/** * Uses information in LDAP user entity to set access levels in Piwik. * * @param string $piwikLogin The username of the Piwik user whose access will be set. * @param string[] $ldapUser The LDAP entity to use when synchronizing. */ public function synchronizePiwikAccessFromLdap($piwikLogin, $ldapUser) { if (empty($this->userAccessMapper)) { return; } $userAccess = $this->userAccessMapper->getPiwikUserAccessForLdapUser($ldapUser); if (empty($userAccess)) { Log::warning("UserSynchronizer::%s: User '%s' has no access in LDAP, but access synchronization is enabled.", __FUNCTION__, $piwikLogin); return; } $this->userModel->deleteUserAccess($piwikLogin); $usersManagerApi = $this->usersManagerApi; foreach ($userAccess as $userAccessLevel => $sites) { Access::doAsSuperUser(function () use($usersManagerApi, $userAccessLevel, $sites, $piwikLogin) { if ($userAccessLevel == 'superuser') { $usersManagerApi->setSuperUserAccess($piwikLogin, true); } else { $usersManagerApi->setUserAccess($piwikLogin, $userAccessLevel, $sites); } }); } }
public function test_getPiwikUserAccessForLdapUser_IgnoresSitesThatDoNotExist() { $access = $this->userAccessMapper->getPiwikUserAccessForLdapUser(array('view' => array(15, 16, '17,18'), 'admin' => '11,12,13')); $expectedAccess = array(); $this->assertEquals($expectedAccess, $access); }