MarkAHershberger has uploaded a new change for review. (
https://gerrit.wikimedia.org/r/367113 )
Change subject: Clean up with coding standards
......................................................................
Clean up with coding standards
house keeping
Change-Id: Ic0726ef43ae3fcc3c4ea2627d665487500c295f0
---
M .dir-locals.el
M .gitignore
M extension.json
A src/Hook.php
M src/LdapGroups.php
5 files changed, 117 insertions(+), 37 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/LdapGroups
refs/changes/13/367113/1
diff --git a/.dir-locals.el b/.dir-locals.el
index 75ce2ef..ac271a9 100644
--- a/.dir-locals.el
+++ b/.dir-locals.el
@@ -8,7 +8,7 @@
(lice:default-license . "gpl-3.0")
(eval . (progn (when (fboundp 'delete-trailing-whitespace)
(delete-trailing-whitespace))
- (tabify (point-min)
(point-max))))
+ (tabify (point-min)
(point-max))))
(c-hanging-braces-alist
(defun-open after)
(block-open after)
diff --git a/.gitignore b/.gitignore
index 07fe9ec..18693be 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,4 +4,6 @@
*~
\#*#
.#*
-.tramp_history
\ No newline at end of file
+.tramp_history
+
+PHPTAGS.sqlite
diff --git a/extension.json b/extension.json
index 35db3f0..b323f6a 100644
--- a/extension.json
+++ b/extension.json
@@ -17,7 +17,8 @@
]
},
"AutoloadClasses": {
- "LdapGroups\\LdapGroups": "src/LdapGroups.php"
+ "LdapGroups\\LdapGroups": "src/LdapGroups.php",
+ "LdapGroups\\Hook": "src/Hook.php"
},
"GroupPermissions": {
"sysop": {
@@ -31,7 +32,7 @@
"LdapGroups": "LdapGroups\\LdapGroups::makeConfig"
},
"Hooks": {
- "PluggableAuthPopulateGroups": [ "LdapGroups::populateGroups" ]
+ "PluggableAuthPopulateGroups": [
"LdapGroups\\Hook::populateGroups" ]
},
"config": {
"_prefix": "LdapGroups",
diff --git a/src/Hook.php b/src/Hook.php
new file mode 100644
index 0000000..0afea52
--- /dev/null
+++ b/src/Hook.php
@@ -0,0 +1,39 @@
+<?php
+
+/**
+ * Hooks for LdapGroups
+ *
+ * Copyright (C) 2017 Mark A. Hershberger
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+namespace LdapGroups;
+
+class Hook {
+ /**
+ * Hook to handle group population for a user
+ * @param User $user to map
+ */
+ public static function populateGroups( User $user ) {
+ $config
+ = ConfigFactory::getDefaultInstance()->makeConfig(
'LdapGroups' );
+ $here = self::newFromIniFile( $config->get( "IniFile" ) );
+
+ $here->fetchLDAPData( $user );
+
+ // Make sure user is in the right groups;
+ $here->mapGroups( $user );
+ }
+}
diff --git a/src/LdapGroups.php b/src/LdapGroups.php
index dde1609..525af82 100644
--- a/src/LdapGroups.php
+++ b/src/LdapGroups.php
@@ -32,17 +32,31 @@
protected $ldapGroupMap;
protected $mwGroupMap;
+ /**
+ * Constructor for LdapGroups
+ * @param string $param extension
+ */
public function __construct( $param ) {
wfDebug( __METHOD__ );
$this->param = $param;
$this->setupGroupMap();
}
- static public function makeConfig() {
+ /**
+ * Get the config accessor
+ * @return GlobalVarConfig
+ */
+ public static function makeConfig() {
return new GlobalVarConfig( 'LdapGroups' );
}
- static public function newFromIniFile( $iniFile = null ) {
+ /**
+ * The ini constructor
+ * @param mixed $iniFile to read from for old style mapping.
+ * @return LdapGroups
+ * @throws MWException
+ */
+ public static function newFromIniFile( $iniFile = null ) {
if ( !is_readable( $iniFile ) ) {
throw new MWException( "Can't read '$iniFile'" );
}
@@ -54,9 +68,13 @@
return new LdapGroups( $data );
}
- protected function setGroupRestrictions( $groupMap = [] ) {
+ /**
+ * Restrict what can be done with these groups on Special:UserRights
+ * @param array $groupMap The map
+ */
+ protected function setGroupRestrictions( array $groupMap ) {
global $wgGroupPermissions, $wgAddGroups, $wgRemoveGroups;
- foreach( $groupMap as $name => $DNs ) {
+ foreach ( $groupMap as $name => $DNs ) {
if ( !isset( $wgGroupPermissions[$name] ) ) {
$wgGroupPermissions[$name] =
$wgGroupPermissions['user'];
}
@@ -68,8 +86,8 @@
// Restrict the ability of users to change these rights
foreach (
- array_unique( array_keys( $wgGroupPermissions ) ) as
$group )
- {
+ array_unique( array_keys( $wgGroupPermissions ) ) as
$group
+ ) {
if ( isset( $wgGroupPermissions[$group]['userrights'] )
&&
$wgGroupPermissions[$group]['userrights'] ) {
$wgGroupPermissions[$group]['userrights'] =
false;
@@ -83,26 +101,34 @@
}
}
+ /**
+ * Set up a group map for the user using chained groups.
