plugin developed by Jean-Guilhem Rouel
authorDominique Hazaël-Massieux <dom@w3.org>
Thu, 10 Feb 2011 15:00:46 +0100
changeset 0 ab5751887143
child 1 8a0f0ff07b45
plugin developed by Jean-Guilhem Rouel
wordpress_ldap_plugin/ldap_roles.php
wordpress_ldap_plugin/ldap_roles/lib/ldap_roles.php
wordpress_ldap_plugin/ldap_roles/lib/ldap_roles_admin.php
wordpress_ldap_plugin/ldap_roles/public/ldap_roles_admin.js
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/wordpress_ldap_plugin/ldap_roles.php	Thu Feb 10 15:00:46 2011 +0100
@@ -0,0 +1,20 @@
+<?php 
+/*
+Plugin Name: LDAP Roles Plug-in
+Plugin URI: http://www.w3.org
+Description: A plugin to map LDAP groups to Wordpress roles. This plugin depends on and reuses parts of WPMU LDAP Plugin http://wpmuldap.tuxdocs.net/
+Version: 1.0
+Author: Jean-Guilhem Rouel (http://www.w3.org/People/Jean-Gui),
+*/
+
+if (get_site_option("ldapAuth")) {
+    require_once('ldap_roles/lib/ldap_roles.php');
+    require_once('ldap_roles/lib/ldap_roles_admin.php');
+    
+    // Authentication hook
+    add_action('authenticate', 'updateUserRoles', 26, 3);
+
+    // Admin hooks
+    add_action('admin_init', 'ldap_roles_admin_init');
+    add_action('admin_menu', 'ldapAddPermsMenus');
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/wordpress_ldap_plugin/ldap_roles/lib/ldap_roles.php	Thu Feb 10 15:00:46 2011 +0100
@@ -0,0 +1,86 @@
+<?php 
+/*
+Plugin Name: LDAP Roles Plug-in
+Plugin URI: http://www.w3.org
+Description: A plugin to map LDAP groups to Wordpress roles
+Version: 1.0
+Author: Jean-Guilhem Rouel (http://www.w3.org/People/Jean-Gui),
+*/
+
+// Code from WPMU LDAP Plugin http://wpmuldap.tuxdocs.net/
+function getGroups($server, $userDN) {
+    //Make sure we're connected - we're not when this is called from the admin side
+    if (!$server->connection_handle) {
+	$server->dock();
+    }
+
+    // Get Groups
+    $attributes_to_get = array(get_site_option('ldapAttributeDN',LDAP_DEFAULT_ATTRIBUTE_DN));
+    if (get_site_option('ldapLinuxWindows')) {
+	$search_filter = "(".get_site_option('ldapAttributeMemberNix',LDAP_DEFAULT_ATTRIBUTE_MEMBERNIX)."=$userDN)";
+	$search_filter .= "(objectclass=".get_site_option('ldapAttributeGroupObjectclassNix',LDAP_DEFAULT_ATTRIBUTE_GROUP_OBJECTCLASSNIX).")";
+    } else {
+	$search_filter = "(".get_site_option('ldapAttributeMember',LDAP_DEFAULT_ATTRIBUTE_MEMBER)."=$userDN)";
+	$search_filter .= "(objectclass=".get_site_option('ldapAttributeGroupObjectclass',LDAP_DEFAULT_ATTRIBUTE_GROUP_OBJECTCLASS).")";
+    }
+    $server->SetSearchCriteria("(&$search_filter)", $attributes_to_get);
+    $server->Search();
+    return ldap_get_entries($server->connection_handle, $server->search_result);
+}
+
+/**
+ * Updates roles for a user on all blogs
+ */
+function updateUserRoles($user, $username, $password) {
+    if (!is_a($user, 'WP_User')) {
+        return $user;
+    }
+     
+    $ldapString = wpmuSetupLdapOptions();
+    $server = new LDAP_ro($ldapString);
+    $server->DebugOff();
+    
+    // We need to bind the user to LDAP a second time to get the user DN
+    $userDataArray = null;
+    $result = $server->Authenticate ($username, $password, $userDataArray);
+
+    if($result == LDAP_OK) {
+        $userGroups = getGroups($server, $userDataArray[LDAP_INDEX_DN]);
+    
+        $ldapPriorities = get_site_option('ldapPriorities');
+        $globalPerms = get_site_option('ldapPerms');
+    
+        // Update roles on each blog
+        foreach(get_blog_list(0, 'all') as $blog) {
+            $ldapPerms = get_blog_option($blog['blog_id'], 'ldapPerms');
+            
+            updateBlogUserRoles($blog['blog_id'], $user->ID, $userGroups, 
+                                $ldapPerms, $globalPerms, 
+                                $ldapPriorities);
+        }
+    }
+
+    return $user;
+}
+
+/**
+ * Update user's roles on a specific blog
+ */
+function updateBlogUserRoles($blog_id, $user_id, $user_groups, $perms, $globalPerms, $priorities) {
