LDAP isInGroup changes

lib/WebGUI/Asset.pm

@@ -155,6 +155,7 @@ sub canView {
 	my $userId = shift;
 	my $user =  $self->session->user;
 	$user = WebGUI::User->new($self->session, $userId) if (defined $userId);
+	my $eh = $self->session->errorHandler;
 	if ($userId eq $self->get("ownerUserId")) {
                 return 1;
         } elsif ($user->isInGroup($self->get("groupIdView"))) {

lib/WebGUI/Group.pm

@@ -532,6 +532,7 @@ sub getAllUsers {
 	push @users,
 		@{ $self->getUsers($withoutExpired) },
 		@{ $self->getDatabaseUsers() },
+		@{ $self->getLDAPUsers() },
 		@{ $self->getKarmaUsers() },
 		@{ $self->getScratchUsers() },
 		@{ $self->getIpUsers() },
@@ -586,7 +587,7 @@ sub getDatabaseUsers {
                 }
         }
 	return \@dbUsers;
-}	
+}
 
 #-------------------------------------------------------------------
 
@@ -722,6 +723,54 @@ sub getKarmaUsers {
 	my $self = shift;
 	return [] unless $self->session->setting->get('useKarma');
 	return $self->session->db->buildArrayRef('select userId from users where karma >= ?', [$self->karmaThreshold]);
+}
+
+#-------------------------------------------------------------------
+
+=head2 getLDAPUsers ( )
+
+Get the set of users allowed to be in this group via an LDAP connection.
+
+=cut
+
+sub getLDAPUsers {
+	my $self = shift;
+	my @ldapUsers = ();
+	my $gid = $self->getId;
+	### Check LDAP
+	my $ldapLinkId = $self->get("ldapLinkId");
+	my $ldapGroup = $self->get("ldapGroup");
+	my $ldapGroupProperty = $self->get("ldapGroupProperty");
+    my $ldapRecursiveProperty = $self->get("ldapRecursiveProperty");
+	
+	return [] unless ($ldapLinkId && $ldapGroup && $ldapGroupProperty);
+	
+	my $ldapLink = WebGUI::LDAPLink->new($self->session,$ldapLinkId);
+	unless ($ldapLink && $ldapLink->bind) {
+	   $self->session->errorHandler->warn("There was a problem connecting to LDAP link $ldapLinkId for group ID $gid.");
+	   return [];
+	}
+	
+	my $people = [];
+	if($ldapRecursiveProperty) {
+	   $ldapLink->recurseProperty($ldapGroup,$people,$ldapGroupProperty,$ldapRecursiveProperty);
+	} else {
+	   $people = $ldapLink->getProperty($ldapGroup,$ldapGroupProperty);
+	}
+	$ldapLink->unbind;
+    
+	foreach my $person (@{$people}) {
+	   $person =~ s/\s*,\s*/,/g;
+	   $person = lc($person);
+	   my ($userId) = $self->session->db->quickArray("select userId from authentication where authMethod='LDAP' and fieldName='connectDN' and lower(fieldData)=?",[$person]);
+	   if($userId) {
+	      push(@ldapUsers,$userId);
+	   } else {
+	      $self->session->errorHandler->warn("Could not find matching userId for dn $person in WebGUI for group $gid");
+	   }
+	}
+	
+	return \@ldapUsers;
 }	
 
 #-------------------------------------------------------------------
@@ -1079,6 +1128,27 @@ sub ldapGroupProperty {
 
 #-------------------------------------------------------------------
 
+=head2 ldapLinkId ( [ value ] )
+
+Returns the ldapLinkId for this group.
+
+=head3 value
+
+If specified, the ldapLinkId is set to this value and in-memory cached user and group data is cleared.
+
+=cut
+
+sub ldapLinkId {
+   my $self = shift;
+   my $value = shift;
+   if (defined $value) {
+      $self->set("ldapLinkId",$value);
+   }
+   return $self->get("ldapLinkId");
+}
+
+#-------------------------------------------------------------------
+
 =head2 ldapRecursiveProperty ( [ value ] )
 
 Returns the ldap group recursive property used to find groups of groups.

