Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add multirole support #99

Open
wants to merge 10 commits into
base: master
Choose a base branch
from
Open

Add multirole support #99

wants to merge 10 commits into from

Conversation

sbeus
Copy link

@sbeus sbeus commented Jan 11, 2016

Existing authLdap code only supported users having a single role and would cause problems with other plugins (e.g. Members) that exploit WordPress' native support for multiple roles. This update should allow a user to belong to multiple roles and gracefully add roles based on LDAP group, if configured to do so. Simple tests using my specific use case have validated this change.

sbeus added 5 commits January 11, 2016 14:00
Existing authLdap code only supported users having a single role and would cause problems with other plugins (e.g. Members) that exploit WordPress's native support for multiple roles.  This update should allow a user to belong to multiple roles and gracefully add roles based on LDAP group, if configured to do so.  Simple tests using my specific use case have validated this fix.
@heiglandreas
Copy link
Owner

Thank you for this PR!

From a first glance it looks like a great addition! But I'll have to dig through it and I'm sure I'll have the one or other question.

authLdap.php Outdated
if (!$authLDAPGroupEnable || !$authLDAPGroupOverUser) {
$role = authLdap_user_role($uid);
}
$roles = authLdap_user_roles($uid);
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We definitely need this if-condition. Otherwise the LDAP-roles will ALWAYS overwrite the Wordpress-roles even though people might not want this plugin to handle the roles.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All this does is get the current role(s). The point is to not clobber existing roles but to gracefully merge additional ones (unless configured to completely override). This line simply gets the roles as they exist and then adds them as roles at the end of the function. So if LDAP is not configured to override then these are simply added back in and no harm done. What am I missing?

@heiglandreas
Copy link
Owner

Sorry, it became a bit lengthy.... But I'm through now 😉

@sbeus
Copy link
Author

sbeus commented Jan 13, 2016

Overall it looks like I was a bit hasty in my request. There are things that should clearly be changed about my initial set of updates. But it might be that we'll have to part ways simply based on our difference of opinion pointed out above relative to all WP or all LDAP but not both.

Thank you for your time.

- Only add/remove roles as needed.
- Put back the wp_update_user() call so name/email/etc updates in LDAP get applied
- Fix a WP filter function to include the supposedly correct parameters
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants