/**
* Uses information in LDAP user entity to set access levels in Piwik.
*
* @param string $piwikLogin The username of the Piwik user whose access will be set.
* @param string[] $ldapUser The LDAP entity to use when synchronizing.
*/
public function synchronizePiwikAccessFromLdap($piwikLogin, $ldapUser)
{
if (empty($this->userAccessMapper)) {
return;
}
$userAccess = $this->userAccessMapper->getPiwikUserAccessForLdapUser($ldapUser);
if (empty($userAccess)) {
Log::warning("UserSynchronizer::%s: User '%s' has no access in LDAP, but access synchronization is enabled.", __FUNCTION__, $piwikLogin);
return;
}
$this->userModel->deleteUserAccess($piwikLogin);
$usersManagerApi = $this->usersManagerApi;
foreach ($userAccess as $userAccessLevel => $sites) {
Access::doAsSuperUser(function () use($usersManagerApi, $userAccessLevel, $sites, $piwikLogin) {
if ($userAccessLevel == 'superuser') {
$usersManagerApi->setSuperUserAccess($piwikLogin, true);
} else {
$usersManagerApi->setUserAccess($piwikLogin, $userAccessLevel, $sites);
}
});
}
}
public function test_getPiwikUserAccessForLdapUser_IgnoresSitesThatDoNotExist()
{
$access = $this->userAccessMapper->getPiwikUserAccessForLdapUser(array('view' => array(15, 16, '17,18'), 'admin' => '11,12,13'));
$expectedAccess = array();
$this->assertEquals($expectedAccess, $access);
}
