auto create groupe sso
This commit is contained in:
parent
923c6c0b42
commit
6f77194ae5
|
|
@ -84,6 +84,9 @@
|
|||
<variable type='string' name='ninegate_mode_auth' description="Mode Authentification" mandatory='True'><value>CAS</value></variable>
|
||||
<variable type='string' name='ninegate_api_key' description="Clé d'accès API" mandatory='True'><value>APIKeyNinegate</value></variable>
|
||||
|
||||
<variable type='oui/non' name='ninegate_ssosynchrogroup' description="Générer automatiquement les groupes en fonction d'un attribut SSO"><value>oui</value></variable>
|
||||
<variable type='string' name='ninegate_ssoreqgroup' description="Attribut SSO associé à la notion de groupe" mandatory='True'><value>user_groups</value></variable>
|
||||
|
||||
<variable type='oui/non' name='ninegate_syncldap' description="Synchroniser Ninegate vers votre Annuaire CadolesLDAP"><value>non</value></variable>
|
||||
<variable type='string' name='ninegate_ldaptemplate' description="Modèle d'annuaire"><value>scribe</value></variable>
|
||||
<variable type='oui/non' name='ninegate_scribegroup' description="Considérer les classes/options comme des groupes de travail"><value>oui</value></variable>
|
||||
|
|
@ -92,7 +95,6 @@
|
|||
<variable type='oui/non' name='ninegate_openldapsynchrogroup' description="Générer automatiquement les groupes en fonction de votre annuaire"><value>oui</value></variable>
|
||||
<variable type='string' name='ninegate_openldapreqgroup' description="Générer automatiquement les groupes en fonction de votre annuaire" mandatory='True'><value>(objectClass=posixGroup)</value></variable>
|
||||
|
||||
|
||||
<variable type='string' name='ninegate_pwdadmin' description="Mot de passe du compte admin durant l'instance (idem valeur Cadoles ldap)" mandatory='True'><value></value></variable>
|
||||
<variable type='string' name='ninegate_organization' description="Nom de l'organisation principale (idem valeur Cadoles ldap)" mandatory='True'><value></value></variable>
|
||||
<variable type='string' name='ninegate_niveau01branche' description="Nom de la branche de Niveau 01 (idem valeur Cadoles ldap)" mandatory='True'><value>niveau01</value></variable>
|
||||
|
|
@ -427,6 +429,8 @@
|
|||
<target type='variable'>ninegate_mode_auth</target>
|
||||
<target type='variable'>ninegate_api_key</target>
|
||||
|
||||
<target type='variable'>ninegate_ssosynchrogroup</target>
|
||||
<target type='variable'>ninegate_ssoreqgroup</target>
|
||||
|
||||
<target type='variable'>ninegate_syncldap</target>
|
||||
<target type='variable'>ninegate_ldaptemplate</target>
|
||||
|
|
@ -514,6 +518,14 @@
|
|||
<target type='variable'>ninegate_test_conf_cadolesldap</target>
|
||||
</condition>
|
||||
|
||||
<condition name='hidden_if_in' source='ninegate_masteridentity'>
|
||||
<param>SQL</param>
|
||||
<param>LDAP</param>
|
||||
|
||||
<target type='variable'>ninegate_ssosynchrogroup</target>
|
||||
<target type='variable'>ninegate_ssoreqgroup</target>
|
||||
</condition>
|
||||
|
||||
<condition name='hidden_if_in' source='ninegate_syncldap'>
|
||||
<param>non</param>
|
||||
|
||||
|
|
@ -572,7 +584,12 @@
|
|||
<param name='mismatch'>non</param>
|
||||
</auto>
|
||||
|
||||
<!-- AFFICHAGE EN FONCTION DE SSO SYNCHRO GROUPE -->
|
||||
<condition name='hidden_if_in' source='ninegate_ssosynchrogroup'>
|
||||
<param>non</param>
|
||||
|
||||
<target type='variable'>ninegate_ssoreqgroup</target>
|
||||
</condition>
|
||||
|
||||
<!-- AFFICHAGE EN FONCTION DE CADOLESLDAP -->
|
||||
<fill name='calc_val' target='ninegate_pwdadmin'>
|
||||
|
|
@ -620,7 +637,7 @@
|
|||
<target type='variable'>ninegate_openldapreqgroup</target>
|
||||
</condition>
|
||||
|
||||
<!-- AFFICHAGE EN FONCTION DU MODULE PORTAL -->
|
||||
<!-- AFFICHAGE EN FONCTION DU LDAP SYNCHRO GROUP -->
|
||||
<condition name='hidden_if_in' source='ninegate_openldapsynchrogroup'>
|
||||
<param>non</param>
|
||||
|
||||
|
|
|
|||
|
|
@ -11,6 +11,7 @@ use Symfony\Component\EventDispatcher\EventDispatcher;
|
|||
use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
