diff --git a/dicos/91_ninegate.xml b/dicos/91_ninegate.xml
index 0491d3f6..3460b327 100644
--- a/dicos/91_ninegate.xml
+++ b/dicos/91_ninegate.xml
@@ -84,6 +84,9 @@
CAS
APIKeyNinegate
+ oui
+ user_groups
+
non
scribe
oui
@@ -92,7 +95,6 @@
oui
(objectClass=posixGroup)
-
niveau01
@@ -427,6 +429,8 @@
ninegate_mode_auth
ninegate_api_key
+ ninegate_ssosynchrogroup
+ ninegate_ssoreqgroup
ninegate_syncldap
ninegate_ldaptemplate
@@ -514,6 +518,14 @@
ninegate_test_conf_cadolesldap
+
+ SQL
+ LDAP
+
+ ninegate_ssosynchrogroup
+ ninegate_ssoreqgroup
+
+
non
@@ -572,7 +584,12 @@
non
+
+
+ non
+ ninegate_ssoreqgroup
+
@@ -620,7 +637,7 @@
ninegate_openldapreqgroup
-
+
non
diff --git a/src/ninegate-1.0/src/Cadoles/CASBundle/Controller/SecurityController.php b/src/ninegate-1.0/src/Cadoles/CASBundle/Controller/SecurityController.php
index a33dfec5..a3fd9e8d 100644
--- a/src/ninegate-1.0/src/Cadoles/CASBundle/Controller/SecurityController.php
+++ b/src/ninegate-1.0/src/Cadoles/CASBundle/Controller/SecurityController.php
@@ -11,6 +11,7 @@ use Symfony\Component\EventDispatcher\EventDispatcher;
use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
use Cadoles\CoreBundle\Entity\User;
+use Cadoles\CoreBundle\Entity\Group;
class SecurityController extends Controller
{
@@ -99,9 +100,15 @@ class SecurityController extends Controller
$user->setAuthlevel("simple");
$user->setRole("ROLE_USER");
+ if(in_array($username,$this->getParameter("ldap_usersadmin")))
+ $user->setRole("ROLE_ADMIN");
+
$em->persist($user);
$em->flush();
+ // Génération auto des groupes
+ $this->submitGroup($attributes);
+
// On calcule les groupes de l'utilisateur
$user=$em->getRepository('CadolesCoreBundle:Group')->calculateGroup($user,$attributes);
@@ -122,6 +129,11 @@ class SecurityController extends Controller
$user->setFirstname($firstname);
$user->setEmail($email);
if(!$sameniveau01) $user->setNiveau02(null);
+ if(in_array($username,$this->getParameter("ldap_usersadmin")))
+ $user->setRole("ROLE_ADMIN");
+
+ // Génération auto des groupes
+ $this->submitGroup($attributes);
// On calcule les groupes de l'utilisateur
$user=$em->getRepository('CadolesCoreBundle:Group')->calculateGroup($user,$attributes);
@@ -195,7 +207,14 @@ class SecurityController extends Controller
// Récupération Attribut
$attributes = \phpCAS::getAttributes();
$user = $em->getRepository('CadolesCoreBundle:User')->findOneBy(array("username"=>$username));
+
+ // On calcule le niveau01 de l'utilisateur
$niveau01=$em->getRepository('CadolesCoreBundle:Niveau01')->calculateNiveau01($attributes);
+
+ // Génération auto des groupes
+ $groups=$this->submitGroup($attributes);
+
+ // On calcule les groupes de l'utilisateur
$user=$em->getRepository('CadolesCoreBundle:Group')->calculateGroup($user,$attributes);
return $this->render('CadolesCASBundle:Test:test.html.twig',[
@@ -209,4 +228,44 @@ class SecurityController extends Controller
]);
}
+
+ private function submitGroup($attributes) {
+ $em = $this->getDoctrine()->getManager();
+
+ if(!$this->getParameter('ssosynchrogroup'))
+ return null;
+
+ $user_attr_cas_group=$this->getParameter('user_attr_cas_group');
+
+ // Si l'utilisateur possège l'attribut groupe dans ses attributs
+ if(array_key_exists($user_attr_cas_group,$attributes)) {
+ if(!is_array($attributes[$user_attr_cas_group])) {
+ $attributes[$user_attr_cas_group]=[$attributes[$user_attr_cas_group]];
+ }
+
+ foreach($attributes[$user_attr_cas_group] as $ssogroup) {
+ // Recherche du groupe
+ $group=$em->getRepository("CadolesCoreBundle:Group")->findOneBy(["label"=>$ssogroup]);
+ if(!$group) {
+ $group=new Group();
+ $group->setLabel($ssogroup);
+ $group->setFgcancreatepage(false);
+ $group->setFgcancreateblog(false);
+ $group->setFgcancreatecalendar(false);
+ $group->setFgcancreateproject(false);
+ $group->setFgcanshare(false);
+ $group->setFgopen(false);
+ $group->setFgall(false);
+ }
+
+ $group->setAttributes('{"'.$user_attr_cas_group.'":"'.$ssogroup.'"}');
+ $group->setFgtemplate(false);
+
+ $em->persist($group);
+ $em->flush();
+
+ }
+ }
+
+ }
}
diff --git a/tmpl/ninegate-template.yml b/tmpl/ninegate-template.yml
index 5d7348b0..43f7b579 100644
--- a/tmpl/ninegate-template.yml
+++ b/tmpl/ninegate-template.yml
@@ -487,7 +487,15 @@ parameters:
user_attr_saml_mail: mail
user_attr_saml_lastname: sn
user_attr_saml_firstname: givenName
-
+
+%if %%getVar("ninegate_ssosynchrogroup", 'non') == "oui"
+ ssosynchrogroup: true
+ user_attr_cas_group: %%ninegate_ssoreqgroup
+%else
+ ssosynchrogroup: fase
+ user_attr_cas_group:
+%end if
+
%if %%is_defined("ninegate_smtpport")
mailer_port: '%%ninegate_smtpport'
mailer_encryption: %%ninegate_smtpencryption