summaryrefslogtreecommitdiff
path: root/app/Core/Ldap
diff options
context:
space:
mode:
authorDebianRoxx <debian.roxx@gmail.com>2018-03-08 22:20:33 +0100
committerFrédéric Guillot <fred@kanboard.net>2018-03-08 13:20:33 -0800
commitd34a5c50c41e1de2abfb8cfd056dbf4ce089a51d (patch)
tree1da3a797f613683ae29aed9776136b685e97af8a /app/Core/Ldap
parenta66d080698009f75647c683fcebde65bc324bfc5 (diff)
Fix role precedence in LDAP integration
Diffstat (limited to 'app/Core/Ldap')
-rw-r--r--app/Core/Ldap/User.php16
1 files changed, 12 insertions, 4 deletions
diff --git a/app/Core/Ldap/User.php b/app/Core/Ldap/User.php
index 4bc1f5f9..63bd1ccb 100644
--- a/app/Core/Ldap/User.php
+++ b/app/Core/Ldap/User.php
@@ -120,17 +120,25 @@ class User
return null;
}
+ // Init with smallest role
+ $role = Role::APP_USER ;
+
foreach ($groupIds as $groupId) {
$groupId = strtolower($groupId);
if ($groupId === strtolower($this->getGroupAdminDn())) {
- return Role::APP_ADMIN;
- } elseif ($groupId === strtolower($this->getGroupManagerDn())) {
- return Role::APP_MANAGER;
+ // Highest role found : we can and we must exit the loop
+ $role = Role::APP_ADMIN;
+ break;
+ }
+
+ if ($groupId === strtolower($this->getGroupManagerDn())) {
+ // Intermediate role found : we must continue to loop, maybe admin role after ?
+ $role = Role::APP_MANAGER;
}
}
- return Role::APP_USER;
+ return $role;
}
/**