mirror of
https://github.com/firefly-iii/firefly-iii.git
synced 2024-12-24 16:10:37 -06:00
Group filter for #5133
This commit is contained in:
parent
a14568c796
commit
cc67583278
10
.env.example
10
.env.example
@ -185,6 +185,16 @@ LDAP_PASSWORD=super_secret
|
||||
|
||||
LDAP_AUTH_FIELD=uid
|
||||
|
||||
#
|
||||
# If you wish to only authenticate users from a specific group, use the
|
||||
# group filter. Leave empty or remove if not in use.
|
||||
#
|
||||
# Example: cn=Administrators,dc=local,dc=com
|
||||
#
|
||||
# The group filter will only be applied after the user is authenticated.
|
||||
#
|
||||
LDAP_GROUP_FILTER=
|
||||
|
||||
#
|
||||
# Remote user guard settings
|
||||
#
|
||||
|
30
app/Ldap/Rules/UserDefinedRule.php
Normal file
30
app/Ldap/Rules/UserDefinedRule.php
Normal file
@ -0,0 +1,30 @@
|
||||
<?php
|
||||
|
||||
namespace FireflyIII\Ldap\Rules;
|
||||
|
||||
use LdapRecord\Laravel\Auth\Rule;
|
||||
use LdapRecord\Models\ActiveDirectory\Group;
|
||||
|
||||
/**
|
||||
* Class UserDefinedRule
|
||||
*/
|
||||
class UserDefinedRule extends Rule
|
||||
{
|
||||
/**
|
||||
* Check if the rule passes validation.
|
||||
*
|
||||
* @return bool
|
||||
*/
|
||||
public function isValid()
|
||||
{
|
||||
// LDAP_GROUP_FILTER
|
||||
$groupFilter = config('ldap.group_filter');
|
||||
if (null !== $groupFilter && '' !== (string)$groupFilter) {
|
||||
$administrators = Group::find('cn=Administrators,dc=local,dc=com');
|
||||
|
||||
return $this->user->groups()->recursive()->exists($administrators);
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
}
|
@ -22,6 +22,7 @@
|
||||
declare(strict_types=1);
|
||||
|
||||
use FireflyIII\Ldap\AttributeHandler;
|
||||
use FireflyIII\Ldap\Rules\UserDefinedRule;
|
||||
|
||||
return [
|
||||
/*
|
||||
@ -109,7 +110,9 @@ return [
|
||||
'driver' => 'ldap',
|
||||
//'model' => LdapRecord\Models\ActiveDirectory\User::class,
|
||||
'model' => LdapRecord\Models\OpenLDAP\User::class,
|
||||
'rules' => [],
|
||||
'rules' => [
|
||||
UserDefinedRule::class
|
||||
],
|
||||
'database' => [
|
||||
'model' => FireflyIII\User::class,
|
||||
'sync_passwords' => false,
|
||||
|
@ -37,6 +37,8 @@ return [
|
||||
|
||||
'default' => env('LDAP_CONNECTION', 'default'),
|
||||
|
||||
'group_filter' => env('LDAP_GROUP_FILTER'),
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| LDAP Connections
|
||||
|
Loading…
Reference in New Issue
Block a user