mirror of
https://github.com/firefly-iii/firefly-iii.git
synced 2025-09-04 03:43:07 +00:00
Improvements for https://github.com/firefly-iii/firefly-iii/issues/5133
This commit is contained in:
James Cole
@@ -4,7 +4,7 @@ declare(strict_types=1);
|
||||
namespace FireflyIII\Ldap\Rules;
|
||||
|
||||
use LdapRecord\Laravel\Auth\Rule;
|
||||
use LdapRecord\Models\ActiveDirectory\Group;
|
||||
use LdapRecord\Models\Attributes\DistinguishedName;
|
||||
use LdapRecord\Query\ObjectNotFoundException;
|
||||
use Log;
|
||||
|
||||
@@ -23,12 +23,58 @@ class UserDefinedRule extends Rule
|
||||
{
|
||||
$groupFilter = config('ldap.group_filter');
|
||||
Log::debug(sprintf('UserDefinedRule with group filter "%s"', $groupFilter));
|
||||
if (null !== $groupFilter && '' !== (string)$groupFilter) {
|
||||
Log::debug('Group filter is not empty, will now apply it.');
|
||||
return $this->user->groups()->recursive()->exists(Group::findOrFail($groupFilter));
|
||||
}
|
||||
Log::debug('Group filter is empty or NULL, so will return true.');
|
||||
|
||||
return true;
|
||||
if (empty($groupFilter)) {
|
||||
Log::debug('Group filter is empty, return true.');
|
||||
|
||||
return true;
|
||||
}
|
||||
Log::debug('Group filter is not empty, continue.');
|
||||
|
||||
// group class:
|
||||
// use ;
|
||||
$openLDAP = class_exists(\LdapRecord\Models\OpenLDAP\Group::class) ? \LdapRecord\Models\OpenLDAP\Group::class : '';
|
||||
$activeDirectory = class_exists(\LdapRecord\Models\ActiveDirectory\Group::class) ? \LdapRecord\Models\ActiveDirectory\Group::class : '';
|
||||
$groupClass = env('LDAP_DIALECT') === 'OpenLDAP' ? $openLDAP : $activeDirectory;
|
||||
|
||||
Log::debug(sprintf('Will use group class "%s"', $groupClass));
|
||||
|
||||
|
||||
// We've been given an invalid group filter. We will assume the
|
||||
// developer is using some group ANR attribute, and attempt
|
||||
// to check the user's membership with the resulting group.
|
||||
if (!DistinguishedName::isValid($groupFilter)) {
|
||||
Log::debug('UserDefinedRule: Is not valid DN');
|
||||
|
||||
return $this->user->groups()->recursive()->exists($groupClass::findByAnrOrFail($groupFilter));
|
||||
}
|
||||
|
||||
$head = strtolower(DistinguishedName::make($groupFilter)->head());
|
||||
Log::debug(sprintf('UserDefinedRule: Head is "%s"', $head));
|
||||
// If the head of the DN we've been given is an OU, we will assume
|
||||
// the developer is looking to filter users based on hierarchy.
|
||||
// Otherwise, we'll attempt locating a group by the given
|
||||
// group filter and checking the users group membership.
|
||||
if ('ou' === $head) {
|
||||
Log::debug('UserDefinedRule: Will return if user is a descendant of.');
|
||||
|
||||
return $this->user->isDescendantOf($groupFilter);
|
||||
}
|
||||
Log::debug('UserDefinedRule: Will return if user exists in group.');
|
||||
|
||||
return $this->user->groups()->recursive()->exists($groupClass::findOrFail($groupFilter));
|
||||
//
|
||||
//
|
||||
// // old
|
||||
// $groupFilter = config('ldap.group_filter');
|
||||
//
|
||||
// if (null !== $groupFilter && '' !== (string)$groupFilter) {
|
||||
//
|
||||
//
|
||||
// return $this->user->groups()->recursive()->exists(Group::findOrFail($groupFilter));
|
||||
// }
|
||||
// Log::debug('Group filter is empty or NULL, so will return true.');
|
||||
//
|
||||
// return true;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -23,21 +23,12 @@ class UserDefinedScope implements Scope
|
||||
*/
|
||||
public function apply(Builder $query, Model $model)
|
||||
{
|
||||
|
||||
Log::debug('UserDefinedScope is disabled.');
|
||||
|
||||
// scope is disabled:
|
||||
|
||||
|
||||
|
||||
/*
|
||||
$groupFilter = config('ldap.group_filter');
|
||||
Log::debug(sprintf('UserDefinedScope with group filter "%s"', $groupFilter));
|
||||
if (null !== $groupFilter && '' !== (string)$groupFilter) {
|
||||
Log::debug('UserDefinedScope: Group filter is not empty, will now apply it.');
|
||||
$query->in($groupFilter);
|
||||
}
|
||||
Log::debug('UserDefinedScope: done!');
|
||||
*/
|
||||
// $groupFilter = config('ldap.group_filter');
|
||||
// Log::debug(sprintf('UserDefinedScope with group filter "%s"', $groupFilter));
|
||||
// if (null !== $groupFilter && '' !== (string)$groupFilter) {
|
||||
// Log::debug('UserDefinedScope: Group filter is not empty, will now apply it.');
|
||||
// $query->in($groupFilter);
|
||||
// }
|
||||
// Log::debug('UserDefinedScope: done!');
|
||||
}
|
||||
}
|
||||
|
||||
@@ -22,7 +22,6 @@ declare(strict_types=1);
|
||||
|
||||
namespace FireflyIII\Providers;
|
||||
|
||||
use FireflyIII\Ldap\Scopes\UserDefinedScope;
|
||||
use FireflyIII\Support\Authentication\RemoteUserGuard;
|
||||
use FireflyIII\Support\Authentication\RemoteUserProvider;
|
||||
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
|
||||
@@ -67,12 +66,5 @@ class AuthServiceProvider extends ServiceProvider
|
||||
$this->registerPolicies();
|
||||
Passport::routes();
|
||||
Passport::tokensExpireIn(now()->addDays(14));
|
||||
|
||||
if (class_exists(\LdapRecord\Models\OpenLDAP\User::class)) {
|
||||
\LdapRecord\Models\OpenLDAP\User::addGlobalScope(
|
||||
new UserDefinedScope
|
||||
);
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user