From 5f473b4197ef99eb9deb4a8f6d59be020833e99e Mon Sep 17 00:00:00 2001 From: Frank Dillon Date: Thu, 19 May 2005 00:24:24 +0000 Subject: [PATCH] Changed isInGroup to include LDAP checks --- lib/WebGUI/Grouping.pm | 44 +++++++++++++++++++++++++++++++++++++++--- 1 file changed, 41 insertions(+), 3 deletions(-) diff --git a/lib/WebGUI/Grouping.pm b/lib/WebGUI/Grouping.pm index 25cb0edf5..ebfe0216c 100755 --- a/lib/WebGUI/Grouping.pm +++ b/lib/WebGUI/Grouping.pm @@ -15,9 +15,11 @@ package WebGUI::Grouping; =cut use strict; +use WebGUI::Auth; use WebGUI::Cache; use WebGUI::DateTime; use WebGUI::ErrorHandler; +use WebGUI::LDAPLink; use WebGUI::Session; use WebGUI::SQL; use WebGUI::Utility; @@ -335,8 +337,8 @@ sub isInGroup { $uid = $session{user}{userId} if ($uid eq ""); ### The following several checks are to increase performance. If this section were removed, everything would continue to work as normal. return 1 if ($gid eq '7'); # everyone is in the everyone group - return 1 if ($gid eq '1' && $uid eq '1'); # visitors are in the visitors group - return 0 if ($uid eq '1'); #Visitor is in no other groups + return 1 if ($gid eq '1' && $uid eq '1'); # visitors are in the visitors group + return 0 if ($uid eq '1'); #Visitor is in no other groups return 1 if ($uid eq '3'); #Admin is in every group return 1 if ($gid eq '2' && $uid ne '1'); # if you're not a visitor, then you're a registered user ### Look to see if we've already looked up this group. @@ -357,7 +359,7 @@ sub isInGroup { } ### Get data for auxillary checks. tie %group, 'Tie::CPHash'; - %group = WebGUI::SQL->quickHash("select karmaThreshold,ipFilter,scratchFilter,databaseLinkId,dbQuery,dbCacheTimeout from groups where groupId=".quote($gid)); + %group = WebGUI::SQL->quickHash("select karmaThreshold,ipFilter,scratchFilter,databaseLinkId,dbQuery,dbCacheTimeout,ldapGroup,ldapGroupProperty,ldapRecursiveProperty from groups where groupId=".quote($gid)); ### Check IP Address if ($group{ipFilter} ne "") { $group{ipFilter} =~ s/\t//g; @@ -435,6 +437,42 @@ sub isInGroup { } } } + + ### Check external database + if ($group{ldapGroup} ne "" && $group{ldapGroupProperty} ne "") { + # skip if not logged in + unless($uid eq '1') { + my $u = WebGUI::User->new($uid); + # skip if user is not set to LDAP + if($u->authMethod eq "LDAP") { + my $auth = WebGUI::Auth->new("LDAP",$uid); + my $params = $auth->getParams(); + my $ldapLink = WebGUI::LDAPLink->new($params->{ldapConnection}); + if($ldapLink ne "") { + my $people = []; + if($group{ldapRecursiveProperty}) { + $ldapLink->recurseProperty($group{ldapGroup},$people,$group{ldapGroupProperty},$group{ldapRecursiveProperty}); + }else { + $people = $ldapLink->getProperty($group{ldapGroup},$group{ldapGroupProperty}); + } + + if(isIn($params->{connectDN},@{$people})) { + $session{isInGroup}{$uid}{$gid} = 1; + if ($group{dbCacheTimeout} > 10) { + WebGUI::Grouping::deleteUsersFromGroups([$uid],[$gid]); + WebGUI::Grouping::addUsersToGroups([$uid],[$gid],$group{dbCacheTimeout}); + } + } else { + $session{isInGroup}{$uid}{$gid} = 0; + WebGUI::Grouping::deleteUsersFromGroups([$uid],[$gid]) if ($group{dbCacheTimeout} > 10); + } + $ldapLink->unbind; + return 1 if ($session{isInGroup}{$uid}{$gid}); + } + } + } + } + ### Check for groups of groups. my $groups = WebGUI::Grouping::getGroupsInGroup($gid,1); foreach (@{$groups}) {