AS1024/Kanboard-Prod
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix role precedence in LDAP integration

Browse Source
This commit is contained in:
DebianRoxx
2018-03-08 22:20:33 +01:00
committed by Frédéric Guillot
parent a66d080698
commit d34a5c50c4
2 changed files with 24 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
app/Core/Ldap/User.php
View File

@@ -120,17 +120,25 @@ class User
return null;
}
// Init with smallest role
$role = Role::APP_USER ;
foreach ($groupIds as $groupId) {
$groupId = strtolower($groupId);
if ($groupId === strtolower($this->getGroupAdminDn())) {
return Role::APP_ADMIN;
} elseif ($groupId === strtolower($this->getGroupManagerDn())) {
return Role::APP_MANAGER;
// Highest role found : we can and we must exit the loop
$role = Role::APP_ADMIN;
break;
}
if ($groupId === strtolower($this->getGroupManagerDn())) {
// Intermediate role found : we must continue to loop, maybe admin role after ?
$role = Role::APP_MANAGER;
}
}
return Role::APP_USER;
return $role;
}
/**