Add configurable ldap.group.role_prefix parameter (for ACL assignments / checks)

werrolf · werrolf · commit 8ac9dd61f289 · 2022-07-26T14:25:24.000+02:00
diff --git a/Resources/config/services.yml b/Resources/config/services.yml
@@ -15,8 +15,8 @@ parameters:
 # parameter names are now case sensitive
     ldap.user.baseDN: '%ldap.user.baseDn%'
     ldap.group.baseDN: '%ldap.group.baseDn%'
-## Defaults
     ldap.group.id: cn
+    ldap.group.role_prefix: ROLE_GROUP_
 
 services:
     ldapClient:
@@ -45,6 +45,7 @@ services:
         - '%ldap.group.id%'
         - '%ldap.group.adminFilter%'
         - '%ldap.group.query%'
+        - '%ldap.group.role_prefix%'
     fom.ldap_client:
         alias: ldapClient
     fom.identities.provider:
diff --git a/Security/Provider/LDAPGroupProvider.php b/Security/Provider/LDAPGroupProvider.php
@@ -4,9 +4,9 @@
 namespace Mapbender\LDAPBundle\Security\Provider;
 
 
+use FOM\UserBundle\Component\DummyGroup;
 use FOM\UserBundle\Component\Ldap\Client;
 use Mapbender\LDAPBundle\Component\LdapClient;
-use Mapbender\LDAPBundle\Security\User\LDAPGroup;
 use Symfony\Component\Ldap\Entry;
 
 class LDAPGroupProvider
@@ -17,18 +17,20 @@ class LDAPGroupProvider
     protected $identifierAttribute;
     protected $filter;
     protected $queryTemplate;
+    protected $rolePrefix;
 
-    public function __construct(LdapClient $client, $baseDn, $identifierAttribute, $filter, $queryTemplate)
+    public function __construct(LdapClient $client, $baseDn, $identifierAttribute, $filter, $queryTemplate, $rolePrefix)
     {
         $this->client = $client;
         $this->baseDn = $baseDn;
         $this->identifierAttribute = $identifierAttribute;
         $this->filter = $filter;
         $this->queryTemplate = $queryTemplate;
+        $this->rolePrefix = $rolePrefix;
     }
 
     /**
-     * @return LDAPGroup[]
+     * @return DummyGroup[]
      */
     public function getGroups()
     {
@@ -42,12 +44,14 @@ public function getGroups()
 
     /**
      * @param array $record
-     * @return LDAPGroup
+     * @return DummyGroup
      */
     protected function transformGroupRecord(array $record)
     {
         $identifier = $record[$this->identifierAttribute][0];
-        return new LDAPGroup($identifier);
+        $role = $this->rolePrefix . strtoupper($identifier);
+        $title = $this->mb_ucfirst($identifier) . ' (LDAP)';
+        return new DummyGroup($role, $title);
     }
 
     /**
@@ -66,9 +70,21 @@ public function getRolesByUserEntry(Entry $user, $name)
         foreach ($ldapGroups as $group) {
             $groupIds = $group->getAttribute($this->identifierAttribute);
             if ($groupIds) {
-                $roleNames[] = 'ROLE_GROUP_' . strtoupper($groupIds[0]);
+                $roleNames[] = $this->rolePrefix . strtoupper($groupIds[0]);
             }
         }
         return $roleNames;
     }
+
+    /**
+     * @param string $value
+     * @return string
+     */
+    protected static function mb_ucfirst($value)
+    {
+        return
+              \mb_strtoupper(\mb_substr($value, 0, 1))
+            . \mb_substr($value, 1)
+        ;
+    }
 }
diff --git a/Security/User/LDAPGroup.php b/Security/User/LDAPGroup.php
diff --git a/composer.json b/composer.json
@@ -11,7 +11,7 @@
         "ext-ldap": "*",
         "php": ">=5.5",
         "symfony/ldap": "^3.4 || ^4 || ^5 || ^6",
-        "mapbender/fom": "~3.1.7 || ^3.2.7"
+        "mapbender/fom": "~3.1.12 || ^3.2.12"
     },
     "autoload": {
         "psr-4": {"Mapbender\\LDAPBundle\\": "."}
