X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/03dbe32f9926b53c1a0c35534e57f526c5d2bc2b..refs/pull/2393/head:/app/Auth/Access/ExternalAuthService.php diff --git a/app/Auth/Access/ExternalAuthService.php b/app/Auth/Access/ExternalAuthService.php index b1c036018..4c71db21a 100644 --- a/app/Auth/Access/ExternalAuthService.php +++ b/app/Auth/Access/ExternalAuthService.php @@ -2,51 +2,53 @@ use BookStack\Auth\Role; use BookStack\Auth\User; +use Illuminate\Database\Eloquent\Builder; +use Illuminate\Support\Collection; +use Illuminate\Support\Facades\DB; class ExternalAuthService { /** * Check a role against an array of group names to see if it matches. * Checked against role 'external_auth_id' if set otherwise the name of the role. - * @param \BookStack\Auth\Role $role - * @param array $groupNames - * @return bool */ - protected function roleMatchesGroupNames(Role $role, array $groupNames) + protected function roleMatchesGroupNames(Role $role, array $groupNames): bool { if ($role->external_auth_id) { - $externalAuthIds = explode(',', strtolower($role->external_auth_id)); - foreach ($externalAuthIds as $externalAuthId) { - if (in_array(trim($externalAuthId), $groupNames)) { - return true; - } - } - return false; + return $this->externalIdMatchesGroupNames($role->external_auth_id, $groupNames); } $roleName = str_replace(' ', '-', trim(strtolower($role->display_name))); return in_array($roleName, $groupNames); } + /** + * Check if the given external auth ID string matches one of the given group names. + */ + protected function externalIdMatchesGroupNames(string $externalId, array $groupNames): bool + { + $externalAuthIds = explode(',', strtolower($externalId)); + + foreach ($externalAuthIds as $externalAuthId) { + if (in_array(trim($externalAuthId), $groupNames)) { + return true; + } + } + + return false; + } + /** * Match an array of group names to BookStack system roles. * Formats group names to be lower-case and hyphenated. - * @param array $groupNames - * @return \Illuminate\Support\Collection */ - protected function matchGroupsToSystemsRoles(array $groupNames) + protected function matchGroupsToSystemsRoles(array $groupNames): Collection { foreach ($groupNames as $i => $groupName) { $groupNames[$i] = str_replace(' ', '-', trim(strtolower($groupName))); } - $roles = Role::query()->where(function (Builder $query) use ($groupNames) { - $query->whereIn('name', $groupNames); - foreach ($groupNames as $groupName) { - $query->orWhere('external_auth_id', 'LIKE', '%' . $groupName . '%'); - } - })->get(); - + $roles = Role::query()->get(['id', 'external_auth_id', 'display_name']); $matchedRoles = $roles->filter(function (Role $role) use ($groupNames) { return $this->roleMatchesGroupNames($role, $groupNames); }); @@ -56,20 +58,18 @@ class ExternalAuthService /** * Sync the groups to the user roles for the current user - * @param \BookStack\Auth\User $user - * @param array $samlAttributes */ - public function syncWithGroups(User $user, array $userGroups) + public function syncWithGroups(User $user, array $userGroups): void { // Get the ids for the roles from the names - $samlGroupsAsRoles = $this->matchGroupsToSystemsRoles($userSamlGroups); + $groupsAsRoles = $this->matchGroupsToSystemsRoles($userGroups); // Sync groups if ($this->config['remove_from_groups']) { - $user->roles()->sync($samlGroupsAsRoles); - $this->userRepo->attachDefaultRole($user); + $user->roles()->sync($groupsAsRoles); + $user->attachDefaultRole(); } else { - $user->roles()->syncWithoutDetaching($samlGroupsAsRoles); + $user->roles()->syncWithoutDetaching($groupsAsRoles); } } }