public function updateUserObject(&$userObject) { parent::updateUserObject($userObject); if (!empty($this->separateGroup)) { $userObject->setGroupPath("/" . $this->separateGroup); } // SHOULD BE DEPRECATED if (!empty($this->customParamsMapping)) { $checkValues = array_values($this->customParamsMapping); $prefs = $userObject->getPref("CUSTOM_PARAMS"); if (!is_array($prefs)) { $prefs = array(); } // If one value exist, we consider the mapping has already been done. foreach ($checkValues as $val) { if (array_key_exists($val, $prefs)) { return; } } $changes = false; $entries = $this->getUserEntries($userObject->getId()); if ($entries["count"]) { $entry = $entries[0]; foreach ($this->customParamsMapping as $key => $value) { if (isset($entry[$key])) { $prefs[$value] = $entry[$key][0]; $changes = true; } } } if ($changes) { $userObject->setPref("CUSTOM_PARAMS", $prefs); $userObject->save(); } } if (!empty($this->paramsMapping)) { $changes = false; $entries = $this->getUserEntries($userObject->getId()); if ($entries["count"]) { $entry = $entries[0]; foreach ($this->paramsMapping as $params) { $key = strtolower($params['MAPPING_LDAP_PARAM']); if (isset($entry[$key])) { $value = $entry[$key][0]; $memberValues = array(); if ($key == "memberof") { // get CN from value foreach ($entry[$key] as $possibleValue) { $hnParts = array(); $parts = explode(",", ltrim($possibleValue, '/')); foreach ($parts as $part) { list($att, $attVal) = explode("=", $part); //if (strtolower($att) == "cn") $hnParts[] = $attVal; /* * In the example above, 1st CN indicates the name of group, from 2nd, CN indicate a container, * therefore, we just take the first "cn" element by breaking the for if we found. * */ if (strtolower($att) == "cn") { $hnParts[] = $attVal; break; } } if (count($hnParts)) { $memberValues[implode(",", $hnParts)] = $possibleValue; } } } switch ($params['MAPPING_LOCAL_TYPE']) { case "role_id": $valueFilters = null; $matchFilter = null; $filter = $params["MAPPING_LOCAL_PARAM"]; if (strpos($filter, "preg:") !== false) { $matchFilter = "/" . str_replace("preg:", "", $filter) . "/i"; } else { if (!empty($filter)) { $valueFilters = array_map("trim", explode(",", $filter)); } } if ($key == "memberof") { if (empty($valueFilters)) { $valueFilters = $this->getLdapGroupListFromDN(); } if ($this->mappedRolePrefix) { $rolePrefix = $this->mappedRolePrefix; } else { $rolePrefix = ""; } $userroles = $userObject->getRoles(); //remove all mapped roles before if (is_array($userroles)) { foreach ($userroles as $key => $role) { if (AuthService::getRole($key) && !(strpos($key, $this->mappedRolePrefix) === false)) { $userObject->removeRole($key); } } } $userObject->recomputeMergedRole(); foreach ($memberValues as $uniqValue => $fullDN) { $uniqValueWithPrefix = $rolePrefix . $uniqValue; if (isset($matchFilter) && !preg_match($matchFilter, $uniqValueWithPrefix)) { continue; } if (isset($valueFilters) && !in_array($uniqValueWithPrefix, $valueFilters)) { continue; } $roleToAdd = AuthService::getRole($uniqValueWithPrefix, true); $roleToAdd->setLabel($uniqValue); AuthService::updateRole($roleToAdd); $userObject->addRole($roleToAdd); $changes = true; } } else { foreach ($entry[$key] as $uniqValue) { if (isset($matchFilter) && !preg_match($matchFilter, $uniqValue)) { continue; } if (isset($valueFilters) && !in_array($uniqValue, $valueFilters)) { continue; } if (!in_array($uniqValue, array_keys($userObject->getRoles())) && !empty($uniqValue)) { $userObject->addRole(AuthService::getRole($uniqValue, true)); $changes = true; } } } break; case "group_path": if ($key == "memberof") { $filter = $params["MAPPING_LOCAL_PARAM"]; if (strpos($filter, "preg:") !