+    if($priorities && $perms) {
+        foreach($priorities as $priority => $roleKey) {
+            foreach($user_groups as $g) {
+                
+                $group_dn = strtolower($g[get_site_option('ldapAttributeDN',LDAP_DEFAULT_ATTRIBUTE_DN)]);
+                if($group_dn && 
+                   (($perms[$roleKey] && in_array($group_dn, $perms[$roleKey]) || 
+                     ($globalPerms[$roleKey] && in_array($group_dn, $globalPerms[$roleKey]))))) {
+                    wpmuLdapAddUserToBlog($user_id, $blog_id, $roleKey);
+                    return true;
+                }
+            }
+        }
+    }
+    remove_user_from_blog($user_id, $blog_id);
+    return false;
+}
\ No newline at end of file
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/wordpress_ldap_plugin/ldap_roles/lib/ldap_roles_admin.php	Thu Feb 10 15:00:46 2011 +0100
@@ -0,0 +1,169 @@
+<?php 
+/*
+Plugin Name: LDAP Roles Plug-in
+Plugin URI: http://www.w3.org
+Description: A plugin to map LDAP groups to Wordpress roles
+Version: 1.0
+Author: Jean-Guilhem Rouel (http://www.w3.org/People/Jean-Gui),
+*/
+
+function ldap_roles_admin_init() {
+    wp_register_script('ldap_roles_admin', WPMU_PLUGIN_URL . '/ldap_roles/public/ldap_roles_admin.js');
+}
+
+
+function ldapAddPermsMenus() {
+    $objCurrUser = wp_get_current_user();
+    $objUser = wp_cache_get($objCurrUser->id, 'users');
+    if (is_super_admin($objUser->user_login)) {
+        $page = add_options_page('LDAP Permissions', 'LDAP Permissions', 
+                         'manage_options', 'ldapperms', 'ldapPermsPanel');
+        add_action('admin_print_scripts-' . $page, 'ldap_roles_admin_styles');
+
+        $page = add_submenu_page('wpmu-admin.php', 'LDAP Groups to Wordpress Roles Mapping', 
+                                 'LDAP Roles Mapping', 9, basename(__FILE__), 'ldapMappingConfPanel');
+        add_action('admin_print_scripts-' . $page, 'ldap_roles_admin_styles');
+    }
+}
+
+function ldap_roles_admin_styles() {
+    wp_enqueue_script('jquery-ui-sortable');
+    wp_enqueue_script('ldap_roles_admin');
+
+    wp_admin_css('nav-menu', "/wp-admin/css/nav-menu$suffix.css");
+}
+
+
+function ldapMappingConfPanel() {
+    global $current_blog;
+
+    // Process POST Updates
+    if ($_SERVER['REQUEST_METHOD'] == 'POST') ldapGlobalPermsSave();
+    
+    $tab = $_GET['tab'];
+    $allowedtabs = array('general','connection','attributes','updates');
+    ?>
+<div class="wrap">
+ <?php 
+      ldapGlobalPermsPanel();
+?>
+</div>
+<?php
+}
+
+function ldapGlobalPermsSave() {
+    function textareaToArray($text) {
+        return array_map('trim', explode("\n", trim($text)));
+    }
+    $ldapPerms = array_map('textareaToArray', $_POST['ldapPerms']);
+    update_site_option('ldapPerms', $ldapPerms);
+    
+    $ldapPriorities = array_map('trim', $_POST['ldapPriorities']);
+    function emptyRole($val) {
+        if($val === null || $val === '') {
+            return 99999;
+        }
+        return $val;
+    }
+    $ldapPriorities = array_map('emptyRole', $ldapPriorities);
+    asort($ldapPriorities, SORT_NUMERIC);
+    update_site_option('ldapPriorities', array_keys($ldapPriorities));
+    
+    echo "<div id='message' class='updated fade'><p>Priorities and Mappings Saved!</p></div>";
+}
+
+function ldapGlobalPermsPanel() {
+    $ldapPerms = get_site_option('ldapPerms');
+    $ldapPriorities = get_site_option('ldapPriorities');
+    $roles = get_editable_roles();
+    foreach($roles as $krole => $role) {
+        if(!in_array($krole, $ldapPriorities)) {
+            $ldapPriorities[] = $krole;
+        }
+    }
+?>
+  <form method="post" id="ldap_auth_groups" action="ms-admin.php?page=ldap_roles_admin.php">
+    <h3>LDAP Permissions Settings</h3>
+    <p>This form allows you to map LDAP groups to Wordpress roles globally (ie. for all blogs) and define priorities between roles. 
