Added support for groups and map to grav access level

2018-05-10 19:14:40 -07:00
parent d1ae2e7012
commit 07898de052
2 changed files with 36 additions and 4 deletions
--- a/blueprints.yaml
+++ b/blueprints.yaml
@@ -215,6 +215,22 @@ form:
                    type: array
                    required: true

+                default_access_levels.access.groups:
+                  classes: frontmatter
+                  type: editor
+                  label: Groups Access Level
+                  autofocus: true
+                  default: "admin:\r\n    admin:\r\n      login: true\r\n      super: true\r\n    site:\r\n      login: true\r\nuser:\r\n  site:\r\n    login: true"
+                  codemirror:
+                    mode: 'yaml'
+                    indentUnit: 2
+                    autofocus: true
+                    indentWithTabs: false
+                    lineNumbers: true
+                    styleActiveLine: true
+                    gutters: ['CodeMirror-lint-markers']
+                    lint: true
+
        tab_2:
          type: tab
          title: Instructions
--- a/login-ldap.php
+++ b/login-ldap.php
@@ -7,6 +7,7 @@ use Grav\Plugin\Login\Events\UserLoginEvent;
 use Grav\Plugin\Login\Login;
 use Symfony\Component\Ldap\Ldap;
 use Symfony\Component\Ldap\Exception\ConnectionException;
+use Symfony\Component\Yaml\Yaml;

 /**
 * Class LoginLDAPPlugin
@@ -123,6 +124,7 @@ class LoginLDAPPlugin extends Plugin
            // Set defaults with only thing we know... username provided
            $grav_user['login'] = $credentials['username'];
            $grav_user['fullname'] = $credentials['username'];
+            $user_groups = [];

            // If search_dn is set we can try to get information from LDAP
            if ($search_dn) {
@@ -157,10 +159,13 @@ class LoginLDAPPlugin extends Plugin
                    $query = $ldap->query($group_dn, 'gidnumber=' . $this->getLDAPMappedItem('gidNumber', $ldap_data));
                    $groups = array_merge($groups, $query->execute()->toArray());

-                    if ($this->config->get('plugins.login-ldap.store_ldap_data', false)) {
-                        foreach ($groups as $group) {
-                            $attributes = $group->getAttributes();
-                            $userdata['ldap']['groups'][] = array_shift($attributes['cn']);
+                    foreach ($groups as $group) {
+                        $attributes = $group->getAttributes();
+                        $user_group = array_shift($attributes['cn']);
+                        $user_groups[] = $user_group;
+
+                        if ($this->config->get('plugins.login-ldap.store_ldap_data', false)) {
+                            $userdata['ldap']['groups'][] = $user_group;
                        }
                    }
                }
@@ -190,6 +195,17 @@ class LoginLDAPPlugin extends Plugin
                }
            }

+            // Give Admin Access
+            $admin_access = $this->config->get('plugins.login-ldap.default_access_levels.access.groups');
+            if ($admin_access && count($user_groups) && strlen($admin_access) > 0) {
+                $groups_access = Yaml::parse($admin_access);
+                foreach ($groups_access as $key => $group_access) {
+                    if (in_array($key, $user_groups)) {
+                        $grav_user->merge(['access' => $group_access]);
+                    }
+                }
+            }
+
            // Optional save
            if ($this->config->get('plugins.login-ldap.save_grav_user', false)) {
                $grav_user->save();