Sutty/trabajo-afectivo
5
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Improved OTRS login / group sync and permission check.

Browse source
This commit is contained in:
Martin Edenhofer 2014-03-11 10:23:56 +01:00
parent 73ec9cd684
commit 3a8f37dd06
4 changed files with 80 additions and 49 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

52
lib/auth/otrs.rb
View file

@ -6,58 +6,22 @@ module Auth::Otrs
def self.check( username, password, config, user ) def self.check( username, password, config, user )
endpoint = Setting.get('import_otrs_endpoint') endpoint = Setting.get('import_otrs_endpoint')
return false if !endpoint || endpoint.empty? || endpoint == 'http://otrs_host/otrs' return false if !endpoint
return false if endpoint.empty?
return false if endpoint == 'http://otrs_host/otrs'
# connect to OTRS # connect to OTRS
result = Import::OTRS.auth( username, password ) result = Import::OTRS.auth( username, password )
return false if !result return false if !result
return false if !result['groups_ro'] return false if !result['groups_ro']
return false if !result['groups_rw'] return false if !result['groups_rw']
return false if !result['user']
# check if required OTRS group exists user = User.where( :login => result['user']['UserLogin'], :active => true ).first
types = { return false if !user
:required_group_ro => 'groups_ro',
:required_group_rw => 'groups_rw',
}
types.each {|config_key,result_key|
if config[config_key]
return false if !result[result_key].has_value?( config[config_key] )
end
}
# sync roles / groups # sync / check permissions
if config[:group_ro_role_map] || config[:group_rw_role_map] Import::OTRS.permission_sync( user, result, config )
user.role_ids = []
user.save
end
types = {
:group_ro_role_map => 'groups_ro',
:group_rw_role_map => 'groups_rw',
}
types.each {|config_key,result_key|
next if !config[config_key]
config[config_key].each {|otrs_group, role|
next if !result[result_key].has_value?( otrs_group )
role_ids = user.role_ids
role = Role.where( :name => role ).first
next if !role
role_ids.push role.id
user.role_ids = role_ids
user.save
}
}
if config[:always_role]
config[:always_role].each {|role, active|
next if !active
role_ids = user.role_ids
role = Role.where( :name => role ).first
next if !role
role_ids.push role.id
user.role_ids = role_ids
user.save
}
end
return user return user
end end

49
lib/import/otrs.rb
View file

@ -60,6 +60,55 @@ module Import::OTRS
return result return result
end end
def self.permission_sync(user, result, config)
# check if required OTRS group exists
types = {
:required_group_ro => 'groups_ro',
:required_group_rw => 'groups_rw',
}
types.each {|config_key,result_key|
if config[config_key]
return false if !result[result_key].has_value?( config[config_key] )
end
}
# sync roles / groups
if config[:group_ro_role_map] || config[:group_rw_role_map]
user.role_ids = []
user.save
end
types = {
:group_ro_role_map => 'groups_ro',
:group_rw_role_map => 'groups_rw',
}
types.each {|config_key,result_key|
next if !config[config_key]
config[config_key].each {|otrs_group, role|
next if !result[result_key].has_value?( otrs_group )
role_ids = user.role_ids
role = Role.where( :name => role ).first
next if !role
role_ids.push role.id
user.role_ids = role_ids
user.save
}
}
if config[:always_role]
config[:always_role].each {|role, active|
next if !active
role_ids = user.role_ids
role = Role.where( :name => role ).first
next if !role
role_ids.push role.id
user.role_ids = role_ids
user.save
}
end
end
def self.start def self.start
puts 'Start import...' puts 'Start import...'

13
lib/sso.rb
View file

@ -22,7 +22,18 @@ returns
:adapter => 'Sso::Env', :adapter => 'Sso::Env',
}, },
{ {
:adapter => 'Sso::Otrs', :adapter => 'Sso::Otrs',
:required_group_ro => 'stats',
:group_rw_role_map => {
'admin' => 'Admin',
'stats' => 'Report',
},
:group_ro_role_map => {
'stats' => 'Report',
},
:always_role => {
'Agent' => true,
},
}, },
] ]

15
lib/sso/otrs.rb
View file

@ -4,16 +4,23 @@ module Sso::Otrs
def self.check( params, config_item ) def self.check( params, config_item )
endpoint = Setting.get('import_otrs_endpoint') endpoint = Setting.get('import_otrs_endpoint')
return false if !endpoint || endpoint.empty? || endpoint == 'http://otrs_host/otrs' return false if !endpoint
return false if endpoint.empty?
return false if endpoint == 'http://otrs_host/otrs'
return false if !params['SessionID'] return false if !params['SessionID']
# connect to OTRS # connect to OTRS
result = Import::OTRS.session( params['SessionID'] ) result = Import::OTRS.session( params['SessionID'] )
return false if !result return false if !result
return false if !result['groups_ro']
return false if !result['groups_rw']
return false if !result['user']
user = User.where( :login => result['UserLogin'], :active => true ).first user = User.where( :login => result['user']['UserLogin'], :active => true ).first
return user if user
return false # sync / check permissions
Import::OTRS.permission_sync( user, result, config_item )
return user
end end
end end