MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

disable user in case he has no roles

pull/2251/head
Thomas Stinner 2017-06-06 07:57:13 -07:00
parent a124de314c
commit f60a32cfa0
1 changed files with 13 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
app/Controller/Component/Auth/ApacheAuthenticate.php
View File

@ -128,6 +128,7 @@ class ApacheAuthenticate extends BaseAuthenticate {
// Set roleid depending on group membership // Set roleid depending on group membership
$roleIds = Configure::read('ApacheSecureAuth.ldapDefaultRoleId'); $roleIds = Configure::read('ApacheSecureAuth.ldapDefaultRoleId');
CakeLog::write("debug","RoleIDs: ". print_r($roleIds, true));
if (is_array($roleIds)) { if (is_array($roleIds)) {
foreach ($roleIds as $key => $id) { foreach ($roleIds as $key => $id) {
if ($this->isUserMemberOf($key, $ldapUserData)) { if ($this->isUserMemberOf($key, $ldapUserData)) {
@ -154,10 +155,18 @@ class ApacheAuthenticate extends BaseAuthenticate {
// save user // save user
$userModel->save($userData, false); $userModel->save($userData, false);
} else { } else {
// Update existing user if (!isset($roleId)) {
$user['email'] = $mispUsername; // User has no role anymore, disable user
$user['org_id'] = $org_id; $user['disabled'] = 1;
$user['role_id'] = $roleId; return false;
} else {
// Update existing user
$user['email'] = $mispUsername;
$user['org_id'] = $org_id;
$user['role_id'] = $roleId;
# Reenable user in case it has been disabled
$user['disabled'] = 0;
}
$userModel->save($user, false); $userModel->save($user, false);
} }