Merge pull request #11736 from Godmartinz/gh6508_ldap_default_group

Adds a permission group selection for directory sync
snipe · Dec 15, 2022 · 227fef7 · 227fef7
2 parents 418ddcf + 9d44720
commit 227fef7
Show file tree

Hide file tree

Showing 6 changed files with 99 additions and 2 deletions.
diff --git a/app/Console/Commands/LdapSync.php b/app/Console/Commands/LdapSync.php
@@ -3,6 +3,7 @@
 namespace App\Console\Commands;
 
 use App\Models\Department;
+use App\Models\Group;
 use Illuminate\Console\Command;
 use App\Models\Setting;
 use App\Models\Ldap;
@@ -57,6 +58,7 @@ public function handle()
         $ldap_result_country = Setting::getSettings()->ldap_country;
         $ldap_result_dept = Setting::getSettings()->ldap_dept;
         $ldap_result_manager = Setting::getSettings()->ldap_manager;
+        $ldap_default_group = Setting::getSettings()->ldap_default_group;
 
         try {
             $ldapconn = Ldap::connectToLdap();
@@ -192,6 +194,7 @@ public function handle()
                 $item['department'] = isset($results[$i][$ldap_result_dept][0]) ? $results[$i][$ldap_result_dept][0] : '';
                 $item['manager'] = isset($results[$i][$ldap_result_manager][0]) ? $results[$i][$ldap_result_manager][0] : '';
 
+
                 $department = Department::firstOrCreate([
                     'name' => $item['department'],
                 ]);
@@ -218,6 +221,13 @@ public function handle()
                 $user->country = $item['country'];
                 $user->department_id = $department->id;
 
+                if($ldap_default_group != null) {
+
+                    $default = Group::select()->where('id', $ldap_default_group)->first();
+                    $user->permissions = $default->permissions;
+
+                }
+
                 if($item['manager'] != null) {
                     // Check Cache first
                     if (isset($manager_cache[$item['manager']])) {
@@ -326,6 +336,7 @@ public function handle()
                 if ($user->save()) {
                     $item['note'] = $item['createorupdate'];
                     $item['status'] = 'success';
+
                 } else {
                     foreach ($user->getErrors()->getMessages() as $key => $err) {
                         $errors .= $err[0];

diff --git a/app/Http/Controllers/SettingsController.php b/app/Http/Controllers/SettingsController.php
@@ -7,6 +7,7 @@
 use App\Http\Requests\ImageUploadRequest;
 use App\Http\Requests\SettingsSamlRequest;
 use App\Http\Requests\SetupUserRequest;
+use App\Models\Group;
 use App\Models\Setting;
 use App\Models\Asset;
 use App\Models\User;
@@ -911,6 +912,8 @@ public function postLabels(Request $request)
     public function getLdapSettings()
     {
         $setting = Setting::getSettings();
+        $groups = Group::pluck('name', 'id');
+
 
         /**
          * This validator is only temporary (famous last words.) - @snipe
@@ -929,7 +932,7 @@ public function getLdapSettings()
 
 
 
-        return view('settings.ldap', compact('setting'))->withErrors($validator);
+        return view('settings.ldap', compact('setting', 'groups'))->withErrors($validator);
     }
 
     /**
@@ -956,6 +959,7 @@ public function postLdapSettings(Request $request)
                 $setting->ldap_pword = Crypt::encrypt($request->input('ldap_pword'));
             }
             $setting->ldap_basedn = $request->input('ldap_basedn');
+            $setting->ldap_default_group = $request->input('ldap_default_group');
             $setting->ldap_filter = $request->input('ldap_filter');
             $setting->ldap_username_field = $request->input('ldap_username_field');
             $setting->ldap_lname_field = $request->input('ldap_lname_field');

diff --git a/database/migrations/2022_08_25_213308_adds_ldap_default_group_to_settings_table.php b/database/migrations/2022_08_25_213308_adds_ldap_default_group_to_settings_table.php
@@ -0,0 +1,33 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+class AddsLdapDefaultGroupToSettingsTable extends Migration
+{
+    /**
+     * Run the migrations.
+     *
+     * @return void
+     */
+    public function up()
+    {
+        Schema::table('settings', function (Blueprint $table) {
+            $table->integer('ldap_default_group')
+                ->after('ldap_basedn')->default(null);
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     *
+     * @return void
+     */
+    public function down()
+    {
+        Schema::table('settings', function (Blueprint $table) {
+            $table->dropColumn('ldap_default_group');
+        });
+    }
+}
diff --git a/resources/lang/en/admin/settings/general.php b/resources/lang/en/admin/settings/general.php
@@ -75,6 +75,8 @@
     'label_logo_size'           => 'Square logos look best - will be displayed in the top right of each asset label. ',
     'laravel'                   => 'Laravel Version',
     'ldap'                      => 'LDAP',
+    'ldap_default_group'        => 'Default Permissions Group',
+    'ldap_default_group_info'   => 'Select a group to assign to newly synced users. Remember that a user takes on the permissions of the group they are assigned.',
     'ldap_help'                 => 'LDAP/Active Directory',
     'ldap_client_tls_key'       => 'LDAP Client TLS Key',
     'ldap_client_tls_cert'      => 'LDAP Client-Side TLS Certificate',

diff --git a/resources/views/settings/ldap.blade.php b/resources/views/settings/ldap.blade.php
@@ -91,6 +91,53 @@
                             </div>
                         </div>
 
+                        <!--  Default LDAP Permissions Group Select -->
+
+                        <div class="form-group{{ $errors->has('group') ? ' has-error' : '' }}">
+                            <div class="col-md-3">
+                                {{ Form::label('ldap_default_group', trans('admin/settings/general.ldap_default_group')) }}
+                            </div>
+
+                            <div class="col-md-9">
+
+                                @if ($groups->count())
+                                    @if ((Config::get('app.lock_passwords') || (!Auth::user()->isSuperUser())))
+                                        <ul>
+                                            @foreach ($groups as $id => $group)
+                                                {!! '<li>'.e($group).'</li>' !!}
+                                            @endforeach
+                                        </ul>
+
+
+                                        <span class="help-block">{{ trans('admin/users/general.group_memberships_helpblock') }}</span>
+                                    @else
+                                        <div class="controls">
+                                            <select
+                                                    name="ldap_default_group"
+                                                    aria-label="ldap_default_group"
+                                                    id="ldap_default_group"
+                                                    class="form-control"
+                                            >
+                                                <option></option>
+                                                @foreach ($groups as $id => $group)
+                                                    <option value="{{ $id }}">
+                                                        {{ $group }}
+                                                    </option>
+                                                @endforeach
+                                            </select>
+
+                                            <span class="help-block">
+                                      {{ trans('admin/settings/general.ldap_default_group_info') }}
+                                    </span>
+                                        </div>
+                                    @endif
+                                @else
+                                    <p>No groups have been created yet. Visit <code>Admin Settings > Permission Groups</code> to add one.</p>
+                                @endif
+
+                            </div>
+                        </div>
+
                         <!-- AD Flag -->
                         <div class="form-group">
                             <div class="col-md-3">

diff --git a/resources/views/users/edit.blade.php b/resources/views/users/edit.blade.php
@@ -503,7 +503,7 @@ class="form-control"
                                               </ul>
                                           @endif
 
-                                          <span class="help-block">{{ trans('admin/users/general.group_memberships_helpblock') }}</p>
+                                          <span class="help-block">{{ trans('admin/users/general.group_memberships_helpblock') }}</span>
                                   @else
                                    <div class="controls">
                                     <select