bn8/ldapsaisie
1
0
Fork 0
mirror of https://gitlab.easter-eggs.com/ee/ldapsaisie.git synced 2024-12-19 06:53:53 +01:00
Code Issues Projects Releases Wiki Activity

LSsession::loadLSprofiles(): restructuring code and improve comments and logging

Browse source
This commit is contained in:
Benjamin Renard 2020-08-24 17:56:42 +02:00
parent c4dc2a0441
commit 8a1eefc5e3
1 changed files with 103 additions and 68 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

99
src/includes/class/class.LSsession.php
View file

@ -1828,77 +1828,112 @@ class LSsession {
* @retval boolean True si le chargement à réussi, false sinon. * @retval boolean True si le chargement à réussi, false sinon.
**/ **/
private static function loadLSprofiles() { private static function loadLSprofiles() {
if (is_array(self :: $ldapServer['LSprofiles'])) { if (!is_array(self :: $ldapServer['LSprofiles'])) {
self :: log_warning('loadLSprofiles(): Current LDAP server have no configured LSprofile.');
return;
}
self :: log_trace("loadLSprofiles(): Current LDAP server LSprofile configuration: ".varDump(self :: $ldapServer['LSprofiles']));
foreach (self :: $ldapServer['LSprofiles'] as $profile => $profileInfos) { foreach (self :: $ldapServer['LSprofiles'] as $profile => $profileInfos) {
if (is_array($profileInfos)) { if (!is_array($profileInfos)) {
self :: log_warning("loadLSprofiles(): Invalid configuration for LSprofile '$profile' (must be an array).");
continue;
}
foreach ($profileInfos as $topDn => $rightsInfos) { foreach ($profileInfos as $topDn => $rightsInfos) {
// Do not handle 'label' key as a topDn // Do not handle 'label' key as a topDn
if ($topDn == 'label') { if ($topDn == 'label') {
continue; continue;
} }
elseif ($topDn == 'LSobjects') {
/* /*
* If $topDn == 'LSobject', we search for each LSobject type to find * If $topDn == 'LSobject', we search for each LSobject type to find
* all items on witch the user will have powers. * all items on witch the user will have powers.
*/ */
elseif ($topDn == 'LSobjects') { if (!is_array($rightsInfos)) {
if (is_array($rightsInfos)) { self :: log_warning('loadLSprofiles(): LSobjects => [] must be an array');
continue;
}
foreach ($rightsInfos as $LSobject => $listInfos) { foreach ($rightsInfos as $LSobject => $listInfos) {
self :: log_debug('loadLSprofiles(): loading LSprofile ' . $profile . ' for LSobject ' . $LSobject . ' with params ' . var_export($listInfos, true)); self :: log_debug('loadLSprofiles(): loading LSprofile ' . $profile . ' for LSobject ' . $LSobject . ' with params ' . var_export($listInfos, true));
self :: loadLSprofilesLSobjects($profile, $LSobject, $listInfos); self :: loadLSprofilesLSobjects($profile, $LSobject, $listInfos);
} }
} }
else { else {
self :: log_warning('loadLSprofiles(): LSobjects => [] must be an array'); /*
} * Otherwise, we are normally in case of $topDn == a base DN and
} * $rightsInfos is :
else { * - an array (see above)
* - a user DN
*/
if (is_array($rightsInfos)) { if (is_array($rightsInfos)) {
/*
* $rightsInfos is an array, so we could have :
* - users DNs as key and null as value
* - DN of an object as key and an array of parameters to list users from one
* of its attribute as value
*/
foreach($rightsInfos as $dn => $conf) { foreach($rightsInfos as $dn => $conf) {
if ((isset($conf['attr'])) && (isset($conf['LSobject']))) { if (is_array($conf) && isset($conf['attr']) && isset($conf['LSobject'])) {
if( self :: loadLSobject($conf['LSobject']) ) { // We have to retreive this LSobject and list one of its attribute to retreive
if ($object = new $conf['LSobject']()) { // users key info.
if ($object -> loadData($dn)) { if(!self :: loadLSobject($conf['LSobject'])) {