== false) { $matchFilter = "/" . str_replace("preg:", "", $filter) . "/i"; } else { if (!empty($filter)) { $valueFilters = array_map("trim", explode(",", $filter)); } } foreach ($memberValues as $uniqValue => $fullDN) { if (isset($matchFilter) && !preg_match($matchFilter, $uniqValue)) { continue; } if (isset($valueFilters) && !in_array($uniqValue, $valueFilters)) { continue; } if ($userObject->personalRole->filterParameterValue("auth.ldap", "MEMBER_OF", AJXP_REPO_SCOPE_ALL, "") == $fullDN) { //break; } $humanName = $uniqValue; $branch = array(); $this->buildGroupBranch($uniqValue, $branch); $parent = "/"; if (count($branch)) { $parent = "/" . implode("/", array_reverse($branch)); } if (!ConfService::getConfStorageImpl()->groupExists(rtrim(AuthService::filterBaseGroup($parent), "/") . "/" . $fullDN)) { AuthService::createGroup($parent, $fullDN, $humanName); } $userObject->setGroupPath(rtrim($parent, "/") . "/" . $fullDN, true); // Update Roles from groupPath $b = array_reverse($branch); $b[] = $fullDN; for ($i = 1; $i <= count($b); $i++) { $userObject->addRole(AuthService::getRole("AJXP_GRP_/" . implode("/", array_slice($b, 0, $i)), true)); } $userObject->personalRole->setParameterValue("auth.ldap", "MEMBER_OF", $fullDN); $userObject->recomputeMergedRole(); $changes = true; } } break; case "profile": if ($userObject->getProfile() != $value) { $changes = true; $userObject->setProfile($value); AuthService::updateAutoApplyRole($userObject); } break; case "plugin_param": default: if (strpos($params["MAPPING_LOCAL_PARAM"], "/") !== false) { list($pId, $param) = explode("/", $params["MAPPING_LOCAL_PARAM"]); } else { $pId = $this->getId(); $param = $params["MAPPING_LOCAL_PARAM"]; } if ($userObject->personalRole->filterParameterValue($pId, $param, AJXP_REPO_SCOPE_ALL, "") != $value) { $userObject->personalRole->setParameterValue($pId, $param, $value); $userObject->recomputeMergedRole(); $changes = true; } break; } } } } if ($changes) { $userObject->save("superuser"); } } }
/** * Instantiate a new AbstractAjxpUser * * @param String $userId * @return AbstractAjxpUser */ public function createUserObject($userId) { $kvCache = ConfService::getInstance()->getKeyValueCache(); $test = $kvCache->fetch("pydio:user:"******"AbstractAjxpUser")) { if ($test->personalRole == null) { $test->personalRole = $test->roles["AJXP_USR_/" . $userId]; } $test->recomputeMergedRole(); return $test; } $userId = AuthService::filterUserSensitivity($userId); $abstractUser = $this->instantiateAbstractUserImpl($userId); if (!$abstractUser->storageExists()) { AuthService::updateDefaultRights($abstractUser); } AuthService::updateAutoApplyRole($abstractUser); AuthService::updateAuthProvidedData($abstractUser); $args = array(&$abstractUser); AJXP_Controller::applyIncludeHook("include.user.updateUserObject", $args); $kvCache->save("pydio:user:" . $userId, $abstractUser); return $abstractUser; }
/** * Instantiate a new AbstractAjxpUser * * @param String $userId * @return AbstractAjxpUser */ public function createUserObject($userId) { $userId = AuthService::filterUserSensitivity($userId); $abstractUser = $this->instantiateAbstractUserImpl($userId); if (!$abstractUser->storageExists()) { AuthService::updateDefaultRights($abstractUser); } AuthService::updateAutoApplyRole($abstractUser); AuthService::updateAuthProvidedData($abstractUser); return $abstractUser; }
