mirror of https://github.com/MISP/MISP
Merge pull request #9600 from JakubOnderka/oidc-update-user-role
new: [oidc] New option OidcAuth.update_user_role to disable role chan…pull/9604/head
commit
745098c9dd
|
@ -17,6 +17,7 @@ App::uses('Oidc', 'OidcAuth.Lib');
|
|||
* - OidcAuth.unblock (boolean, default: false)
|
||||
* - OidcAuth.offline_access (boolean, default: false)
|
||||
* - OidcAuth.check_user_validity (integer, default `0`)
|
||||
* - OidcAuth.update_user_role (boolean, default: true) - if disabled, manually modified role in MISP admin interface will be not changed from OIDC
|
||||
*/
|
||||
class OidcAuthenticate extends BaseAuthenticate
|
||||
{
|
||||
|
|
|
@ -101,7 +101,7 @@ class Oidc
|
|||
$user['org_id'] = $organisationId;
|
||||
}
|
||||
|
||||
if ($user['role_id'] != $roleId) {
|
||||
if ($user['role_id'] != $roleId && $this->getConfig('update_user_role', true)) {
|
||||
$this->User->updateField($user, 'role_id', $roleId);
|
||||
$this->log($mispUsername, "User role changed from {$user['role_id']} to $roleId.");
|
||||
$user['role_id'] = $roleId;
|
||||
|
@ -232,7 +232,7 @@ class Oidc
|
|||
return false;
|
||||
}
|
||||
|
||||
if ($update && $user['role_id'] != $roleId) {
|
||||
if ($update && $user['role_id'] != $roleId && $this->getConfig('update_user_role', true)) {
|
||||
$this->User->updateField($user, 'role_id', $roleId);
|
||||
$this->log($user['email'], "User role changed from {$user['role_id']} to $roleId.");
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue