Improve LDAP user group membership synchronization

app/Core/User/GroupSync.php

@@ -16,16 +16,52 @@ class GroupSync extends Base
      * Synchronize group membership
      *
      * @access public
-     * @param  integer  $userId
-     * @param  array    $groupIds
+     * @param  integer $userId
+     * @param  array   $externalGroupIds
      */
-    public function synchronize($userId, array $groupIds)
+    public function synchronize($userId, array $externalGroupIds)
     {
-        foreach ($groupIds as $groupId) {
-            $group = $this->group->getByExternalId($groupId);
+        $userGroups = $this->groupMember->getGroups($userId);
+        $this->addGroups($userId, $userGroups, $externalGroupIds);
+        $this->removeGroups($userId, $userGroups, $externalGroupIds);
+    }
 
-            if (! empty($group) && ! $this->groupMember->isMember($group['id'], $userId)) {
-                $this->groupMember->addUser($group['id'], $userId);
+    /**
+     * Add missing groups to the user
+     *
+     * @access protected
+     * @param integer $userId
+     * @param array   $userGroups
+     * @param array   $externalGroupIds
+     */
+    protected function addGroups($userId, array $userGroups, array $externalGroupIds)
+    {
+        $userGroupIds = array_column($userGroups, 'external_id', 'external_id');
+
+        foreach ($externalGroupIds as $externalGroupId) {
+            if (! isset($userGroupIds[$externalGroupId])) {
+                $group = $this->group->getByExternalId($externalGroupId);
+
+                if (! empty($group)) {
+                    $this->groupMember->addUser($group['id'], $userId);
+                }
+            }
+        }
+    }
+
+    /**
+     * Remove groups from the user
+     *
+     * @access protected
+     * @param integer $userId
+     * @param array   $userGroups
+     * @param array   $externalGroupIds
+     */
+    protected function removeGroups($userId, array $userGroups, array $externalGroupIds)
+    {
+        foreach ($userGroups as $userGroup) {
+            if (! empty($userGroup['external_id']) && ! in_array($userGroup['external_id'], $externalGroupIds)) {
+                $this->groupMember->removeUser($userGroup['id'], $userId);
             }
         }
     }

app/Model/GroupMember.php

@@ -119,7 +119,7 @@ class GroupMember extends Base
     public function getGroups($user_id)
     {
         return $this->db->table(self::TABLE)
-            ->columns(Group::TABLE.'.id', Group::TABLE.'.name')
+            ->columns(Group::TABLE.'.id', Group::TABLE.'.external_id', Group::TABLE.'.name')
             ->join(Group::TABLE, 'id', 'group_id')
             ->eq(self::TABLE.'.user_id', $user_id)
             ->asc(Group::TABLE.'.name')