From 3a8f37dd060a47655b2be68dba264a18fe865a82 Mon Sep 17 00:00:00 2001 From: Martin Edenhofer Date: Tue, 11 Mar 2014 10:23:56 +0100 Subject: [PATCH] Improved OTRS login / group sync and permission check. --- lib/auth/otrs.rb | 52 +++++++--------------------------------------- lib/import/otrs.rb | 49 +++++++++++++++++++++++++++++++++++++++++++ lib/sso.rb | 13 +++++++++++- lib/sso/otrs.rb | 15 +++++++++---- 4 files changed, 80 insertions(+), 49 deletions(-) diff --git a/lib/auth/otrs.rb b/lib/auth/otrs.rb index 3219d86cb..edb63143c 100644 --- a/lib/auth/otrs.rb +++ b/lib/auth/otrs.rb @@ -6,58 +6,22 @@ module Auth::Otrs def self.check( username, password, config, user ) endpoint = Setting.get('import_otrs_endpoint') - return false if !endpoint || endpoint.empty? || endpoint == 'http://otrs_host/otrs' + return false if !endpoint + return false if endpoint.empty? + return false if endpoint == 'http://otrs_host/otrs' # connect to OTRS result = Import::OTRS.auth( username, password ) return false if !result return false if !result['groups_ro'] return false if !result['groups_rw'] + return false if !result['user'] - # check if required OTRS group exists - types = { - :required_group_ro => 'groups_ro', - :required_group_rw => 'groups_rw', - } - types.each {|config_key,result_key| - if config[config_key] - return false if !result[result_key].has_value?( config[config_key] ) - end - } + user = User.where( :login => result['user']['UserLogin'], :active => true ).first + return false if !user - # sync roles / groups - if config[:group_ro_role_map] || config[:group_rw_role_map] - user.role_ids = [] - user.save - end - types = { - :group_ro_role_map => 'groups_ro', - :group_rw_role_map => 'groups_rw', - } - types.each {|config_key,result_key| - next if !config[config_key] - config[config_key].each {|otrs_group, role| - next if !result[result_key].has_value?( otrs_group ) - role_ids = user.role_ids - role = Role.where( :name => role ).first - next if !role - role_ids.push role.id - user.role_ids = role_ids - user.save - } - } - - if config[:always_role] - config[:always_role].each {|role, active| - next if !active - role_ids = user.role_ids - role = Role.where( :name => role ).first - next if !role - role_ids.push role.id - user.role_ids = role_ids - user.save - } - end + # sync / check permissions + Import::OTRS.permission_sync( user, result, config ) return user end diff --git a/lib/import/otrs.rb b/lib/import/otrs.rb index 838965e98..65bed128c 100644 --- a/lib/import/otrs.rb +++ b/lib/import/otrs.rb @@ -60,6 +60,55 @@ module Import::OTRS return result end + def self.permission_sync(user, result, config) + + # check if required OTRS group exists + types = { + :required_group_ro => 'groups_ro', + :required_group_rw => 'groups_rw', + } + types.each {|config_key,result_key| + if config[config_key] + return false if !result[result_key].has_value?( config[config_key] ) + end + } + + # sync roles / groups + if config[:group_ro_role_map] || config[:group_rw_role_map] + user.role_ids = [] + user.save + end + types = { + :group_ro_role_map => 'groups_ro', + :group_rw_role_map => 'groups_rw', + } + types.each {|config_key,result_key| + next if !config[config_key] + config[config_key].each {|otrs_group, role| + next if !result[result_key].has_value?( otrs_group ) + role_ids = user.role_ids + role = Role.where( :name => role ).first + next if !role + role_ids.push role.id + user.role_ids = role_ids + user.save + } + } + + if config[:always_role] + config[:always_role].each {|role, active| + next if !active + role_ids = user.role_ids + role = Role.where( :name => role ).first + next if !role + role_ids.push role.id + user.role_ids = role_ids + user.save + } + end + + end + def self.start puts 'Start import...' diff --git a/lib/sso.rb b/lib/sso.rb index 61695455f..858afc28f 100644 --- a/lib/sso.rb +++ b/lib/sso.rb @@ -22,7 +22,18 @@ returns :adapter => 'Sso::Env', }, { - :adapter => 'Sso::Otrs', + :adapter => 'Sso::Otrs', + :required_group_ro => 'stats', + :group_rw_role_map => { + 'admin' => 'Admin', + 'stats' => 'Report', + }, + :group_ro_role_map => { + 'stats' => 'Report', + }, + :always_role => { + 'Agent' => true, + }, }, ] diff --git a/lib/sso/otrs.rb b/lib/sso/otrs.rb index 660fa3e38..56e92af04 100644 --- a/lib/sso/otrs.rb +++ b/lib/sso/otrs.rb @@ -4,16 +4,23 @@ module Sso::Otrs def self.check( params, config_item ) endpoint = Setting.get('import_otrs_endpoint') - return false if !endpoint || endpoint.empty? || endpoint == 'http://otrs_host/otrs' + return false if !endpoint + return false if endpoint.empty? + return false if endpoint == 'http://otrs_host/otrs' return false if !params['SessionID'] # connect to OTRS result = Import::OTRS.session( params['SessionID'] ) return false if !result + return false if !result['groups_ro'] + return false if !result['groups_rw'] + return false if !result['user'] - user = User.where( :login => result['UserLogin'], :active => true ).first - return user if user + user = User.where( :login => result['user']['UserLogin'], :active => true ).first - return false + # sync / check permissions + Import::OTRS.permission_sync( user, result, config_item ) + + return user end end \ No newline at end of file