use BookStack\Auth\Role;
use BookStack\Auth\User;
+use Illuminate\Database\Eloquent\Builder;
+use Illuminate\Support\Collection;
+use Illuminate\Support\Facades\DB;
class ExternalAuthService
{
/**
* Check a role against an array of group names to see if it matches.
* Checked against role 'external_auth_id' if set otherwise the name of the role.
- * @param \BookStack\Auth\Role $role
- * @param array $groupNames
- * @return bool
*/
- protected function roleMatchesGroupNames(Role $role, array $groupNames)
+ protected function roleMatchesGroupNames(Role $role, array $groupNames): bool
{
if ($role->external_auth_id) {
- $externalAuthIds = explode(',', strtolower($role->external_auth_id));
- foreach ($externalAuthIds as $externalAuthId) {
- if (in_array(trim($externalAuthId), $groupNames)) {
- return true;
- }
- }
- return false;
+ return $this->externalIdMatchesGroupNames($role->external_auth_id, $groupNames);
}
$roleName = str_replace(' ', '-', trim(strtolower($role->display_name)));
return in_array($roleName, $groupNames);
}
+ /**
+ * Check if the given external auth ID string matches one of the given group names.
+ */
+ protected function externalIdMatchesGroupNames(string $externalId, array $groupNames): bool
+ {
+ $externalAuthIds = explode(',', strtolower($externalId));
+
+ foreach ($externalAuthIds as $externalAuthId) {
+ if (in_array(trim($externalAuthId), $groupNames)) {
+ return true;
+ }
+ }
+
+ return false;
+ }
+
/**
* Match an array of group names to BookStack system roles.
* Formats group names to be lower-case and hyphenated.
- * @param array $groupNames
- * @return \Illuminate\Support\Collection
*/
- protected function matchGroupsToSystemsRoles(array $groupNames)
+ protected function matchGroupsToSystemsRoles(array $groupNames): Collection
{
foreach ($groupNames as $i => $groupName) {
$groupNames[$i] = str_replace(' ', '-', trim(strtolower($groupName)));
}
- $roles = Role::query()->where(function (Builder $query) use ($groupNames) {
- $query->whereIn('name', $groupNames);
- foreach ($groupNames as $groupName) {
- $query->orWhere('external_auth_id', 'LIKE', '%' . $groupName . '%');
- }
- })->get();
-
+ $roles = Role::query()->get(['id', 'external_auth_id', 'display_name']);
$matchedRoles = $roles->filter(function (Role $role) use ($groupNames) {
return $this->roleMatchesGroupNames($role, $groupNames);
});
/**
* Sync the groups to the user roles for the current user
- * @param \BookStack\Auth\User $user
- * @param array $samlAttributes
*/
- public function syncWithGroups(User $user, array $userGroups)
+ public function syncWithGroups(User $user, array $userGroups): void
{
// Get the ids for the roles from the names
- $samlGroupsAsRoles = $this->matchGroupsToSystemsRoles($userSamlGroups);
+ $groupsAsRoles = $this->matchGroupsToSystemsRoles($userGroups);
// Sync groups
if ($this->config['remove_from_groups']) {
- $user->roles()->sync($samlGroupsAsRoles);
- $this->userRepo->attachDefaultRole($user);
+ $user->roles()->sync($groupsAsRoles);
+ $user->attachDefaultRole();
} else {
- $user->roles()->syncWithoutDetaching($samlGroupsAsRoles);
+ $user->roles()->syncWithoutDetaching($groupsAsRoles);
}
}
}
projects / bookstack / blobdiff