+ * See http://ldapwiki.com/wiki/1.2.840.113556.1.4.1941
+ * @param string $userDN the DN for the user
+ */
protected function doGroupMapUsingChain( $userDN ) {
- list($cn, $rest) = explode( ",", $userDN );
+ list( $cn, $rest ) = explode( ",", $userDN );
- foreach( $this->ldapGroupMap as $groupDN => $group ) {
+ foreach ( $this->ldapGroupMap as $groupDN => $group ) {
$entry = $this->doLDAPSearch(
"(&(objectClass=user)($cn)" .
"(memberOf:1.2.840.113556.1.4.1941:=$groupDN))"
);
- if( $entry[ 'count' ] === 1 ) {
+ if ( $entry[ 'count' ] === 1 ) {
$this->ldapData['memberof'][] = $groupDN;
}
}
}
+ /**
+ * Global Maps
+ */
protected function setupGroupMap() {
$config
= ConfigFactory::getDefaultInstance()->makeConfig(
'LdapGroups' );
- $groupMap = $config->get("Map");
+ $groupMap = $config->get( "Map" );
- foreach( $groupMap as $name => $DNs ) {
- foreach ($DNs as $key) {
+ foreach ( $groupMap as $name => $DNs ) {
+ foreach ( $DNs as $key ) {
$lowLDAP = strtolower( $key );
$this->mwGroupMap[ $name ][] = $lowLDAP;
$this->ldapGroupMap[ $lowLDAP ] = $name;
@@ -111,6 +137,10 @@
$this->setGroupRestrictions( $groupMap );
}
+ /**
+ * Set up the connection
+ * @throw MWException
+ */
protected function setupConnection() {
$this->ldap = ldap_connect( $this->param['server'] );
if ( !$this->ldap ) {
@@ -126,6 +156,12 @@
}
}
+ /**
+ * Do a search
+ * @param string $match ldap match
+ * @return array array with results
+ * @throw MWException
+ */
protected function doLDAPSearch( $match ) {
wfProfileIn( __METHOD__ );
$runTime = -microtime( true );
@@ -154,13 +190,20 @@
}
wfProfileOut( __METHOD__ );
$runTime += microtime( true );
- wfDebugLog( __CLASS__, "Ran LDAP search for '$match' in
$runTime seconds.\n" );
+ wfDebugLog(
+ __CLASS__, "Ran LDAP search for '$match' in $runTime
seconds.\n"
+ );
return $entry;
}
-
+ /**
+ * Get the LDAP data for the user
+ * @param User $user the user
+ * @return array data for this user
+ * @throw MWException
+ */
public function fetchLDAPData( User $user ) {
$email = $user->getEmail();
- if( !$email ) {
+ if ( !$email ) {
// Fail early
throw new MWException( "No email found for $user" );
}
@@ -190,12 +233,19 @@
return $this->ldapData;
}
+ /**
+ * Map this user's MW groups based on its LDAP groups
+ * @param User $user to map
+ */
public function mapGroups( User $user ) {
# Create a list of LDAP groups this person is a member of
$memberOf = [];
if ( isset( $this->ldapData['memberof'] ) ) {
- wfDebugLog( __METHOD__, "memberof: " .var_export(
$this->ldapData['memberof'], true ) );
- $tmp = array_map(
'strtolower',$this->ldapData['memberof'] );
+ wfDebugLog(
+ __METHOD__, "memberof: "
+ . var_export( $this->ldapData['memberof'], true
)
+ );
+ $tmp = array_map( 'strtolower',
$this->ldapData['memberof'] );
unset( $tmp['count'] );
$memberOf = array_flip( $tmp );
}
@@ -220,7 +270,7 @@
foreach ( array_keys( $this->mwGroupMap ) as $checkGroup ) {
$matched = array_intersect(
$this->mwGroupMap[$checkGroup],
array_flip( $memberOf ) );
- if( count( $matched ) === 0 ) {
+ if ( count( $matched ) === 0 ) {
wfDebugLog( __METHOD__, "removing: $checkGroup"
);
$user->removeGroup( $checkGroup );
}
@@ -230,19 +280,7 @@
$user->addGroup( $group );
wfDebugLog( __METHOD__, "Adding: $group" );
}
- // saving now causes problems.
- #$user->saveSettings();
+ // saving now causes problems. ** WHAT PROBLEMS? **
+ # $user->saveSettings();
}
-
- // This hook is probably not the right place.
- static public function populateGroups( $user ) {
- $config
- = ConfigFactory::getDefaultInstance()->makeConfig(
'LdapGroups' );
- $here = self::newFromIniFile( $config->get("IniFile") );
-
- $here->fetchLDAPData( $user );
-
- // Make sure user is in the right groups;
- $here->mapGroups( $user );
- }
-}
\ No newline at end of file
+}
--
To view, visit https://gerrit.wikimedia.org/r/367113
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ic0726ef43ae3fcc3c4ea2627d665487500c295f0
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/LdapGroups
Gerrit-Branch: master
Gerrit-Owner: MarkAHershberger <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
