Refresh LDAP perms on each admin page load and added a joker (*) meaning everyone (no specific group) default tip
authorJean-Guilhem Rouel <jean-gui@w3.org>
Fri, 12 Aug 2011 11:03:31 +0200
changeset 4 ffa45c5c9dd1
parent 3 a3402c9d9582
Refresh LDAP perms on each admin page load and added a joker (*) meaning everyone (no specific group)
wordpress_ldap_plugin/ldap_roles.php
wordpress_ldap_plugin/ldap_roles/lib/ldap_roles.php
wordpress_ldap_plugin/ldap_roles/lib/ldap_roles_admin.php
--- a/wordpress_ldap_plugin/ldap_roles.php	Mon Jul 04 10:52:28 2011 +0200
+++ b/wordpress_ldap_plugin/ldap_roles.php	Fri Aug 12 11:03:31 2011 +0200
@@ -13,8 +13,11 @@
     
     // Authentication hook
     add_action('authenticate', 'updateUserRoles', 26, 3);
+    //refresh ldap roles on admin pages to get user/group state changes during session
+    add_action('set_current_user', 'selectUpdateUserRoles', 26, 3);
 
     // Admin hooks
     add_action('admin_init', 'ldap_roles_admin_init');
     add_action('admin_menu', 'ldapAddPermsMenus');
+    add_action('network_admin_menu', 'ldapAddRolesMenus');
 }
--- a/wordpress_ldap_plugin/ldap_roles/lib/ldap_roles.php	Mon Jul 04 10:52:28 2011 +0200
+++ b/wordpress_ldap_plugin/ldap_roles/lib/ldap_roles.php	Fri Aug 12 11:03:31 2011 +0200
@@ -31,7 +31,7 @@
 /**
  * Updates roles for a user on all blogs
  */
-function updateUserRoles($user, $username, $password) {
+function updateUserRoles($user, $username) {
     if (!is_a($user, 'WP_User')) {
         return $user;
     }
@@ -42,18 +42,18 @@
     
     // We need to bind the user to LDAP a second time to get the user DN
     $userDataArray = null;
-    $result = $server->Authenticate ($username, $password, $userDataArray);
+
+    $result = $server->DoSearchUsername($username, array('dn'), $userDataArray);
 
     if($result == LDAP_OK) {
         $userGroups = getGroups($server, $userDataArray[LDAP_INDEX_DN]);
-    
+
         $ldapPriorities = get_site_option('ldapPriorities');
         $globalPerms = get_site_option('ldapPerms');
-    
+
         // Update roles on each blog
         foreach(get_blog_list(0, 'all') as $blog) {
             $ldapPerms = get_blog_option($blog['blog_id'], 'ldapPerms');
-            
             updateBlogUserRoles($blog['blog_id'], $user->ID, $userGroups, 
                                 $ldapPerms, $globalPerms, 
                                 $ldapPriorities);
@@ -67,19 +67,19 @@
  * Update user's roles on a specific blog
  */
 function updateBlogUserRoles($blog_id, $user_id, $user_groups, $perms, $globalPerms, $priorities) {
-    if($priorities && $perms) {
+    if($priorities && ($perms || $globalPerms)) {
         foreach($priorities as $priority => $roleKey) {
-            if(($perms && array_key_exists($roleKey, $perms) && in_array('*', $perms[$roleKey])) || 
-               ($globalPerms && array_key_exists($roleKey, $globalPerms) && in_array('*', $globalPerms[$roleKey]))) {
-                wpmuLdapAddUserToBlog($user_id, $blog_id, $roleKey);
-                return true;
+	    if(($perms && array_key_exists($roleKey, $perms) && in_array('*', $perms[$roleKey])) || ($globalPerms && array_key_exists($roleKey, $globalPerms) && in_array('*', $globalPerms[$roleKey]))) {
+	        wpmuLdapAddUserToBlog($user_id, $blog_id, $roleKey);
+		return true;
             }
             foreach($user_groups as $g) {
                 
                 $group_dn = strtolower($g[get_site_option('ldapAttributeDN',LDAP_DEFAULT_ATTRIBUTE_DN)]);
+
                 if($group_dn && 
-                   (($perms && array_key_exists($roleKey, $perms) && in_array($group_dn, $perms[$roleKey]) || 
-                     ($globalPerms && array_key_exists($roleKey, $globalPerms) && in_array($group_dn, $globalPerms[$roleKey]))))) {
+                   (($perms[$roleKey] && in_array($group_dn, $perms[$roleKey]) || 
+                     ($globalPerms[$roleKey] && in_array($group_dn, $globalPerms[$roleKey]))))) {
                     wpmuLdapAddUserToBlog($user_id, $blog_id, $roleKey);
                     return true;
                 }
@@ -88,4 +88,18 @@
     }
     remove_user_from_blog($user_id, $blog_id);
     return false;
+}
+
+function selectUpdateUserRoles() {
+    global $current_user;
+    if(is_admin()) {
+        updateUserRoles(&$current_user, $current_user->user_login);
+
+	// Reload current user. There must be a better way to reload roles and capabilities
+	$id = $current_user->ID;
+	$name = $current_user->user_login;
+	$current_user = null; // Set to null to force recreating a new user
+	$current_user = new WP_User($id, $name);
+	setup_userdata($current_user->ID);
+    }
 }
\ No newline at end of file
--- a/wordpress_ldap_plugin/ldap_roles/lib/ldap_roles_admin.php	Mon Jul 04 10:52:28 2011 +0200
+++ b/wordpress_ldap_plugin/ldap_roles/lib/ldap_roles_admin.php	Fri Aug 12 11:03:31 2011 +0200
@@ -19,8 +19,14 @@
         $page = add_options_page('LDAP Permissions', 'LDAP Permissions', 
                          'manage_options', 'ldapperms', 'ldapPermsPanel');
         add_action('admin_print_scripts-' . $page, 'ldap_roles_admin_styles');
+    }
+}
 
-        $page = add_submenu_page('wpmu-admin.php', 'LDAP Groups to Wordpress Roles Mapping', 
+function ldapAddRolesMenus() {
+    $objCurrUser = wp_get_current_user();
+    $objUser = wp_cache_get($objCurrUser->id, 'users');
+    if (is_super_admin($objUser->user_login)) {
+        $page = add_submenu_page('settings.php', 'LDAP Groups to Wordpress Roles Mapping', 
                                  'LDAP Roles Mapping', 9, basename(__FILE__), 'ldapMappingConfPanel');
         add_action('admin_print_scripts-' . $page, 'ldap_roles_admin_styles');
     }
@@ -82,7 +88,8 @@
         }
     }
 ?>
-  <form method="post" id="ldap_auth_groups" action="ms-admin.php?page=ldap_roles_admin.php">
+  <form method="post" id="ldap_auth_groups">
+    <?php wp_nonce_field('ldap_global_perms','ldap_global_perms_nonce'); ?> 
     <h3>LDAP Permissions Settings</h3>
     <p>This form allows you to map LDAP groups to Wordpress roles globally (ie. for all blogs) and define priorities between roles. 
     In the expandable boxes below, enter the full dn to each group.  For multiple groups, enter each group on a new line. You can also sort the boxes