Added setting that makes possible any new LDAP user to be Manager by …

…default
Kr4ntz · Oct 4, 2020 · e3e9cab · e3e9cab
1 parent 5c9b730
commit e3e9cab
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 8 deletions.
diff --git a/app/Core/Ldap/User.php b/app/Core/Ldap/User.php
@@ -121,25 +121,27 @@ protected function getGroups(Entry $entry)
  */
  protected function getRole(array $groupIds)
  {
+ $role = Role::APP_USER;
+
  if (! $this->hasGroupsConfigured()) {
- return null;
+ if (LDAP_USER_DEFAULT_ROLE_MANAGER) {
+ $role = Role::APP_MANAGER;
+ } else {
+ $role = Role::APP_USER;
+ }
+ return $role;
  }
 
- // Init with smallest role
- $role = Role::APP_USER ;
-
  foreach ($groupIds as $groupId) {
  $groupId = strtolower($groupId);
 
  if ($groupId === strtolower($this->getGroupAdminDn())) {
- // Highest role found : we can and we must exit the loop
  $role = Role::APP_ADMIN;
  break;
  }
 
  if ($groupId === strtolower($this->getGroupManagerDn())) {
- // Intermediate role found : we must continue to loop, maybe admin role after ?
- $role = Role::APP_MANAGER;
+ $role = Role::APP_MANAGER;
  }
  }
 

diff --git a/app/constants.php b/app/constants.php
@@ -81,6 +81,7 @@
 defined('LDAP_USER_ATTRIBUTE_PHOTO') or define('LDAP_USER_ATTRIBUTE_PHOTO', getenv('LDAP_USER_ATTRIBUTE_PHOTO') ?: '');
 defined('LDAP_USER_ATTRIBUTE_LANGUAGE') or define('LDAP_USER_ATTRIBUTE_LANGUAGE', getenv('LDAP_USER_ATTRIBUTE_LANGUAGE') ?: '');
 defined('LDAP_USER_CREATION') or define('LDAP_USER_CREATION', getenv('LDAP_USER_CREATION') ? strtolower(getenv('LDAP_USER_CREATION')) === 'true' : true);
+defined('LDAP_USER_DEFAULT_ROLE_MANAGER') or define('LDAP_USER_DEFAULT_ROLE_MANAGER', getenv('LDAP_USER_DEFAULT_ROLE_MANAGER') ? strtolower(getenv('LDAP_USER_DEFAULT_ROLE_MANAGER')) === 'true' : false);
 
 defined('LDAP_GROUP_ADMIN_DN') or define('LDAP_GROUP_ADMIN_DN', getenv('LDAP_GROUP_ADMIN_DN') ?: '');
 defined('LDAP_GROUP_MANAGER_DN') or define('LDAP_GROUP_MANAGER_DN', getenv('LDAP_GROUP_MANAGER_DN') ?: '');

diff --git a/config.default.php b/config.default.php
@@ -161,6 +161,9 @@
 // Allow automatic LDAP user creation
 define('LDAP_USER_CREATION', true);
 
+// Set new user as Manager
+define('LDAP_USER_DEFAULT_ROLE_MANAGER', false);
+
 // LDAP DN for administrators
 // Example: CN=Kanboard-Admins,CN=Users,DC=kanboard,DC=local
 define('LDAP_GROUP_ADMIN_DN', '');

diff --git a/tests/units/Core/Ldap/LdapUserTest.php b/tests/units/Core/Ldap/LdapUserTest.php
@@ -136,7 +136,7 @@ public function testGetUserWithNoGroupConfigured()
  $this->assertEquals('my_ldap_user', $user->getUsername());
  $this->assertEquals('My LDAP user', $user->getName());
  $this->assertEquals('user1@localhost', $user->getEmail());
- $this->assertEquals(null, $user->getRole());
+ $this->assertEquals(Role::APP_USER, $user->getRole());
  $this->assertSame('', $user->getPhoto());
  $this->assertEquals(array(), $user->getExternalGroupIds());
  $this->assertEquals(array('is_ldap_user' => 1), $user->getExtraAttributes());