From 43337d58c0be097ca510f2abd1497f13f25bda5b Mon Sep 17 00:00:00 2001
From: Frederic Guillot <fred@kanboard.net>
Date: Sat, 2 Jul 2016 17:44:45 -0400
Subject: Preserve role for existing users when using ReverseProxy
 authentication

---
 app/User/ReverseProxyUserProvider.php | 21 +++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

(limited to 'app/User')

diff --git a/app/User/ReverseProxyUserProvider.php b/app/User/ReverseProxyUserProvider.php
index 723b8155..34d2187d 100644
--- a/app/User/ReverseProxyUserProvider.php
+++ b/app/User/ReverseProxyUserProvider.php
@@ -21,15 +21,24 @@ class ReverseProxyUserProvider implements UserProviderInterface
      */
     protected $username = '';
 
+    /**
+     * User profile if the user already exists
+     *
+     * @access protected
+     * @var array
+     */
+    private $userProfile = array();
+
     /**
      * Constructor
      *
      * @access public
      * @param  string $username
      */
-    public function __construct($username)
+    public function __construct($username, array $userProfile = array())
     {
         $this->username = $username;
+        $this->userProfile = $userProfile;
     }
 
     /**
@@ -84,7 +93,15 @@ class ReverseProxyUserProvider implements UserProviderInterface
      */
     public function getRole()
     {
-        return REVERSE_PROXY_DEFAULT_ADMIN === $this->username ? Role::APP_ADMIN : Role::APP_USER;
+        if (REVERSE_PROXY_DEFAULT_ADMIN === $this->username) {
+            return Role::APP_ADMIN;
+        }
+
+        if (isset($this->userProfile['role'])) {
+            return $this->userProfile['role'];
+        }
+
+        return Role::APP_USER;
     }
 
     /**
-- 
cgit v1.2.3