public function updateUserObject(&$userObject) { if (!empty($this->separateGroup)) { $userObject->setGroupPath("/" . $this->separateGroup); } // SHOULD BE DEPRECATED if (!empty($this->customParamsMapping)) { $checkValues = array_values($this->customParamsMapping); $prefs = $userObject->getPref("CUSTOM_PARAMS"); if (!is_array($prefs)) { $prefs = array(); } // If one value exist, we consider the mapping has already been done. foreach ($checkValues as $val) { if (array_key_exists($val, $prefs)) { return; } } $changes = false; $entries = $this->getUserEntries($userObject->getId()); if ($entries["count"]) { $entry = $entries[0]; foreach ($this->customParamsMapping as $key => $value) { if (isset($entry[$key])) { $prefs[$value] = $entry[$key][0]; $changes = true; } } } if ($changes) { $userObject->setPref("CUSTOM_PARAMS", $prefs); $userObject->save(); } } if (!empty($this->paramsMapping)) { $changes = false; $entries = $this->getUserEntries($userObject->getId()); if ($entries["count"]) { $entry = $entries[0]; foreach ($this->paramsMapping as $params) { $key = strtolower($params['MAPPING_LDAP_PARAM']); if (isset($entry[$key])) { $value = $entry[$key][0]; $memberValues = array(); if ($key == "memberof") { // get CN from value foreach ($entry[$key] as $possibleValue) { $hnParts = array(); $parts = explode(",", ltrim($possibleValue, '/')); foreach ($parts as $part) { list($att, $attVal) = explode("=", $part); if (strtolower($att) == "cn") { $hnParts[] = $attVal; } } if (count($hnParts)) { $memberValues[implode(",", $hnParts)] = $possibleValue; } } } switch ($params['MAPPING_LOCAL_TYPE']) { case "role_id": if ($key == "memberof") { foreach ($memberValues as $uniqValue => $fullDN) { if (!in_array($uniqValue, array_keys($userObject->getRoles()))) { $userObject->addRole(AuthService::getRole($uniqValue, true)); $userObject->recomputeMergedRole(); $changes = true; } } } break; case "group_path": if ($key == "memberof") { $filter = $params["MAPPING_LOCAL_PARAM"]; if (strpos($filter, "preg:") !== false) { $matchFilter = "/" . str_replace("preg:", "", $filter) . "/i"; } else { if (!empty($filter)) { $valueFilters = array_map("trim", explode(",", $filter)); } } foreach ($memberValues as $uniqValue => $fullDN) { if (isset($matchFilter) && !preg_match($matchFilter, $uniqValue)) { continue; } if (isset($valueFilters) && !in_array($uniqValue, $valueFilters)) { continue; } if ($userObject->personalRole->filterParameterValue("auth.ldap", "MEMBER_OF", AJXP_REPO_SCOPE_ALL, "") == $fullDN) { //break; } $humanName = $uniqValue; $branch = array(); $this->buildGroupBranch($uniqValue, $branch); $parent = "/"; if (count($branch)) { $parent = "/" . implode("/", array_reverse($branch)); } AuthService::createGroup($parent, $fullDN, $humanName); $userObject->setGroupPath(rtrim($parent, "/") . "/" . $fullDN, true); // Update Roles from groupPath $b = array_reverse($branch); $b[] = $fullDN; for ($i = 1; $i <= count($b); $i++) { $userObject->addRole(AuthService::getRole("AJXP_GRP_/" . implode("/", array_slice($b, 0, $i)), true)); } $userObject->personalRole->setParameterValue("auth.ldap", "MEMBER_OF", $fullDN); $userObject->recomputeMergedRole(); $changes = true; } } break; case "profile": if ($userObject->getProfile() != $value) { $changes = true; $userObject->setProfile($value); AuthService::updateAutoApplyRole($userObject); } break; case "plugin_param": default: if (strpos($params["MAPPING_LOCAL_PARAM"], "/") !== false) { list($pId, $param) = explode("/", $params["MAPPING_LOCAL_PARAM"]); } else { $pId = $this->getId(); $param = $params["MAPPING_LOCAL_PARAM"]; } if ($userObject->personalRole->filterParameterValue($pId, $param, AJXP_REPO_SCOPE_ALL, "") != $value) { $userObject->personalRole->setParameterValue($pId, $param, $value); $userObject->recomputeMergedRole(); $changes = true; } break; } } } } if ($changes) { $userObject->save("superuser"); } } }