diff options
author | DebianRoxx <debian.roxx@gmail.com> | 2018-03-08 22:20:33 +0100 |
---|---|---|
committer | Frédéric Guillot <fred@kanboard.net> | 2018-03-08 13:20:33 -0800 |
commit | d34a5c50c41e1de2abfb8cfd056dbf4ce089a51d (patch) | |
tree | 1da3a797f613683ae29aed9776136b685e97af8a /app/Core/Ldap/User.php | |
parent | a66d080698009f75647c683fcebde65bc324bfc5 (diff) |
Fix role precedence in LDAP integration
Diffstat (limited to 'app/Core/Ldap/User.php')
-rw-r--r-- | app/Core/Ldap/User.php | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/app/Core/Ldap/User.php b/app/Core/Ldap/User.php index 4bc1f5f9..63bd1ccb 100644 --- a/app/Core/Ldap/User.php +++ b/app/Core/Ldap/User.php @@ -120,17 +120,25 @@ class User return null; } + // Init with smallest role + $role = Role::APP_USER ; + foreach ($groupIds as $groupId) { $groupId = strtolower($groupId); if ($groupId === strtolower($this->getGroupAdminDn())) { - return Role::APP_ADMIN; - } elseif ($groupId === strtolower($this->getGroupManagerDn())) { - return Role::APP_MANAGER; + // Highest role found : we can and we must exit the loop + $role = Role::APP_ADMIN; + break; + } + + if ($groupId === strtolower($this->getGroupManagerDn())) { + // Intermediate role found : we must continue to loop, maybe admin role after ? + $role = Role::APP_MANAGER; } } - return Role::APP_USER; + return $role; } /** |