Improved OTRS login / group sync and permission check.
This commit is contained in:
Martin Edenhofer
parent
73ec9cd684
commit
3a8f37dd06
|
|
@ -6,58 +6,22 @@ module Auth::Otrs
|
|||
def self.check( username, password, config, user )
|
||||
|
||||
endpoint = Setting.get('import_otrs_endpoint')
|
||||
return false if !endpoint || endpoint.empty? || endpoint == 'http://otrs_host/otrs'
|
||||
return false if !endpoint
|
||||
return false if endpoint.empty?
|
||||
return false if endpoint == 'http://otrs_host/otrs'
|
||||
|
||||
# connect to OTRS
|
||||
result = Import::OTRS.auth( username, password )
|
||||
return false if !result
|
||||
return false if !result['groups_ro']
|
||||
return false if !result['groups_rw']
|
||||
return false if !result['user']
|
||||
|
||||
# check if required OTRS group exists
|
||||
types = {
|
||||
:required_group_ro => 'groups_ro',
|
||||
:required_group_rw => 'groups_rw',
|
||||
}
|
||||
types.each {|config_key,result_key|
|
||||
if config[config_key]
|
||||
return false if !result[result_key].has_value?( config[config_key] )
|
||||
end
|
||||
}
|
||||
user = User.where( :login => result['user']['UserLogin'], :active => true ).first
|
||||
return false if !user
|
||||
|
||||
# sync roles / groups
|
||||
if config[:group_ro_role_map] || config[:group_rw_role_map]
|
||||
user.role_ids = []
|
||||
user.save
|
||||
end
|
||||
types = {
|
||||
:group_ro_role_map => 'groups_ro',
|
||||
:group_rw_role_map => 'groups_rw',
|
||||
}
|
||||
types.each {|config_key,result_key|
|
||||
next if !config[config_key]
|
||||
config[config_key].each {|otrs_group, role|
|
||||
next if !result[result_key].has_value?( otrs_group )
|
||||
role_ids = user.role_ids
|
||||
role = Role.where( :name => role ).first
|
||||
next if !role
|
||||
role_ids.push role.id
|
||||
user.role_ids = role_ids
|
||||
user.save
|
||||
}
|
||||
}
|
||||
|
||||
if config[:always_role]
|
||||
config[:always_role].each {|role, active|
|
||||
next if !active
|
||||
role_ids = user.role_ids
|
||||
role = Role.where( :name => role ).first
|
||||
next if !role
|
||||
role_ids.push role.id
|
||||
user.role_ids = role_ids
|
||||
user.save
|
||||
}
|
||||
end
|
||||
# sync / check permissions
|
||||
Import::OTRS.permission_sync( user, result, config )
|
||||
|
||||
return user
|
||||
end
|
||||
|
|
|
|||
|
|
@ -60,6 +60,55 @@ module Import::OTRS
|
|||
return result
|
||||
end
|
||||
|
||||
def self.permission_sync(user, result, config)
|
||||
|
||||
# check if required OTRS group exists
|
||||
types = {
|
||||
:required_group_ro => 'groups_ro',
|
||||
:required_group_rw => 'groups_rw',
|
||||
}
|
||||
types.each {|config_key,result_key|
|
||||
if config[config_key]
|
||||
return false if !result[result_key].has_value?( config[config_key] )
|
||||
end
|
||||
}
|
||||
|
||||
# sync roles / groups
|
||||
if config[:group_ro_role_map] || config[:group_rw_role_map]
|
||||
user.role_ids = []
|
||||
user.save
|
||||
end
|
||||
types = {
|
||||
:group_ro_role_map => 'groups_ro',
|
||||
:group_rw_role_map => 'groups_rw',
|
||||
}
|
||||
types.each {|config_key,result_key|
|
||||
next if !config[config_key]
|
||||
config[config_key].each {|otrs_group, role|
|
||||
next if !result[result_key].has_value?( otrs_group )
|
||||
role_ids = user.role_ids
|
||||
role = Role.where( :name => role ).first
|
||||
next if !role
|
||||
role_ids.push role.id
|
||||
user.role_ids = role_ids
|
||||
user.save
|
||||
}
|
||||
}
|
||||
|
||||
if config[:always_role]
|
||||
config[:always_role].each {|role, active|
|
||||
next if !active
|
||||
role_ids = user.role_ids
|
||||
role = Role.where( :name => role ).first
|
||||
next if !role
|
||||
role_ids.push role.id
|
||||
user.role_ids = role_ids
|
||||
user.save
|
||||
}
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
def self.start
|
||||
puts 'Start import...'
|
||||
|
||||
|
|
|
|||
13
lib/sso.rb
13
lib/sso.rb
|
|
@ -22,7 +22,18 @@ returns
|
|||
:adapter => 'Sso::Env',
|
||||
},
|
||||
{
|
||||
:adapter => 'Sso::Otrs',
|
||||
:adapter => 'Sso::Otrs',
|
||||
:required_group_ro => 'stats',
|
||||
:group_rw_role_map => {
|
||||
'admin' => 'Admin',
|
||||
'stats' => 'Report',
|
||||
},
|
||||
:group_ro_role_map => {
|
||||
'stats' => 'Report',
|
||||
},
|
||||
:always_role => {
|
||||
'Agent' => true,
|
||||
},
|
||||
},
|
||||
]
|
||||
|
||||
|
|
|
|||
|
|
@ -4,16 +4,23 @@ module Sso::Otrs
|
|||
def self.check( params, config_item )
|
||||
|
||||
endpoint = Setting.get('import_otrs_endpoint')
|
||||
return false if !endpoint || endpoint.empty? || endpoint == 'http://otrs_host/otrs'
|
||||
return false if !endpoint
|
||||
return false if endpoint.empty?
|
||||
return false if endpoint == 'http://otrs_host/otrs'
|
||||
return false if !params['SessionID']
|
||||
|
||||
# connect to OTRS
|
||||
result = Import::OTRS.session( params['SessionID'] )
|
||||
return false if !result
|
||||
return false if !result['groups_ro']
|
||||
return false if !result['groups_rw']
|
||||
return false if !result['user']
|
||||
|
||||
user = User.where( :login => result['UserLogin'], :active => true ).first
|
||||
return user if user
|
||||
user = User.where( :login => result['user']['UserLogin'], :active => true ).first
|
||||
|
||||
return false
|
||||
# sync / check permissions
|
||||
Import::OTRS.permission_sync( user, result, config_item )
|
||||
|
||||
return user
|
||||
end
|
||||
end
|
||||
Loading…
Reference in a new issue