From d34a5c50c41e1de2abfb8cfd056dbf4ce089a51d Mon Sep 17 00:00:00 2001
From: DebianRoxx <debian.roxx@gmail.com>
Date: Thu, 8 Mar 2018 22:20:33 +0100
Subject: Fix role precedence in LDAP integration

---
 app/Core/Ldap/User.php | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

(limited to 'app')

diff --git a/app/Core/Ldap/User.php b/app/Core/Ldap/User.php
index 4bc1f5f9..63bd1ccb 100644
--- a/app/Core/Ldap/User.php
+++ b/app/Core/Ldap/User.php
@@ -120,17 +120,25 @@ class User
             return null;
         }
 
+        // Init with smallest role
+        $role = Role::APP_USER ;
+
         foreach ($groupIds as $groupId) {
             $groupId = strtolower($groupId);
 
             if ($groupId === strtolower($this->getGroupAdminDn())) {
-                return Role::APP_ADMIN;
-            } elseif ($groupId === strtolower($this->getGroupManagerDn())) {
-                return Role::APP_MANAGER;
+                // Highest role found : we can and we must exit the loop
+                $role = Role::APP_ADMIN;
+                break;
+            }
+
+            if ($groupId === strtolower($this->getGroupManagerDn())) {
+                // Intermediate role found : we must continue to loop, maybe admin role after ?
+	        $role = Role::APP_MANAGER;
             }
         }
 
-        return Role::APP_USER;
+        return $role;
     }
 
     /**
-- 
cgit v1.2.3