From 4987e245bb629e3171425bf16db341c5c3a7c3c7 Mon Sep 17 00:00:00 2001
From: Frederic Guillot <fred@kanboard.net>
Date: Mon, 30 May 2016 21:47:31 -0400
Subject: Do not sync user role if LDAP groups are not configured

---
 app/Core/Ldap/User.php | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

(limited to 'app')

diff --git a/app/Core/Ldap/User.php b/app/Core/Ldap/User.php
index c54aa1ac..91b48530 100644
--- a/app/Core/Ldap/User.php
+++ b/app/Core/Ldap/User.php
@@ -108,12 +108,18 @@ class User
     /**
      * Get role from LDAP groups
      *
+     * Note: Do not touch the current role if groups are not configured
+     *
      * @access protected
      * @param  string[] $groupIds
      * @return string
      */
     protected function getRole(array $groupIds)
     {
+        if ($this->hasGroupsNotConfigured()) {
+            return null;
+        }
+
         foreach ($groupIds as $groupId) {
             $groupId = strtolower($groupId);
 
@@ -271,6 +277,17 @@ class User
         return $this->getGroupUserFilter() !== '' && $this->getGroupUserFilter() !== null;
     }
 
+    /**
+     * Return true if LDAP Group mapping is not configured
+     *
+     * @access public
+     * @return boolean
+     */
+    public function hasGroupsNotConfigured()
+    {
+        return !$this->getGroupAdminDn() && !$this->getGroupManagerDn();
+    }
+
     /**
      * Get LDAP admin group DN
      *
-- 
cgit v1.2.3