$listDns=$object -> getValue($conf['attr']); // Warning log message is already emited by self :: loadLSobject()
$valKey = (isset($conf['attr_value']))?$conf['attr_value']:'%{dn}'; continue;
$val = self :: getLSuserObject() -> getFData($valKey);
if (is_array($listDns)) {
if (in_array($val,$listDns)) {
self :: $LSprofiles[$profile][] = $topDn;
} }
}
} // Instanciate object and retreive its data
else { $object = new $conf['LSobject']();
if (!$object -> loadData($dn)) {
self :: log_warning("loadLSprofiles(): fail to load DN '$dn'."); self :: log_warning("loadLSprofiles(): fail to load DN '$dn'.");
continue;
} }
// Retreive users key info values from object attribute
$list_users_key_values = $object -> getValue($conf['attr']);
if (!is_array($list_users_key_values)) {
self :: log_warning("loadLSprofiles(): fail to retreive values of attribute '".$conf['attr']."' of LSobject ".$conf['LSobject']." with DN='$dn'");
continue;
}
self :: log_trace("loadLSprofiles(): retreived values of attribute '".$conf['attr']."' of LSobject ".$conf['LSobject']." with DN='$dn': '".implode("', '", $list_users_key_values)."'");
// Retreive current connected key value
$user_key_value_format = (isset($conf['attr_value'])?$conf['attr_value']:'%{dn}');
$user_key_value = self :: getLSuserObject() -> getFData($user_key_value_format);
// Check current connected user is list in attribute values
if (in_array($user_key_value, $list_users_key_values)) {
self :: log_trace("loadLSprofiles(): current connected user is present in attribute '".$conf['attr']."' of LSobject ".$conf['LSobject']." with DN='$dn' (user key value: '$user_key_value')");
self :: $LSprofiles[$profile][] = $topDn;
}
else
self :: log_trace("loadLSprofiles(): current connected user is not list in attribute '".$conf['attr']."' of LSobject ".$conf['LSobject']." with DN='$dn' (user key value: '$user_key_value')");
} }
else { else {
self :: log_warning("loadLSprofiles(): fail to instanciate LSobject type '".$conf['LSobject']."'."); // $conf is not an array, users DNs could be the key $dn and we don't care
} // about $conf value (normally null)
}
}
else {
if (self :: $dn == $dn) { if (self :: $dn == $dn) {
self :: log_trace("loadLSprofiles(): current connected user DN is explicitly list in $profile LSprofile configuration");
self :: $LSprofiles[$profile][] = $topDn; self :: $LSprofiles[$profile][] = $topDn;
} }
else
self :: log_trace("loadLSprofiles(): current connected user DN is NOT explicitly list in $profile LSprofile configuration");
} }
} }
} }
else { else {
// $rightsInfos is not an array => its could be a user DN
if ( self :: $dn == $rightsInfos ) { if ( self :: $dn == $rightsInfos ) {
self :: log_trace("loadLSprofiles(): current connected user DN is explicitly appointed as $profile LSprofile in configuration");
self :: $LSprofiles[$profile][] = $topDn; self :: $LSprofiles[$profile][] = $topDn;
} }
else
self :: log_trace("loadLSprofiles(): current connected user DN is NOT explicitly appointed as $profile LSprofile in configuration");
} }
} // fin else ($topDn == 'LSobjects') } // fin else ($topDn == 'LSobjects' or 'label')
} // fin foreach($profileInfos) } // fin foreach($profileInfos)
} // fin is_array($profileInfos)
} // fin foreach LSprofiles } // fin foreach LSprofiles
self :: log_debug("loadLSprofiles(): LSprofiles = ".print_r(self :: $LSprofiles,1)); self :: log_debug("loadLSprofiles(): LSprofiles = ".print_r(self :: $LSprofiles,1));
return true; return true;
} }
else {
return;
}
}
/** /**
* Charge les droits d'accès de l'utilisateur pour construire le menu de l'interface * Charge les droits d'accès de l'utilisateur pour construire le menu de l'interface