jannik/grav-plugin-login-ldap
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added support for groups and map to grav access level

Browse Source
This commit is contained in:
Djamil Legato
2018-05-10 19:14:40 -07:00
parent d1ae2e7012
commit 07898de052
2 changed files with 36 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
blueprints.yaml
View File

@@ -215,6 +215,22 @@ form:
type: array type: array
required: true required: true
default_access_levels.access.groups:
classes: frontmatter
type: editor
label: Groups Access Level
autofocus: true
default: "admin:\r\n admin:\r\n login: true\r\n super: true\r\n site:\r\n login: true\r\nuser:\r\n site:\r\n login: true"
codemirror:
mode: 'yaml'
indentUnit: 2
autofocus: true
indentWithTabs: false
lineNumbers: true
styleActiveLine: true
gutters: ['CodeMirror-lint-markers']
lint: true
tab_2: tab_2:
type: tab type: tab
title: Instructions title: Instructions

20
login-ldap.php
View File

@@ -7,6 +7,7 @@ use Grav\Plugin\Login\Events\UserLoginEvent;
use Grav\Plugin\Login\Login; use Grav\Plugin\Login\Login;
use Symfony\Component\Ldap\Ldap; use Symfony\Component\Ldap\Ldap;
use Symfony\Component\Ldap\Exception\ConnectionException; use Symfony\Component\Ldap\Exception\ConnectionException;
use Symfony\Component\Yaml\Yaml;
/** /**
* Class LoginLDAPPlugin * Class LoginLDAPPlugin
@@ -123,6 +124,7 @@ class LoginLDAPPlugin extends Plugin
// Set defaults with only thing we know... username provided // Set defaults with only thing we know... username provided
$grav_user['login'] = $credentials['username']; $grav_user['login'] = $credentials['username'];
$grav_user['fullname'] = $credentials['username']; $grav_user['fullname'] = $credentials['username'];
$user_groups = [];
// If search_dn is set we can try to get information from LDAP // If search_dn is set we can try to get information from LDAP
if ($search_dn) { if ($search_dn) {
@@ -157,10 +159,13 @@ class LoginLDAPPlugin extends Plugin
$query = $ldap->query($group_dn, 'gidnumber=' . $this->getLDAPMappedItem('gidNumber', $ldap_data)); $query = $ldap->query($group_dn, 'gidnumber=' . $this->getLDAPMappedItem('gidNumber', $ldap_data));
$groups = array_merge($groups, $query->execute()->toArray()); $groups = array_merge($groups, $query->execute()->toArray());
if ($this->config->get('plugins.login-ldap.store_ldap_data', false)) {
foreach ($groups as $group) { foreach ($groups as $group) {
$attributes = $group->getAttributes(); $attributes = $group->getAttributes();
$userdata['ldap']['groups'][] = array_shift($attributes['cn']); $user_group = array_shift($attributes['cn']);
$user_groups[] = $user_group;
if ($this->config->get('plugins.login-ldap.store_ldap_data', false)) {
$userdata['ldap']['groups'][] = $user_group;
} }
} }
} }
@@ -190,6 +195,17 @@ class LoginLDAPPlugin extends Plugin
} }
} }
// Give Admin Access
$admin_access = $this->config->get('plugins.login-ldap.default_access_levels.access.groups');
if ($admin_access && count($user_groups) && strlen($admin_access) > 0) {
$groups_access = Yaml::parse($admin_access);
foreach ($groups_access as $key => $group_access) {
if (in_array($key, $user_groups)) {
$grav_user->merge(['access' => $group_access]);
}
}
}
// Optional save // Optional save
if ($this->config->get('plugins.login-ldap.save_grav_user', false)) { if ($this->config->get('plugins.login-ldap.save_grav_user', false)) {
$grav_user->save(); $grav_user->save();