replace("preg:", "", $filter) . "/i";
} else {
if (!empty($filter)) {
$valueFilters = array_map("trim", explode(",", $filter));
}
}
foreach ($memberValues as $uniqValue => $fullDN) {
if (isset($matchFilter) && !preg_match($matchFilter, $uniqValue)) {
continue;
}
if (isset($valueFilters) && !in_array($uniqValue, $valueFilters)) {
continue;
}
if ($userObject->personalRole->filterParameterValue("auth.ldap", "MEMBER_OF", AJXP_REPO_SCOPE_ALL, "") == $fullDN) {
//break;
}
$humanName = $uniqValue;
$branch = array();
$this->buildGroupBranch($uniqValue, $branch);
$parent = "/";
if (count($branch)) {
$parent = "/" . implode("/", array_reverse($branch));
}
if (!ConfService::getConfStorageImpl()->groupExists(rtrim(AuthService::filterBaseGroup($parent), "/") . "/" . $fullDN)) {
AuthService::createGroup($parent, $fullDN, $humanName);
}
$userObject->setGroupPath(rtrim($parent, "/") . "/" . $fullDN, true);
// Update Roles from groupPath
$b = array_reverse($branch);
$b[] = $fullDN;
for ($i = 1; $i <= count($b); $i++) {
$userObject->addRole(AuthService::getRole("AJXP_GRP_/" . implode("/", array_slice($b, 0, $i)), true));
}
$userObject->personalRole->setParameterValue("auth.ldap", "MEMBER_OF", $fullDN);
$userObject->recomputeMergedRole();
$changes = true;
}
}
break;
case "profile":
if ($userObject->getProfile() != $value) {
$changes = true;
$userObject->setProfile($value);
AuthService::updateAutoApplyRole($userObject);
}
break;
case "plugin_param":
default:
if (strpos($params["MAPPING_LOCAL_PARAM"], "/") !== false) {
list($pId, $param) = explode("/", $params["MAPPING_LOCAL_PARAM"]);
} else {
$pId = $this->getId();
$param = $params["MAPPING_LOCAL_PARAM"];
}
if ($userObject->personalRole->filterParameterValue($pId, $param, AJXP_REPO_SCOPE_ALL, "") != $value) {
$userObject->personalRole->setParameterValue($pId, $param, $value);
$userObject->recomputeMergedRole();
$changes = true;
}
break;
}
}
}
}
if ($changes) {
$userObject->save("superuser");
}
}
}
