Added setting that makes possible any new LDAP user to be Manager by default
This commit is contained in:
JayBeeDe
GitHub
parent
5c9b73006d
commit
e3e9cabd8b
|
|
@ -121,25 +121,27 @@ class User
|
|||
*/
|
||||
protected function getRole(array $groupIds)
|
||||
{
|
||||
if (! $this->hasGroupsConfigured()) {
|
||||
return null;
|
||||
}
|
||||
$role = Role::APP_USER;
|
||||
|
||||
// Init with smallest role
|
||||
$role = Role::APP_USER ;
|
||||
if (! $this->hasGroupsConfigured()) {
|
||||
if (LDAP_USER_DEFAULT_ROLE_MANAGER) {
|
||||
$role = Role::APP_MANAGER;
|
||||
} else {
|
||||
$role = Role::APP_USER;
|
||||
}
|
||||
return $role;
|
||||
}
|
||||
|
||||
foreach ($groupIds as $groupId) {
|
||||
$groupId = strtolower($groupId);
|
||||
|
||||
if ($groupId === strtolower($this->getGroupAdminDn())) {
|
||||
// Highest role found : we can and we must exit the loop
|
||||
$role = Role::APP_ADMIN;
|
||||
break;
|
||||
}
|
||||
|
||||
if ($groupId === strtolower($this->getGroupManagerDn())) {
|
||||
// Intermediate role found : we must continue to loop, maybe admin role after ?
|
||||
$role = Role::APP_MANAGER;
|
||||
$role = Role::APP_MANAGER;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -81,6 +81,7 @@ defined('LDAP_USER_ATTRIBUTE_GROUPS') or define('LDAP_USER_ATTRIBUTE_GROUPS', ge
|
|||
defined('LDAP_USER_ATTRIBUTE_PHOTO') or define('LDAP_USER_ATTRIBUTE_PHOTO', getenv('LDAP_USER_ATTRIBUTE_PHOTO') ?: '');
|
||||
defined('LDAP_USER_ATTRIBUTE_LANGUAGE') or define('LDAP_USER_ATTRIBUTE_LANGUAGE', getenv('LDAP_USER_ATTRIBUTE_LANGUAGE') ?: '');
|
||||
defined('LDAP_USER_CREATION') or define('LDAP_USER_CREATION', getenv('LDAP_USER_CREATION') ? strtolower(getenv('LDAP_USER_CREATION')) === 'true' : true);
|
||||
defined('LDAP_USER_DEFAULT_ROLE_MANAGER') or define('LDAP_USER_DEFAULT_ROLE_MANAGER', getenv('LDAP_USER_DEFAULT_ROLE_MANAGER') ? strtolower(getenv('LDAP_USER_DEFAULT_ROLE_MANAGER')) === 'true' : false);
|
||||
|
||||
defined('LDAP_GROUP_ADMIN_DN') or define('LDAP_GROUP_ADMIN_DN', getenv('LDAP_GROUP_ADMIN_DN') ?: '');
|
||||
defined('LDAP_GROUP_MANAGER_DN') or define('LDAP_GROUP_MANAGER_DN', getenv('LDAP_GROUP_MANAGER_DN') ?: '');
|
||||
|
|
|
|||
|
|
@ -161,6 +161,9 @@ define('LDAP_USER_ATTRIBUTE_LANGUAGE', '');
|
|||
// Allow automatic LDAP user creation
|
||||
define('LDAP_USER_CREATION', true);
|
||||
|
||||
// Set new user as Manager
|
||||
define('LDAP_USER_DEFAULT_ROLE_MANAGER', false);
|
||||
|
||||
// LDAP DN for administrators
|
||||
// Example: CN=Kanboard-Admins,CN=Users,DC=kanboard,DC=local
|
||||
define('LDAP_GROUP_ADMIN_DN', '');
|
||||
|
|
|
|||
|
|
@ -136,7 +136,7 @@ class LdapUserTest extends Base
|
|||
$this->assertEquals('my_ldap_user', $user->getUsername());
|
||||
$this->assertEquals('My LDAP user', $user->getName());
|
||||
$this->assertEquals('user1@localhost', $user->getEmail());
|
||||
$this->assertEquals(null, $user->getRole());
|
||||
$this->assertEquals(Role::APP_USER, $user->getRole());
|
||||
$this->assertSame('', $user->getPhoto());
|
||||
$this->assertEquals(array(), $user->getExternalGroupIds());
|
||||
$this->assertEquals(array('is_ldap_user' => 1), $user->getExtraAttributes());
|
||||
|
|
|
|||
Loading…
Reference in New Issue