/**
* Sets a WordPress user's role based on their AAD group memberships
*
* @param WP_User $user
* @param string $aad_user_id The AAD object id of the user
* @param string $aad_tenant_id The AAD directory tenant ID
*
* @return WP_User|WP_Error Return the WP_User with updated rols, or WP_Error if failed.
*/
function update_wp_user_roles($user, $aad_user_id, $aad_tenant_id)
{
// Pass the settings to GraphHelper
AADSSO_GraphHelper::$settings = $this->settings;
AADSSO_GraphHelper::$tenant_id = $aad_tenant_id;
// Of the AAD groups defined in the settings, get only those where the user is a member
$group_ids = array_keys($this->settings->aad_group_to_wp_role_map);
$group_memberships = AADSSO_GraphHelper::user_check_member_groups($aad_user_id, $group_ids);
// Determine which WordPress role the AAD group corresponds to.
// TODO: Check for error in the group membership response
$role_to_set = $this->settings->default_wp_role;
if (!empty($group_memberships->value)) {
foreach ($this->settings->aad_group_to_wp_role_map as $aad_group => $wp_role) {
if (in_array($aad_group, $group_memberships->value)) {
$role_to_set = $wp_role;
break;
}
}
}
if (null != $role_to_set || "" != $role_to_set) {
// Set the role on the WordPress user
$user->set_role($role_to_set);
} else {
return new WP_Error('user_not_member_of_required_group', sprintf(__('ERROR: AAD user %s is not a member of any group granting a role.', AADSSO), $aad_user_id));
}
return $user;
}
public function get_groups()
{
static $groups = null;
if (!$this->tenant_domain) {
return;
}
if (is_null($groups)) {
AADSSO_GraphHelper::$tenant_id = $this->tenant_domain;
AADSSO_GraphHelper::$settings = $this;
$groups = AADSSO_GraphHelper::getGroups();
}
return $groups;
}
