/**
* Create a new user
*
* When creating a user we also need to create a lot of default models and
* set permissions for this user. This function creates the user with permissions
* and the right models in one go.
*
* @param array $attributes
* @param array $groups array of group names array('Internal','Some group');
* @param array $modulePermissionLevels array('calendar'=>1,'projects'=>4)
* @return User
*/
public static function newInstance($attributes, $groups = array(), $modulePermissionLevels = array())
{
$user = new User();
$user->setAttributes($attributes);
$user->save();
$user->addToGroups($groups);
foreach ($modulePermissionLevels as $module => $permissionLevel) {
GO::modules()->{$module}->acl->addUser($user->id, $permissionLevel);
}
$user->checkDefaultModels();
return $user;
}
/**
*
* @param \GO\Base\Ldap\Record $user
* @param type $password
* @return \GO\Base\Model\User
*/
public function syncUserWithLdapRecord(\GO\Base\Ldap\Record $record, $password = null)
{
//disable password validation because we can't control the external passwords
\GO::config()->password_validate = false;
$attr = $this->getUserAttributes($record);
if (!empty($attr['exclude'])) {
\GO::debug("LDAPAUTH: User is excluded from LDAP by mapping!");
return false;
}
unset($attr['exclude']);
try {
$user = \GO\Base\Model\User::model()->findSingleByAttribute('username', $attr['username']);
if ($user) {
\GO::debug("LDAPAUTH: Group-Office user already exists.");
if (isset($password) && !$user->checkPassword($password)) {
\GO::debug('LDAPAUTH: LDAP password has been changed. Updating Group-Office database');
$user->password = $password;
}
if (empty(\GO::config()->ldap_auth_dont_update_profiles)) {
//never update the e-mail address because the user
//can't change it to something invalid.
if ($this->validateUserEmail($record, $user->email)) {
unset($attr['email']);
}
$user->setAttributes($attr);
$user->cutAttributeLengths();
\GO::debug('LDAPAUTH: updating user profile');
\GO::debug($attr);
$this->_updateContact($user, $attr);
} else {
\GO::debug('LDAPAUTH: Profile updating from LDAP is disabled');
}
if (!$user->save()) {
throw new \Exception("Could not save user: "******"\n", $user->getValidationErrors()));
}
} else {
\GO::debug("LDAPAUTH: Group-Office user does not exist. Attempting to create it.");
\GO::debug($attr);
$user = new \GO\Base\Model\User();
$user->setAttributes($attr);
$user->cutAttributeLengths();
$user->password = $password;
if (!$user->save()) {
throw new \Exception("Could not save user: "******"\n", $user->getValidationErrors()));
}
if (!empty(\GO::config()->ldap_groups)) {
$user->addToGroups(explode(',', \GO::config()->ldap_groups));
}
$this->_updateContact($user, $attr);
$user->checkDefaultModels();
}
} catch (\Exception $e) {
\GO::debug('LDAPAUTH: Failed creating user ' . $attr['username'] . ' Exception: ' . $e->getMessage(), E_USER_WARNING);
return false;
}
return $user;
}