+    In the expandable boxes below, enter the full dn to each group.  For multiple groups, enter each group on a new line. You can also sort the boxes
+    by drag and drop. Sorting roles is important in case a user belongs to several LDAP groups (as a user can be assigned only one WordPress role).</p>
+      <ul id="sortable">
+      <?php foreach($ldapPriorities as $priority => $key): ?>
+        <li class="menu-item menu-item-depth-0 menu-item-category">
+          <dl class="menu-item-bar">
+            <dt class="menu-item-handle">
+              <span class="item-title">
+                <label for="ldapPerms_<?php echo $key ?>"><span><?php echo $priority+1 ?></span>. <?php echo $roles[$key]['name'] ?></label>
+              </span>
+
+              <span class="item-controls">
+                <span class="item-order">
+                  <input class="priority" style="width:30px" type="text" name="ldapPriorities[<?php echo $key ?>]" id="ldapPriorities_<?php echo $key ?>" value="<?php echo $priority ?>"/>
+                </span>
+                <a href="#" title="Edit Menu Item" class="item-edit">Edit Menu Item</a>
+              </span>
+            </dt>
+          </dl>
+          <div class="menu-item-settings">
+            <textarea style="width: 390px" rows="3" cols="54" name="ldapPerms[<?php echo $key ?>]" id="ldapPerms_<?php echo $key ?>"><?php echo @implode("\n", $ldapPerms[$key]) ?></textarea>
+          </div>
+        </li>
+		  <?php endforeach ?>
+      </ul>
+    <p class="submit"><input type="submit" name="ldapPermsSave" value="Save Priorities" /></p>
+	</form>
+<?php
+}
+
+
+function ldapPermsPanel() {
+    global $blog_id;
+    if ($_SERVER['REQUEST_METHOD'] == 'POST' && $_POST['ldapPermsSave']) {
+        function textareaToArray($text) {
+            return array_map('trim', explode("\n", trim($text)));
+        }
+        $ldapPerms = array_map('textareaToArray', $_POST['ldapPerms']);
+        update_blog_option($blog_id, 'ldapPerms', $ldapPerms);
+
+        echo "<div id='message' class='updated fade'><p>Saved Options!</p></div>";
+    }
+
+    $ldapPerms = get_blog_option($blog_id, 'ldapPerms');
+
+    $ldapPriorities = get_site_option('ldapPriorities');
+    $roles = get_editable_roles();
+    foreach($roles as $krole => $role) {
+        if(!in_array($krole, $ldapPriorities)) {
+            $ldapPriorities[] = $krole;
+        }
+    }
+?>
+        <form method="post" id="ldap_auth_groups" action="options-general.php?page=ldapperms">
+          <h3>LDAP Permissions Settings</h3>
+          <p>
+            This page allows to add LDAP group to WordPress role mappings for the blog &quot;<?php echo get_blog_option($blog_id, 'blogname') ?>&quot;.
+            In the expandable boxes below, enter the full dn of each group. For multiple groups, enter each group on a new line.
+          </p>
+      <ul>
+      <?php foreach($ldapPriorities as $priority => $key): ?>
+        <li class="menu-item menu-item-depth-0 menu-item-category">
+          <dl class="menu-item-bar">
+            <dt class="menu-item-handle">
+              <span class="item-title">
+                <label for="ldapPerms_<?php echo $key ?>"><span><?php echo $priority+1 ?></span>. <?php echo $roles[$key]['name'] ?></label>
+              </span>
+              <span class="item-controls">
+                <a href="#" title="Edit Menu Item" class="item-edit">Edit Menu Item</a>
+              </span>
+            </dt>
+          </dl>
+          <div class="menu-item-settings">
+            <textarea style="width: 390px" rows="3" cols="54" name="ldapPerms[<?php echo $key ?>]" id="ldapPerms_<?php echo $key ?>"><?php echo @implode("\n", $ldapPerms[$key]) ?></textarea>
+          </div>
+        </li>
+		  <?php endforeach ?>
+      </ul>
+      <p class="submit"><input type="submit" name="ldapPermsSave" value="Save Groups" /></p>
+	</form>
+<?php
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/wordpress_ldap_plugin/ldap_roles/public/ldap_roles_admin.js	Thu Feb 10 15:00:46 2011 +0100
@@ -0,0 +1,36 @@
+$(document).ready(function() {
+    $("#sortable input.priority").hide();
+		$("#sortable").sortable({
+        update: function(event, ui) {
+            i = 0;
+            $("li", this).each(function() {
+                $("input.priority", this).val(i);
+                $("label span", this).html(++i);
+            });
+        }
+    });
+
+    $(".menu-item-settings").each(function() {
+        var text = $("textarea", this);
+        if(text.val() == "") {
+            $(this).hide();
+        }
+        else {
+            $(this).parent().addClass("menu-item-edit-active");
+        }
+    });
+
+
+    $(".item-controls a").click(function() {
+        if($(this).parents("li").hasClass("menu-item-edit-active")) {
+            $(this).parents("dl").next().slideUp("fast");
+            $(this).parents("li").removeClass("menu-item-edit-active");
+        }
+        else {
+            $(this).parents("dl").next().slideDown("fast");
+            $(this).parents("li").addClass("menu-item-edit-active");
+        }
+    });
+
+//		$("#sortable").disableSelection();
+});