diff --git a/Controller/GrouperGroupsController.php b/Controller/GrouperGroupsController.php index 09458bc..566f0b2 100644 --- a/Controller/GrouperGroupsController.php +++ b/Controller/GrouperGroupsController.php @@ -744,62 +744,42 @@ function isAuthorized() { $roles = $this->Role->calculateCMRoles(); - //TODO - This is needed for my dev enviro since I do not log in via I2 IdP - // BEGIN =============================================== - + /** + * The following code displays a few custom implementations of the + * login process used to crosswalk a user for Grouper authentication. + * + * You may need to further customize this section to meet your organization + * crosswalk needs. + */ + + /** + * Default when login-id is the same as grouper id + */ + // Default Begin =============================================== if ($this->Session->check('Auth.User.username')) { $this->userId = $this->Session->read('Auth.User.username'); } - // END =============================================== - - //TODO - Need to make the following code configurable in getting the user ID. In this case the code is - // specific to the needs of I2. - // BEGIN =============================================== + // Default End =============================================== + + /** + * Customized Crosswalk from login-id to Grouper Username + */ + // Custom Begin =============================================== /* - $uid=$this->Session->read('Auth.User.co_person_id'); - $username=$this->Session->read('Auth.User.username'); - error_log("HUBING ================ " . $username); - - switch ($username) { - case "chubing@internet2.edu": - error_log("username is " . $username); - $uid=32; - break; - case "pcaskey@internet2.edu": - error_log("username is " . $username); - $uid=28; - break; - case "ij@internet2.edu": - error_log("username is " . $username); - $uid=6842; - break; - case "aaschenbrener@internet2.edu": - error_log("username is " . $username); - $uid=13643; - // 12430 in dev - break; - case "sho@internet2.edu": - error_log("username is " . $username); - $uid=6103; - break; - case "wkaufman@internet2.edu": - error_log("username is " . $username); - $uid=6830; - break; - } - error_log("UID IS ================ " . $uid); + $username = $this->Session->read('Auth.User.username'); if ($this->Session->check('Plugin.Grouper.UserId')) { $this->userId = $this->Session->read('Plugin.Grouper.UserId'); } else { + $uid = $this->getPersonIdFromUsername($username); $this->userId = $this->getUserId($uid); $this->Session->write('Plugin.Grouper.UserId', $this->userId); } - - // END =============================================== */ + // Custom End =============================================== + // Determine what operations this user can perform // Construct the permission set for this user, which will also be passed to the view. @@ -829,6 +809,22 @@ function isAuthorized() return ($p[$this->action]); } + private function getPersonIdFromUsername($username) + { + $args = array(); + $args['conditions']['Identifier.identifier'] = $username; + $args['conditions']['Identifier.status'] = SuspendableStatusEnum::Active; + $args['conditions']['Identifier.deleted'] = false; + $args['conditions']['Identifier.identifier_id'] = null; + $args['conditions']['NOT']['Identifier.co_person_id'] = null; + $args['conditions']['Identifier.type'] = 'eppn'; + $args['contain'] = false; + + $Identifier = new Identifier(); + $co_person_id = $Identifier->find('first', $args); + + return $co_person_id['Identifier']['co_person_id']; + } private function getUserId($id) {