chg: [shibbauth] added option to block organisation changes at login

- New ApacheShibbAuth.BlockOrgModifications setting added, defaults to false, boolean. If set to true, will block updates to the organisation of existing users on authentication. This preserves any modifications made by a site admin in MISP and is similar to ApacheShibbauth.BlockRoleModifications (same logic applied to role modifications).

app/Plugin/ShibbAuth/Controller/Component/Auth/ApacheShibbAuthenticate.php

@@ -39,6 +39,7 @@ class ApacheShibbAuthenticate extends BaseAuthenticate
      *          'group_one' => 1,
      *       ),
      *      'DefaultOrg' => 'MY_ORG',
+     *      'BlockOrgModifications' => false         // set to true if you wish for the user's organisation never to be updated during login. Especially useful if you manually change organisations in MISP
      *      'DefaultRole' => false                   // set to a specific value if you wish to hard-set users created via ApacheShibbAuth
      *      'BlockRoleModifications' => false        // set to true if you wish for the roles never to be updated during login. Especially *                                               // useful if you manually change roles in MISP
      *      'BlockOrgModifications' => false        // set to true if you wish for the organizations never to be updated during login. Especially *                                        // useful if you manually change orgs in MISP
@@ -70,6 +71,7 @@ class ApacheShibbAuthenticate extends BaseAuthenticate
         $roleId = -1;
         $org = Configure::read('ApacheShibbAuth.DefaultOrg');
         $useDefaultOrg = Configure::read('ApacheShibbAuth.UseDefaultOrg');
+        $blockOrgModifications = Configure::check('ApacheShibbAuth.BlockOrgModifications') ? Configure::read('ApacheShibbAuth.BlockOrgModifications') : false;
         // Get tags from SSO config
         $mailTag = Configure::read('ApacheShibbAuth.MailTag');
         $orgTag = Configure::read('ApacheShibbAuth.OrgTag');