|
||||
|
||||
use Cadoles\CoreBundle\Entity\User;
|
||||
use Cadoles\CoreBundle\Entity\Group;
|
||||
|
||||
class SecurityController extends Controller
|
||||
{
|
||||
|
|
@ -99,9 +100,15 @@ class SecurityController extends Controller
|
|||
$user->setAuthlevel("simple");
|
||||
$user->setRole("ROLE_USER");
|
||||
|
||||
if(in_array($username,$this->getParameter("ldap_usersadmin")))
|
||||
$user->setRole("ROLE_ADMIN");
|
||||
|
||||
$em->persist($user);
|
||||
$em->flush();
|
||||
|
||||
// Génération auto des groupes
|
||||
$this->submitGroup($attributes);
|
||||
|
||||
// On calcule les groupes de l'utilisateur
|
||||
$user=$em->getRepository('CadolesCoreBundle:Group')->calculateGroup($user,$attributes);
|
||||
|
||||
|
|
@ -122,6 +129,11 @@ class SecurityController extends Controller
|
|||
$user->setFirstname($firstname);
|
||||
$user->setEmail($email);
|
||||
if(!$sameniveau01) $user->setNiveau02(null);
|
||||
if(in_array($username,$this->getParameter("ldap_usersadmin")))
|
||||
$user->setRole("ROLE_ADMIN");
|
||||
|
||||
// Génération auto des groupes
|
||||
$this->submitGroup($attributes);
|
||||
|
||||
// On calcule les groupes de l'utilisateur
|
||||
$user=$em->getRepository('CadolesCoreBundle:Group')->calculateGroup($user,$attributes);
|
||||
|
|
@ -195,7 +207,14 @@ class SecurityController extends Controller
|
|||
// Récupération Attribut
|
||||
$attributes = \phpCAS::getAttributes();
|
||||
$user = $em->getRepository('CadolesCoreBundle:User')->findOneBy(array("username"=>$username));
|
||||
|
||||
// On calcule le niveau01 de l'utilisateur
|
||||
$niveau01=$em->getRepository('CadolesCoreBundle:Niveau01')->calculateNiveau01($attributes);
|
||||
|
||||
// Génération auto des groupes
|
||||
$groups=$this->submitGroup($attributes);
|
||||
|
||||
// On calcule les groupes de l'utilisateur
|
||||
$user=$em->getRepository('CadolesCoreBundle:Group')->calculateGroup($user,$attributes);
|
||||
|
||||
return $this->render('CadolesCASBundle:Test:test.html.twig',[
|
||||
|
|
@ -209,4 +228,44 @@ class SecurityController extends Controller
|
|||
]);
|
||||
|
||||
}
|
||||
|
||||
private function submitGroup($attributes) {
|
||||
$em = $this->getDoctrine()->getManager();
|
||||
|
||||
if(!$this->getParameter('ssosynchrogroup'))
|
||||
return null;
|
||||
|
||||
$user_attr_cas_group=$this->getParameter('user_attr_cas_group');
|
||||
|
||||
// Si l'utilisateur possège l'attribut groupe dans ses attributs
|
||||
if(array_key_exists($user_attr_cas_group,$attributes)) {
|
||||
if(!is_array($attributes[$user_attr_cas_group])) {
|
||||
$attributes[$user_attr_cas_group]=[$attributes[$user_attr_cas_group]];
|
||||
}
|
||||
|
||||
foreach($attributes[$user_attr_cas_group] as $ssogroup) {
|
||||
// Recherche du groupe
|
||||
$group=$em->getRepository("CadolesCoreBundle:Group")->findOneBy(["label"=>$ssogroup]);
|
||||
if(!$group) {
|
||||
$group=new Group();
|
||||
$group->setLabel($ssogroup);
|
||||
$group->setFgcancreatepage(false);
|
||||
$group->setFgcancreateblog(false);
|
||||
$group->setFgcancreatecalendar(false);
|
||||
$group->setFgcancreateproject(false);
|
||||
$group->setFgcanshare(false);
|
||||
$group->setFgopen(false);
|
||||
$group->setFgall(false);
|
||||
}
|
||||
|
||||
$group->setAttributes('{"'.$user_attr_cas_group.'":"'.$ssogroup.'"}');
|
||||
$group->setFgtemplate(false);
|
||||
|
||||
$em->persist($group);
|
||||
$em->flush();
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -487,7 +487,15 @@ parameters:
|
|||
user_attr_saml_mail: mail
|
||||
user_attr_saml_lastname: sn
|
||||
user_attr_saml_firstname: givenName
|
||||
|
||||
|
||||
%if %%getVar("ninegate_ssosynchrogroup", 'non') == "oui"
|
||||
ssosynchrogroup: true
|
||||
user_attr_cas_group: %%ninegate_ssoreqgroup
|
||||
%else
|
||||
ssosynchrogroup: fase
|
||||
user_attr_cas_group:
|
||||
%end if
|
||||
|
||||
%if %%is_defined("ninegate_smtpport")
|
||||
mailer_port: '%%ninegate_smtpport'
|
||||
mailer_encryption: %%ninegate_smtpencryption
|
||||
|
|
|
|||
Loading…
Reference in New Issue