2021-10-02 14:33:14 +02:00
|
|
|
<?php
|
2021-10-02 16:58:33 +02:00
|
|
|
declare(strict_types=1);
|
2021-10-02 14:33:14 +02:00
|
|
|
|
|
|
|
|
namespace FireflyIII\Ldap\Rules;
|
|
|
|
|
|
|
|
|
|
use LdapRecord\Laravel\Auth\Rule;
|
2021-10-30 06:50:04 +02:00
|
|
|
use LdapRecord\Models\Attributes\DistinguishedName;
|
2021-10-23 08:32:33 +02:00
|
|
|
use LdapRecord\Query\ObjectNotFoundException;
|
2021-10-03 15:31:36 +02:00
|
|
|
use Log;
|
2021-10-02 14:33:14 +02:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Class UserDefinedRule
|
|
|
|
|
*/
|
|
|
|
|
class UserDefinedRule extends Rule
|
|
|
|
|
{
|
|
|
|
|
/**
|
|
|
|
|
* Check if the rule passes validation.
|
|
|
|
|
*
|
|
|
|
|
* @return bool
|
2021-10-23 08:32:33 +02:00
|
|
|
* @throws ObjectNotFoundException
|
2021-10-02 14:33:14 +02:00
|
|
|
*/
|
|
|
|
|
public function isValid()
|
|
|
|
|
{
|
|
|
|
|
$groupFilter = config('ldap.group_filter');
|
2021-10-03 15:31:36 +02:00
|
|
|
Log::debug(sprintf('UserDefinedRule with group filter "%s"', $groupFilter));
|
2021-10-30 06:50:04 +02:00
|
|
|
|
|
|
|
|
if (empty($groupFilter)) {
|
|
|
|
|
Log::debug('Group filter is empty, return true.');
|
|
|
|
|
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
Log::debug('Group filter is not empty, continue.');
|
|
|
|
|
|
|
|
|
|
// group class:
|
|
|
|
|
// use ;
|
|
|
|
|
$openLDAP = class_exists(\LdapRecord\Models\OpenLDAP\Group::class) ? \LdapRecord\Models\OpenLDAP\Group::class : '';
|
|
|
|
|
$activeDirectory = class_exists(\LdapRecord\Models\ActiveDirectory\Group::class) ? \LdapRecord\Models\ActiveDirectory\Group::class : '';
|
|
|
|
|
$groupClass = env('LDAP_DIALECT') === 'OpenLDAP' ? $openLDAP : $activeDirectory;
|
|
|
|
|
|
|
|
|
|
Log::debug(sprintf('Will use group class "%s"', $groupClass));
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// We've been given an invalid group filter. We will assume the
|
|
|
|
|
// developer is using some group ANR attribute, and attempt
|
|
|
|
|
// to check the user's membership with the resulting group.
|
|
|
|
|
if (!DistinguishedName::isValid($groupFilter)) {
|
|
|
|
|
Log::debug('UserDefinedRule: Is not valid DN');
|
|
|
|
|
|
|
|
|
|
return $this->user->groups()->recursive()->exists($groupClass::findByAnrOrFail($groupFilter));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$head = strtolower(DistinguishedName::make($groupFilter)->head());
|
|
|
|
|
Log::debug(sprintf('UserDefinedRule: Head is "%s"', $head));
|
|
|
|
|
// If the head of the DN we've been given is an OU, we will assume
|
|
|
|
|
// the developer is looking to filter users based on hierarchy.
|
|
|
|
|
// Otherwise, we'll attempt locating a group by the given
|
|
|
|
|
// group filter and checking the users group membership.
|
|
|
|
|
if ('ou' === $head) {
|
|
|
|
|
Log::debug('UserDefinedRule: Will return if user is a descendant of.');
|
|
|
|
|
|
|
|
|
|
return $this->user->isDescendantOf($groupFilter);
|
2021-10-02 14:33:14 +02:00
|
|
|
}
|
2021-10-30 06:50:04 +02:00
|
|
|
Log::debug('UserDefinedRule: Will return if user exists in group.');
|
2021-10-02 14:33:14 +02:00
|
|
|
|
2021-10-30 06:50:04 +02:00
|
|
|
return $this->user->groups()->recursive()->exists($groupClass::findOrFail($groupFilter));
|
|
|
|
|
//
|
|
|
|
|
//
|
|
|
|
|
// // old
|
|
|
|
|
// $groupFilter = config('ldap.group_filter');
|
|
|
|
|
//
|
|
|
|
|
// if (null !== $groupFilter && '' !== (string)$groupFilter) {
|
|
|
|
|
//
|
|
|
|
|
//
|
|
|
|
|
// return $this->user->groups()->recursive()->exists(Group::findOrFail($groupFilter));
|
|
|
|
|
// }
|
|
|
|
|
// Log::debug('Group filter is empty or NULL, so will return true.');
|
|
|
|
|
//
|
|
|
|
|
// return true;
|
2021-10-02 14:33:14 +02:00
|
|
|
}
|
|
|
|
|
}
|
