mirror of
https://github.com/Combodo/iTop.git
synced 2026-02-13 07:24:13 +01:00
CAS integration:
- regression fix: support patterns for the MemberOf groups filtering - activate/de-activate the profiles synchronization using the 'cas_update_profiles' configuration flag - provide default profile(s) when creating a new user from CAS, only if no match is found for assigning profiles from the CAS MemberOf group(s). SVN:1.2[1917]
This commit is contained in:
Denis Flaven
@@ -400,6 +400,15 @@ class Config
|
||||
'source_of_value' => '',
|
||||
'show_in_conf_sample' => true,
|
||||
),
|
||||
'cas_update_profiles' => array(
|
||||
'type' => 'bool',
|
||||
'description' => 'Whether or not to update the profiles of an existing user from the CAS information',
|
||||
// examples... not used (nor 'description')
|
||||
'default' => 0,
|
||||
'value' => 0,
|
||||
'source_of_value' => '',
|
||||
'show_in_conf_sample' => true,
|
||||
),
|
||||
'cas_profile_pattern' => array(
|
||||
'type' => 'string',
|
||||
'description' => 'A regular expression pattern to extract the name of the iTop profile from the name of an LDAP/CAS group',
|
||||
@@ -409,6 +418,15 @@ class Config
|
||||
'source_of_value' => '',
|
||||
'show_in_conf_sample' => true,
|
||||
),
|
||||
'cas_default_profiles' => array(
|
||||
'type' => 'string',
|
||||
'description' => 'A semi-colon separated list of iTop Profiles to use when creating a new user if no profile is retrieved from CAS',
|
||||
// examples... not used (nor 'description')
|
||||
'default' => 'Portal user',
|
||||
'value' => 'Portal user',
|
||||
'source_of_value' => '',
|
||||
'show_in_conf_sample' => true,
|
||||
),
|
||||
'cas_debug' => array(
|
||||
'type' => 'bool',
|
||||
'description' => 'Activate the CAS debug',
|
||||
|
||||
@@ -1066,7 +1066,24 @@ class CAS_SelfRegister implements iSelfRegister
|
||||
phpCAS::log("Info: user if a member of the group: ".$sGroupName);
|
||||
$sGroupName = trim(iconv('UTF-8', 'ASCII//TRANSLIT', $sGroupName)); // Remove accents and spaces as well
|
||||
$aFilteredGroupNames[] = $sGroupName;
|
||||
if (in_array($sGroupName, $aCASMemberships))
|
||||
$bIsMember = false;
|
||||
foreach($aCASMemberships as $sCASPattern)
|
||||
{
|
||||
if (self::IsPattern($sCASPattern))
|
||||
{
|
||||
if (preg_match($sCASPattern, $sGroupName))
|
||||
{
|
||||
$bIsMember = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
else if ($sPattern == $sGroupName)
|
||||
{
|
||||
$bIsMember = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
if ($bIsMember)
|
||||
{
|
||||
$bCASUserSynchro = MetaModel::GetConfig()->Get('cas_user_synchro');
|
||||
if ($bCASUserSynchro)
|
||||
@@ -1125,7 +1142,8 @@ class CAS_SelfRegister implements iSelfRegister
|
||||
*/
|
||||
public static function UpdateUser(User $oUser, $sLoginMode, $sAuthentication)
|
||||
{
|
||||
if (($sLoginMode == 'cas') && (phpCAS::hasAttribute('memberOf')))
|
||||
$bCASUpdateProfiles = MetaModel::GetConfig()->Get('cas_update_profiles');
|
||||
if (($sLoginMode == 'cas') && $bCASUpdateProfiles && (phpCAS::hasAttribute('memberOf')))
|
||||
{
|
||||
$aMemberOf = phpCAS::getAttribute('memberOf');
|
||||
if (!is_array($aMemberOf)) $aMemberOf = array($aMemberOf); // Just one entry, turn it into an array
|
||||
@@ -1249,8 +1267,28 @@ class CAS_SelfRegister implements iSelfRegister
|
||||
}
|
||||
if (count($aProfiles) == 0)
|
||||
{
|
||||
phpCAS::log("Error: no group name matches the pattern: '$sPattern'. The user '$sEmail' has no profiles in iTop, and therefore cannot be created.");
|
||||
return false;
|
||||
phpCAS::log("Info: The user '".$oUser->GetName()."' has no profiles retrieved from CAS. Default profile(s) will be used.");
|
||||
|
||||
// Second attempt: check if there is/are valid default profile(s)
|
||||
$sCASDefaultProfiles = MetaModel::GetConfig()->Get('cas_default_profiles');
|
||||
$aCASDefaultProfiles = explode(';', $sCASDefaultProfiles);
|
||||
foreach($aCASDefaultProfiles as $sDefaultProfileName)
|
||||
{
|
||||
if (array_key_exists(strtolower($sDefaultProfileName), $aAllProfiles))
|
||||
{
|
||||
$aProfiles[] = $aAllProfiles[strtolower($sDefaultProfileName)];
|
||||
}
|
||||
else
|
||||
{
|
||||
phpCAS::log("Warning: the default profile {$sDefaultProfileName} is not a valid iTop profile. Ignored.");
|
||||
}
|
||||
}
|
||||
|
||||
if (count($aProfiles) == 0)
|
||||
{
|
||||
phpCAS::log("Error: The user '".$oUser->GetName()."' has no profiles in iTop, and therefore cannot be created.");
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
// Now synchronize the profiles
|
||||
@@ -1263,7 +1301,7 @@ class CAS_SelfRegister implements iSelfRegister
|
||||
$oProfilesSet->AddObject($oLink);
|
||||
}
|
||||
$oUser->Set('profile_list', $oProfilesSet);
|
||||
phpCAS::log("Info: the user $sEmail (id=".$oUser->GetKey().") now has the following profiles: '".implode("', '", $aProfiles)."'.");
|
||||
phpCAS::log("Info: the user '".$oUser->GetName()."' (id=".$oUser->GetKey().") now has the following profiles: '".implode("', '", $aProfiles)."'.");
|
||||
return true;
|
||||
}
|
||||
/**
|
||||
|
||||
Reference in New Issue
Block a user