Changed isInGroup to include LDAP checks
This commit is contained in:
Frank Dillon
parent
bd0d7b114a
commit
5f473b4197
1 changed files with 41 additions and 3 deletions
|
|
@ -15,9 +15,11 @@ package WebGUI::Grouping;
|
|||
=cut
|
||||
|
||||
use strict;
|
||||
use WebGUI::Auth;
|
||||
use WebGUI::Cache;
|
||||
use WebGUI::DateTime;
|
||||
use WebGUI::ErrorHandler;
|
||||
use WebGUI::LDAPLink;
|
||||
use WebGUI::Session;
|
||||
use WebGUI::SQL;
|
||||
use WebGUI::Utility;
|
||||
|
|
@ -335,8 +337,8 @@ sub isInGroup {
|
|||
$uid = $session{user}{userId} if ($uid eq "");
|
||||
### The following several checks are to increase performance. If this section were removed, everything would continue to work as normal.
|
||||
return 1 if ($gid eq '7'); # everyone is in the everyone group
|
||||
return 1 if ($gid eq '1' && $uid eq '1'); # visitors are in the visitors group
|
||||
return 0 if ($uid eq '1'); #Visitor is in no other groups
|
||||
return 1 if ($gid eq '1' && $uid eq '1'); # visitors are in the visitors group
|
||||
return 0 if ($uid eq '1'); #Visitor is in no other groups
|
||||
return 1 if ($uid eq '3'); #Admin is in every group
|
||||
return 1 if ($gid eq '2' && $uid ne '1'); # if you're not a visitor, then you're a registered user
|
||||
### Look to see if we've already looked up this group.
|
||||
|
|
@ -357,7 +359,7 @@ sub isInGroup {
|
|||
}
|
||||
### Get data for auxillary checks.
|
||||
tie %group, 'Tie::CPHash';
|
||||
%group = WebGUI::SQL->quickHash("select karmaThreshold,ipFilter,scratchFilter,databaseLinkId,dbQuery,dbCacheTimeout from groups where groupId=".quote($gid));
|
||||
%group = WebGUI::SQL->quickHash("select karmaThreshold,ipFilter,scratchFilter,databaseLinkId,dbQuery,dbCacheTimeout,ldapGroup,ldapGroupProperty,ldapRecursiveProperty from groups where groupId=".quote($gid));
|
||||
### Check IP Address
|
||||
if ($group{ipFilter} ne "") {
|
||||
$group{ipFilter} =~ s/\t//g;
|
||||
|
|
@ -435,6 +437,42 @@ sub isInGroup {
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
### Check external database
|
||||
if ($group{ldapGroup} ne "" && $group{ldapGroupProperty} ne "") {
|
||||
# skip if not logged in
|
||||
unless($uid eq '1') {
|
||||
my $u = WebGUI::User->new($uid);
|
||||
# skip if user is not set to LDAP
|
||||
if($u->authMethod eq "LDAP") {
|
||||
my $auth = WebGUI::Auth->new("LDAP",$uid);
|
||||
my $params = $auth->getParams();
|
||||
my $ldapLink = WebGUI::LDAPLink->new($params->{ldapConnection});
|
||||
if($ldapLink ne "") {
|
||||
my $people = [];
|
||||
if($group{ldapRecursiveProperty}) {
|
||||
$ldapLink->recurseProperty($group{ldapGroup},$people,$group{ldapGroupProperty},$group{ldapRecursiveProperty});
|
||||
}else {
|
||||
$people = $ldapLink->getProperty($group{ldapGroup},$group{ldapGroupProperty});
|
||||
}
|
||||
|
||||
if(isIn($params->{connectDN},@{$people})) {
|
||||
$session{isInGroup}{$uid}{$gid} = 1;
|
||||
if ($group{dbCacheTimeout} > 10) {
|
||||
WebGUI::Grouping::deleteUsersFromGroups([$uid],[$gid]);
|
||||
WebGUI::Grouping::addUsersToGroups([$uid],[$gid],$group{dbCacheTimeout});
|
||||
}
|
||||
} else {
|
||||
$session{isInGroup}{$uid}{$gid} = 0;
|
||||
WebGUI::Grouping::deleteUsersFromGroups([$uid],[$gid]) if ($group{dbCacheTimeout} > 10);
|
||||
}
|
||||
$ldapLink->unbind;
|
||||
return 1 if ($session{isInGroup}{$uid}{$gid});
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
### Check for groups of groups.
|
||||
my $groups = WebGUI::Grouping::getGroupsInGroup($gid,1);
|
||||
foreach (@{$groups}) {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue