/** * Gets the LDAP and TYPO3 user groups for a given user. * * @param array $ldapUser LDAP user data * @param array $configuration LDAP configuration * @param string $groupTable Name of the group table (should normally be either "be_groups" or "fe_groups") * @return array|NULL Array of groups or NULL if required LDAP groups are missing * @throws \Causal\IgLdapSsoAuth\Exception\InvalidUserGroupTableException */ public static function getUserGroups(array $ldapUser, array $configuration = NULL, $groupTable = '') { if ($configuration === NULL) { $configuration = static::$config; } if (empty($groupTable)) { if (isset(static::$authenticationService)) { $groupTable = static::$authenticationService->authInfo['db_groups']['table']; } else { if (TYPO3_MODE === 'BE') { $groupTable = 'be_groups'; } else { $groupTable = 'fe_groups'; } } } // User is valid only if exist in TYPO3. // Get LDAP groups from LDAP user. $typo3_groups = array(); $ldapGroups = static::getLdapGroups($ldapUser); unset($ldapGroups['count']); /** @var \TYPO3\CMS\Extbase\Domain\Model\BackendUserGroup[]|\TYPO3\CMS\Extbase\Domain\Model\FrontendUserGroup[] $requiredLDAPGroups */ $requiredLDAPGroups = Configuration::getValue('requiredLDAPGroups'); if (count($ldapGroups) === 0) { if (count($requiredLDAPGroups) > 0) { return NULL; } } else { // Get pid from group mapping $typo3GroupPid = Configuration::getPid($configuration['groups']['mapping']); $typo3GroupsTemp = static::getTypo3Groups($ldapGroups, $groupTable, $typo3GroupPid); if (count($requiredLDAPGroups) > 0) { $hasRequired = FALSE; $groupUids = array(); foreach ($typo3GroupsTemp as $typo3Group) { $groupUids[] = $typo3Group['uid']; } foreach ($requiredLDAPGroups as $group) { if (in_array($group->getUid(), $groupUids)) { $hasRequired = TRUE; break; } } if (!$hasRequired) { return NULL; } } if (Configuration::getValue('IfGroupExist') && count($typo3GroupsTemp) === 0) { return array(); } $i = 0; foreach ($typo3GroupsTemp as $typo3Group) { if (Configuration::getValue('GroupsNotSynchronize') && !$typo3Group['uid']) { // Groups should not get synchronized and the current group is invalid continue; } if (Configuration::getValue('GroupsNotSynchronize')) { $typo3_groups[] = $typo3Group; } elseif (!$typo3Group['uid']) { $newGroup = Typo3GroupRepository::add($groupTable, $typo3Group); $typo3_group_merged = static::merge($ldapGroups[$i], $newGroup, $configuration['groups']['mapping']); Typo3GroupRepository::update($groupTable, $typo3_group_merged); $typo3Group = Typo3GroupRepository::fetch($groupTable, $typo3_group_merged['uid']); $typo3_groups[] = $typo3Group[0]; } else { // Restore group that may have been previously deleted $typo3Group['deleted'] = 0; $typo3_group_merged = static::merge($ldapGroups[$i], $typo3Group, $configuration['groups']['mapping']); Typo3GroupRepository::update($groupTable, $typo3_group_merged); $typo3Group = Typo3GroupRepository::fetch($groupTable, $typo3_group_merged['uid']); $typo3_groups[] = $typo3Group[0]; } $i++; } } // Hook for processing the groups if (is_array($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['ig_ldap_sso_auth']['getGroupsProcessing'])) { foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['ig_ldap_sso_auth']['getGroupsProcessing'] as $className) { /** @var $postProcessor \Causal\IgLdapSsoAuth\Utility\GetGroupsProcessorInterface */ $postProcessor = GeneralUtility::getUserObj($className); if ($postProcessor instanceof \Causal\IgLdapSsoAuth\Utility\GetGroupsProcessorInterface) { $postProcessor->getUserGroups($groupTable, $ldapUser, $typo3_groups); } else { throw new \RuntimeException('Processor ' . get_class($postProcessor) . ' must implement the \\Causal\\IgLdapSsoAuth\\Utility\\GetGroupsProcessorInterface interface', 1431340191); } } } return $typo3_groups; }
/** * Sets the parent groups for a given TYPO3 user group record. * * @param array $ldapParentGroups * @param string $fieldParent * @param int $childUid * @param int $pid * @param string $mode * @return void * @throws \Causal\IgLdapSsoAuth\Exception\InvalidUserGroupTableException */ protected function setParentGroup(array $ldapParentGroups, $fieldParent, $childUid, $pid, $mode) { $subGroupList = array(); if ($mode === 'be') { $table = 'be_groups'; $config = Configuration::getBackendConfiguration(); } else { $table = 'fe_groups'; $config = Configuration::getFrontendConfiguration(); } foreach ($ldapParentGroups as $parentDn) { $typo3ParentGroup = Typo3GroupRepository::fetch($table, FALSE, $pid, $parentDn); if (is_array($typo3ParentGroup[0])) { if (!empty($typo3ParentGroup[0]['subgroup'])) { $subGroupList = GeneralUtility::trimExplode(',', $typo3ParentGroup[0]['subgroup']); } $subGroupList[] = $childUid; $subGroupList = array_unique($subGroupList); $typo3ParentGroup[0]['subgroup'] = implode(',', $subGroupList); Typo3GroupRepository::update($table, $typo3ParentGroup[0]); } else { $filter = '(&' . Configuration::replaceFilterMarkers($config['groups']['filter']) . '&(distinguishedName=' . $parentDn . '))'; $attributes = Configuration::getLdapAttributes($config['groups']['mapping']); $ldapGroups = Ldap::getInstance()->search($config['groups']['basedn'], $filter, $attributes); unset($ldapGroups['count']); if (count($ldapGroups) > 0) { $pid = Configuration::getPid($config['groups']['mapping']); // Populate an array of TYPO3 group records corresponding to the LDAP groups // If a given LDAP group has no associated group in TYPO3, a fresh record // will be created so that $ldapGroups[i] <=> $typo3Groups[i] $typo3Groups = Authentication::getTypo3Groups($ldapGroups, $table, $pid); foreach ($ldapGroups as $index => $ldapGroup) { $typo3Group = Authentication::merge($ldapGroup, $typo3Groups[$index], $config['groups']['mapping']); $typo3Group['subgroup'] = $childUid; $typo3Group = Typo3GroupRepository::add($table, $typo3Group); if (is_array($ldapGroup[$fieldParent])) { unset($ldapGroup[$fieldParent]['count']); $this->setParentGroup($ldapGroup[$fieldParent], $fieldParent, $typo3Group['uid'], $pid, $mode); } } } } } }