public static function setUser(SHUserAdapter $adapter, $JUser)
{
if (is_numeric($JUser)) {
$id = $JUser;
} elseif ($JUser instanceof JUser) {
$id = $JUser->id;
} else {
//TODO: lang string
throw new RuntimeException('Invalid User ID', 101);
}
$link = null;
// Check if we can retrieve link from cache
if (isset(self::$userCache[$adapter->loginuser]) && is_array(self::$userCache[$adapter->loginuser])) {
foreach (self::$userCache[$adapter->loginuser] as $links) {
if ($links['joomla_id'] === $id) {
$link = self::$userCache[$adapter->loginuser];
break;
}
}
}
if (empty($link)) {
$link = self::lookupFromJoomlaId(self::TYPE_USER, $id);
}
if ($link) {
// Check if we actually need to update
if ($link[0]['adapter'] == $adapter->getName() && $link[0]['domain'] == $adapter->getDomain() && $link[0]['username'] == $adapter->getId(false) && $link[0]['joomla_id'] == $id) {
return;
}
// Commit the link update
self::update($link[0]['id'], $adapter->getName(), $adapter->getDomain(), $adapter->getId(false), $id);
} else {
// Commit the link insert
self::insert(self::TYPE_USER, $adapter->getName(), $adapter->getDomain(), $adapter->getId(false), $id);
}
unset(self::$userCache['U_' . $adapter->loginuser]);
unset(self::$userCache['I_' . $id]);
}
/**
* Called after a user LDAP read to gather extra ldap attribute values that
* were not included in the initial read.
*
* @param SHUserAdapter $adapter The current user adapter.
* @param array &$attributes Discovered User Ldap attribute keys=>values.
* @param array $options Array holding options.
*
* @return void
*
* @since 2.0
*/
public function onLdapAfterRead($adapter, &$attributes, $options = array())
{
if (!$this->doSetup()) {
return;
}
$details = array();
$return = array();
$groups = array();
/* Firstly, we need to check if there are any initial groups discovered
* if a forward lookup is being used. If not then we need to find these
* initial groups first.
*/
if ($this->lookup_type === self::LOOKUP_FORWARD) {
/*
* Attempt to do a forward lookup if the Ldap user group attributes are
* not present. Though in most cases, they should be present.
*/
if (!isset($attributes[$this->memberof_attribute])) {
// We cannot get any more information if there is no source user DN
if (is_null($adapter->getId(false))) {
return false;
}
// Add to the user attribute request for an Ldap read
$details[] = $this->memberof_attribute;
$return = $details;
} else {
if (!count($attributes[$this->memberof_attribute])) {
// There are no groups to process for this user (or the parameter was set incorrectly)
return true;
}
// Yes we have groups already, we just need to check for recursion if required laters
$groups = $attributes[$this->memberof_attribute];
}
} else {
// Attempt to do a reverse lookup
$return[] = $this->member_attribute;
// The following will only execute if the attributes doesnt have what is required for reverse lookup
if (!isset($attributes[$this->member_dn]) || is_null($this->member_dn)) {
// We cannot get any more information if there is no source user DN
if (is_null($adapter->getId(false))) {
return false;
}
// This will indicate another ldap read later
$details[] = $this->member_dn;
}
}
// Lets get our result ready
$return = array_fill_keys($return, null);
$result = null;
if (count($details)) {
// Get our ldap user attributes and check we have a valid result
$result = $adapter->client->read($adapter->getId(false), null, $details);
}
if (!count($groups)) {
// Need to process first level user groups from the ldap result
if ($this->lookup_type === self::LOOKUP_FORWARD) {
// Forward lookup: all we need is the user group values
$groups = $result->getAttribute(0, $this->memberof_attribute, array());
} else {
// Reverse lookup: have to find the groups with the user dn present
$lookupValue = is_null($result) ? $attributes[$this->member_dn][0] : $result->getValue(0, $this->member_dn, 0);
// Build the search filter for this
$search = $this->member_attribute . '=' . $lookupValue;
$search = SHLDAPHelper::buildFilter(array($search));
// Find all the groups that have this user present as a member
if (($reverse = $adapter->client->search(null, $search, array('dn'))) !== false) {
for ($i = 0; $i < $reverse->countEntries(); ++$i) {
// Extract the group distinguished name from the result
$groups[] = $reverse->getDN($i);
}
}
}
}
// Need to process the recursion using the initial groups as a basis
if ($this->recursion && count($groups)) {
// Check if the Adapter is LDAP based
if ($adapter::getType('LDAP')) {
$outcome = array();
if ($this->lookup_type === self::LOOKUP_REVERSE) {
// We need to override the lookup attribute for reverse recursion
self::getRecursiveGroups($adapter->client, $groups, $this->recursion_depth, $outcome, 'dn', $this->member_attribute);
} else {
self::getRecursiveGroups($adapter->client, $groups, $this->recursion_depth, $outcome, $this->memberof_attribute, $this->dn_attribute);
}
// We need to merge them back together without duplicates
$groups = array_unique(array_merge($groups, $outcome));
}
}
// Lets store the groups
$groups = array_values($groups);
$attributes[$this->lookup_type === self::LOOKUP_FORWARD ? $this->memberof_attribute : $this->member_attribute] = $groups;
return true;
}
