mirror of
https://github.com/firefly-iii/firefly-iii.git
synced 2025-10-16 01:06:46 +00:00
Group filter for #5133
This commit is contained in:
James Cole
10
.env.example
10
.env.example
@@ -185,6 +185,16 @@ LDAP_PASSWORD=super_secret
|
|||||||
|
|
||||||
LDAP_AUTH_FIELD=uid
|
LDAP_AUTH_FIELD=uid
|
||||||
|
|
||||||
|
#
|
||||||
|
# If you wish to only authenticate users from a specific group, use the
|
||||||
|
# group filter. Leave empty or remove if not in use.
|
||||||
|
#
|
||||||
|
# Example: cn=Administrators,dc=local,dc=com
|
||||||
|
#
|
||||||
|
# The group filter will only be applied after the user is authenticated.
|
||||||
|
#
|
||||||
|
LDAP_GROUP_FILTER=
|
||||||
|
|
||||||
#
|
#
|
||||||
# Remote user guard settings
|
# Remote user guard settings
|
||||||
#
|
#
|
||||||
|
|||||||
30
app/Ldap/Rules/UserDefinedRule.php
Normal file
30
app/Ldap/Rules/UserDefinedRule.php
Normal file
@@ -0,0 +1,30 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
namespace FireflyIII\Ldap\Rules;
|
||||||
|
|
||||||
|
use LdapRecord\Laravel\Auth\Rule;
|
||||||
|
use LdapRecord\Models\ActiveDirectory\Group;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Class UserDefinedRule
|
||||||
|
*/
|
||||||
|
class UserDefinedRule extends Rule
|
||||||
|
{
|
||||||
|
/**
|
||||||
|
* Check if the rule passes validation.
|
||||||
|
*
|
||||||
|
* @return bool
|
||||||
|
*/
|
||||||
|
public function isValid()
|
||||||
|
{
|
||||||
|
// LDAP_GROUP_FILTER
|
||||||
|
$groupFilter = config('ldap.group_filter');
|
||||||
|
if (null !== $groupFilter && '' !== (string)$groupFilter) {
|
||||||
|
$administrators = Group::find('cn=Administrators,dc=local,dc=com');
|
||||||
|
|
||||||
|
return $this->user->groups()->recursive()->exists($administrators);
|
||||||
|
}
|
||||||
|
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -22,6 +22,7 @@
|
|||||||
declare(strict_types=1);
|
declare(strict_types=1);
|
||||||
|
|
||||||
use FireflyIII\Ldap\AttributeHandler;
|
use FireflyIII\Ldap\AttributeHandler;
|
||||||
|
use FireflyIII\Ldap\Rules\UserDefinedRule;
|
||||||
|
|
||||||
return [
|
return [
|
||||||
/*
|
/*
|
||||||
@@ -109,7 +110,9 @@ return [
|
|||||||
'driver' => 'ldap',
|
'driver' => 'ldap',
|
||||||
//'model' => LdapRecord\Models\ActiveDirectory\User::class,
|
//'model' => LdapRecord\Models\ActiveDirectory\User::class,
|
||||||
'model' => LdapRecord\Models\OpenLDAP\User::class,
|
'model' => LdapRecord\Models\OpenLDAP\User::class,
|
||||||
'rules' => [],
|
'rules' => [
|
||||||
|
UserDefinedRule::class
|
||||||
|
],
|
||||||
'database' => [
|
'database' => [
|
||||||
'model' => FireflyIII\User::class,
|
'model' => FireflyIII\User::class,
|
||||||
'sync_passwords' => false,
|
'sync_passwords' => false,
|
||||||
|
|||||||
@@ -37,6 +37,8 @@ return [
|
|||||||
|
|
||||||
'default' => env('LDAP_CONNECTION', 'default'),
|
'default' => env('LDAP_CONNECTION', 'default'),
|
||||||
|
|
||||||
|
'group_filter' => env('LDAP_GROUP_FILTER'),
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|--------------------------------------------------------------------------
|
|--------------------------------------------------------------------------
|
||||||
| LDAP Connections
|
| LDAP Connections
|
||||||
|
|||||||
Reference in New Issue
Block a user