user->groups()->recursive()->exists($groupClass::findByAnrOrFail($extraFilter)); } $head = strtolower(DistinguishedName::make($extraFilter)->head()); Log::debug(sprintf('UserDefinedRule: Head is "%s"', $head)); // If the head of the DN we've been given is an OU, we will assume // the developer is looking to filter users based on hierarchy. // Otherwise, we'll attempt locating a group by the given // group filter and checking the users group membership. if ('ou' === $head) { Log::debug('UserDefinedRule: Will return if user is a descendant of.'); return $this->user->isDescendantOf($extraFilter); } Log::debug('UserDefinedRule: Will return if user exists in group.'); return $this->user->groups()->recursive()->exists($groupClass::findOrFail($extraFilter)); } }