lib/WebGUI/User.pm

@@ -254,73 +254,34 @@ The group that you wish to verify against the user. Defaults to group with Id 3
 =cut
 
 sub isInGroup {
-        my (@data, $groupId);
-        my ($self, $gid, $secondRun) = @_;
-        $gid = 3 unless (defined $gid);
-        my $uid = $self->userId;
-        ### The following several checks are to increase performance. If this section were removed, everything would continue to work as normal. 
-        return 1 if ($gid eq '7');		# everyone is in the everyone group
-        return 1 if ($gid eq '1' && $uid eq '1'); 	# visitors are in the visitors group
-        return 1 if ($gid eq '2' && $uid ne '1'); 	# if you're not a visitor, then you're a registered user
-        ### Get data for auxillary checks.
-	my $isInGroup = $self->session->stow->get("isInGroup");
-        ### Look to see if we've already looked up this group. 
-	return $isInGroup->{$uid}{$gid} if exists $isInGroup->{$uid}{$gid};
-        ### Lookup the actual groupings.
-	my $group = WebGUI::Group->new($self->session,$gid);
-	### Check for groups of groups.
-	my $users = $group->getAllUsers();
-	foreach my $user (@{$users}) {
-		$isInGroup->{$user}{$gid} = 1;
-		if ($uid eq $user) {
-			$self->session->stow->set("isInGroup",$isInGroup);
-			return 1;
-		}
-	}
-
-	 ### Check ldap
-        if ($group->get("ldapGroup") && $group->get("ldapGroupProperty")) {
-		   # skip if not logged in
-		   unless($uid eq '1') {
-			  # skip if user is not set to LDAP
-			  if($self->authMethod eq "LDAP") {
-			     my $auth = WebGUI::Auth->new($self->session,"LDAP",$uid);
-				 my $params = $auth->getParams();
-				 my $ldapLink = WebGUI::LDAPLink->new($self->session,$params->{ldapConnection});
-				 if($ldapLink ne "") {
-					my $people = [];
-					if($group->get("ldapRecursiveProperty")) {
-					   $ldapLink->recurseProperty($group->get("ldapGroup"),$people,$group->get("ldapGroupProperty"),$group->get("ldapRecursiveProperty"));
-					} else {
-					   $people = $ldapLink->getProperty($group->get("ldapGroup"),$group->get("ldapGroupProperty"));
-					}
-					my @peeps;
-                                        my $connectDn = lc($params->{connectDN});
-                                        $connectDn =~ s/\s*,\s*/,/g;
-                                        foreach my $person (@{$people}) {
-                                                $person =~ s/\s*,\s*/,/g;
-                                                push(@peeps,lc($person));
-                                        }
-                                    if(isIn($connectDn,@peeps)) {	 
-					   $isInGroup->{$uid}{$gid} = 1;
-                       if ($group->{'groupCacheTimeout'} > 10) {
-                          $group->deleteUsers([$uid]);
-                          $group->addUsers([$uid],$group->get("groupCacheTimeout"));
-                       }
-					} else {
-					   $isInGroup->{$uid}{$gid} = 0;
-                       			   $group->deleteUsers([$uid]) if ($group->get("groupCacheTimeout") > 10);
-					}
-					$ldapLink->unbind;
-					$self->session->stow->set("isInGroup",$isInGroup);
-				    return 1 if ($isInGroup->{$uid}{$gid});
-				 }
-			  }
-		   }
-		}
-        $isInGroup->{$uid}{$gid} = 0;
-	$self->session->stow->set("isInGroup",$isInGroup);
-        return 0;
+   my (@data, $groupId);
+   my ($self, $gid, $secondRun) = @_;
+   $gid = 3 unless (defined $gid);
+   my $uid = $self->userId;
+   ### The following several checks are to increase performance. If this section were removed, everything would continue to work as normal. 
+   #my $eh = $self->session->errorHandler;
+   #$eh->warn("Group Id is: $gid for ".$tgroup->name);
+   return 1 if ($gid eq '7');		# everyone is in the everyone group
+   return 1 if ($gid eq '1' && $uid eq '1'); 	# visitors are in the visitors group
+   return 1 if ($gid eq '2' && $uid ne '1'); 	# if you're not a visitor, then you're a registered user
+   ### Get data for auxillary checks.
+   my $isInGroup = $self->session->stow->get("isInGroup");
+   ### Look to see if we've already looked up this group. 
+   return $isInGroup->{$uid}{$gid} if exists $isInGroup->{$uid}{$gid};
+   ### Lookup the actual groupings.
+   my $group = WebGUI::Group->new($self->session,$gid);
+   ### Check for groups of groups.
+   my $users = $group->getAllUsers();
+   foreach my $user (@{$users}) {
+      $isInGroup->{$user}{$gid} = 1;
+	  if ($uid eq $user) {
+	     $self->session->stow->set("isInGroup",$isInGroup);
+		 return 1;
+	  }
+   }
+   $isInGroup->{$uid}{$gid} = 0;
+   $self->session->stow->set("isInGroup",$isInGroup);
+   return 0;
 }