diff --git a/app/Console/Commands/LdapSync.php b/app/Console/Commands/LdapSync.php index 0483c57467..af94ac532c 100755 --- a/app/Console/Commands/LdapSync.php +++ b/app/Console/Commands/LdapSync.php @@ -3,6 +3,7 @@ namespace App\Console\Commands; use App\Models\Department; +use App\Models\Group; use Illuminate\Console\Command; use App\Models\Setting; use App\Models\Ldap; @@ -57,6 +58,7 @@ class LdapSync extends Command $ldap_result_country = Setting::getSettings()->ldap_country; $ldap_result_dept = Setting::getSettings()->ldap_dept; $ldap_result_manager = Setting::getSettings()->ldap_manager; + $ldap_default_group = Setting::getSettings()->ldap_default_group; try { $ldapconn = Ldap::connectToLdap(); @@ -192,6 +194,7 @@ class LdapSync extends Command $item['department'] = isset($results[$i][$ldap_result_dept][0]) ? $results[$i][$ldap_result_dept][0] : ''; $item['manager'] = isset($results[$i][$ldap_result_manager][0]) ? $results[$i][$ldap_result_manager][0] : ''; + $department = Department::firstOrCreate([ 'name' => $item['department'], ]); @@ -218,6 +221,13 @@ class LdapSync extends Command $user->country = $item['country']; $user->department_id = $department->id; + if($ldap_default_group != null) { + + $default = Group::select()->where('id', $ldap_default_group)->first(); + $user->permissions = $default->permissions; + + } + if($item['manager'] != null) { // Check Cache first if (isset($manager_cache[$item['manager']])) { @@ -326,6 +336,7 @@ class LdapSync extends Command if ($user->save()) { $item['note'] = $item['createorupdate']; $item['status'] = 'success'; + } else { foreach ($user->getErrors()->getMessages() as $key => $err) { $errors .= $err[0]; diff --git a/app/Http/Controllers/SettingsController.php b/app/Http/Controllers/SettingsController.php index 111eb1baed..9a7c2cc7d5 100755 --- a/app/Http/Controllers/SettingsController.php +++ b/app/Http/Controllers/SettingsController.php @@ -7,6 +7,7 @@ use App\Helpers\StorageHelper; use App\Http\Requests\ImageUploadRequest; use App\Http\Requests\SettingsSamlRequest; use App\Http\Requests\SetupUserRequest; +use App\Models\Group; use App\Models\Setting; use App\Models\Asset; use App\Models\User; @@ -911,6 +912,8 @@ class SettingsController extends Controller public function getLdapSettings() { $setting = Setting::getSettings(); + $groups = Group::pluck('name', 'id'); + /** * This validator is only temporary (famous last words.) - @snipe @@ -929,7 +932,7 @@ class SettingsController extends Controller - return view('settings.ldap', compact('setting'))->withErrors($validator); + return view('settings.ldap', compact('setting', 'groups'))->withErrors($validator); } /** @@ -956,6 +959,7 @@ class SettingsController extends Controller $setting->ldap_pword = Crypt::encrypt($request->input('ldap_pword')); } $setting->ldap_basedn = $request->input('ldap_basedn'); + $setting->ldap_default_group = $request->input('ldap_default_group'); $setting->ldap_filter = $request->input('ldap_filter'); $setting->ldap_username_field = $request->input('ldap_username_field'); $setting->ldap_lname_field = $request->input('ldap_lname_field'); diff --git a/database/migrations/2022_08_25_213308_adds_ldap_default_group_to_settings_table.php b/database/migrations/2022_08_25_213308_adds_ldap_default_group_to_settings_table.php new file mode 100644 index 0000000000..25aca0eefb --- /dev/null +++ b/database/migrations/2022_08_25_213308_adds_ldap_default_group_to_settings_table.php @@ -0,0 +1,33 @@ +integer('ldap_default_group') + ->after('ldap_basedn')->default(null); + }); + } + + /** + * Reverse the migrations. + * + * @return void + */ + public function down() + { + Schema::table('settings', function (Blueprint $table) { + $table->dropColumn('ldap_default_group'); + }); + } +} diff --git a/resources/lang/en/admin/settings/general.php b/resources/lang/en/admin/settings/general.php index f5542d505b..701cf695fb 100644 --- a/resources/lang/en/admin/settings/general.php +++ b/resources/lang/en/admin/settings/general.php @@ -75,6 +75,8 @@ return [ 'label_logo_size' => 'Square logos look best - will be displayed in the top right of each asset label. ', 'laravel' => 'Laravel Version', 'ldap' => 'LDAP', + 'ldap_default_group' => 'Default Permissions Group', + 'ldap_default_group_info' => 'Select a group to assign to newly synced users. Remember that a user takes on the permissions of the group they are assigned.', 'ldap_help' => 'LDAP/Active Directory', 'ldap_client_tls_key' => 'LDAP Client TLS Key', 'ldap_client_tls_cert' => 'LDAP Client-Side TLS Certificate', diff --git a/resources/views/settings/ldap.blade.php b/resources/views/settings/ldap.blade.php index 5fba8fcd3b..628ca41c57 100644 --- a/resources/views/settings/ldap.blade.php +++ b/resources/views/settings/ldap.blade.php @@ -91,6 +91,53 @@ + + +
+
+ {{ Form::label('ldap_default_group', trans('admin/settings/general.ldap_default_group')) }} +
+ +
+ + @if ($groups->count()) + @if ((Config::get('app.lock_passwords') || (!Auth::user()->isSuperUser()))) + + + + {{ trans('admin/users/general.group_memberships_helpblock') }} + @else +
+ + + + {{ trans('admin/settings/general.ldap_default_group_info') }} + +
+ @endif + @else +

No groups have been created yet. Visit Admin Settings > Permission Groups to add one.

+ @endif + +
+
+
diff --git a/resources/views/users/edit.blade.php b/resources/views/users/edit.blade.php index 7947d65a68..93b8fb7a21 100755 --- a/resources/views/users/edit.blade.php +++ b/resources/views/users/edit.blade.php @@ -503,7 +503,7 @@ @endif - {{ trans('admin/users/general.group_memberships_helpblock') }}

+ {{ trans('admin/users/general.group_memberships_helpblock') }} @else