mirror/Part-DB.Part-DB-server
1
0
Fork 1
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2025-06-25 19:28:51 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Allow to select the priority of SAML role mapping based on the order in the configuration option

Browse source
This commit is contained in:
Jan Böhmer 2023-03-04 16:52:17 +01:00
parent bbe4de996a
commit 8fad743e85
4 changed files with 22 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

15
src/Security/SamlUserFactory.php
View file

@ -120,6 +120,7 @@ class SamlUserFactory implements SamlUserFactoryInterface, EventSubscriberInterf
/**
* Maps a list of SAML roles to a local group ID.
* The first available mapping will be used (so the order of the $map is important, first match wins).
* @param array $roles The list of SAML roles
* @param array $map|null The mapping from SAML roles. If null, the global mapping will be used.
* @return int|null The ID of the local group or null if no mapping was found.
@ -128,14 +129,18 @@ class SamlUserFactory implements SamlUserFactoryInterface, EventSubscriberInterf
{
$map = $map ?? $this->saml_role_mapping;
//Iterate over all roles and check if we have a mapping for it.
foreach ($roles as $role) {
if (array_key_exists($role, $map)) {
//We use the first available mapping
return (int) $map[$role];
//Iterate over the mapping (from first to last) and check if we have a match
foreach ($map as $saml_role => $group_id) {
//Skip wildcard
if ($saml_role === '*') {
continue;
}
if (in_array($saml_role, $roles, true)) {
return (int) $group_id;
}
}
//If no applicable mapping was found, check if we have a default mapping
if (array_key_exists('*', $map)) {
return (int) $map['*'];