From 62194d5a6836d5b7e3415e62a9dc4ba0e28203de Mon Sep 17 00:00:00 2001 From: Axel Stohn Date: Thu, 8 Jun 2023 12:23:42 -0700 Subject: [PATCH] Change for deep linking and I2 login --- Controller/GrouperGroupsController.php | 81 ++++++++++++-------------- 1 file changed, 38 insertions(+), 43 deletions(-) diff --git a/Controller/GrouperGroupsController.php b/Controller/GrouperGroupsController.php index 2f2b294..b0537e2 100644 --- a/Controller/GrouperGroupsController.php +++ b/Controller/GrouperGroupsController.php @@ -797,61 +797,40 @@ function isAuthorized() { $roles = $this->Role->calculateCMRoles(); - //TODO - This is needed for my dev enviro since I do not log in via I2 IdP - // BEGIN =============================================== + /** + * The following code displays a few custom implementations of the + * login process used to crosswalk a user for Grouper authentication. + * + * You may need to further customize this section to meet your organization + * crosswalk needs. + */ + + /** + * Default when login-id is the same as grouper id + */ + // Default Begin =============================================== /* if ($this->Session->check('Auth.User.username')) { $this->userId = $this->Session->read('Auth.User.username'); } */ - // END =============================================== - - //TODO - Need to make the following code configurable in getting the user ID. In this case the code is - // specific to the needs of I2. - // BEGIN =============================================== - - - $uid=$this->Session->read('Auth.User.co_person_id'); - $username=$this->Session->read('Auth.User.username'); - error_log("HUBING ================ " . $username); - - switch ($username) { - case "chubing@internet2.edu": - error_log("username is " . $username); - $uid=32; - break; - case "pcaskey@internet2.edu": - error_log("username is " . $username); - $uid=28; - break; - case "ij@internet2.edu": - error_log("username is " . $username); - $uid=6842; - break; - case "aaschenbrener@internet2.edu": - error_log("username is " . $username); - $uid=13643; - // 12430 in dev - break; - case "sho@internet2.edu": - error_log("username is " . $username); - $uid=6103; - break; - case "wkaufman@internet2.edu": - error_log("username is " . $username); - $uid=6830; - break; - } - error_log("UID IS ================ " . $uid); + // Default End =============================================== + + /** + * Customized Crosswalk from login-id to Grouper Username + */ + // Custom Begin =============================================== + $username = $this->Session->read('Auth.User.username'); if ($this->Session->check('Plugin.Grouper.UserId')) { $this->userId = $this->Session->read('Plugin.Grouper.UserId'); } else { + $uid = $this->getPersonIdFromUsername($username); $this->userId = $this->getUserId($uid); $this->Session->write('Plugin.Grouper.UserId', $this->userId); } - // END =============================================== - + // Custom End =============================================== + // Determine what operations this user can perform // Construct the permission set for this user, which will also be passed to the view. @@ -1013,6 +992,22 @@ public function emaillistsManage() $this->set('isGrouperVisible', $this->GrouperGroup->isGrouperVisible($this->userId)); } + private function getPersonIdFromUsername($username) + { + $args = array(); + $args['conditions']['Identifier.identifier'] = $username; + $args['conditions']['Identifier.status'] = SuspendableStatusEnum::Active; + $args['conditions']['Identifier.deleted'] = false; + $args['conditions']['Identifier.identifier_id'] = null; + $args['conditions']['NOT']['Identifier.co_person_id'] = null; + $args['conditions']['Identifier.type'] = 'eppn'; + $args['contain'] = false; + + $Identifier = new Identifier(); + $co_person_id = $Identifier->find('first', $args); + + return $co_person_id['Identifier']['co_person_id']; + } private function getUserId($id) {