MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #9600 from JakubOnderka/oidc-update-user-role 

new: [oidc] New option OidcAuth.update_user_role to disable role chan…
pull/9604/head
Jakub Onderka 2024-03-01 10:15:08 +01:00 committed by GitHub
parent 8f85bda6bb 7ebb7a5107
commit 745098c9dd
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
app/Plugin/OidcAuth/Controller/Component/Auth/OidcAuthenticate.php
View File

@ -17,6 +17,7 @@ App::uses('Oidc', 'OidcAuth.Lib');
* - OidcAuth.unblock (boolean, default: false)
* - OidcAuth.offline_access (boolean, default: false)
* - OidcAuth.check_user_validity (integer, default `0`)
* - OidcAuth.update_user_role (boolean, default: true) - if disabled, manually modified role in MISP admin interface will be not changed from OIDC
*/
class OidcAuthenticate extends BaseAuthenticate
{

4
app/Plugin/OidcAuth/Lib/Oidc.php
View File

@ -101,7 +101,7 @@ class Oidc
$user['org_id'] = $organisationId;
}
if ($user['role_id'] != $roleId) {
if ($user['role_id'] != $roleId && $this->getConfig('update_user_role', true)) {
$this->User->updateField($user, 'role_id', $roleId);
$this->log($mispUsername, "User role changed from {$user['role_id']} to $roleId.");
$user['role_id'] = $roleId;
@ -232,7 +232,7 @@ class Oidc
return false;
}
if ($update && $user['role_id'] != $roleId) {
if ($update && $user['role_id'] != $roleId && $this->getConfig('update_user_role', true)) {
$this->User->updateField($user, 'role_id', $roleId);
$this->log($user['email'], "User role changed from {$user['role_id']} to $roleId.");
}