Redo LDAP config in the main configuration and add role mappings

2022-01-21 21:20:02 +01:00
parent 76b4b43ac5
commit 61d74a7194
4 changed files with 71 additions and 47 deletions
--- a/src/lib/Hydra.pm
+++ b/src/lib/Hydra.pm
@ -6,6 +6,7 @@ use parent 'Catalyst';
 use Moose;
 use Hydra::Plugin;
 use Hydra::Model::DB;
+use Hydra::Helper::Nix qw(getHydraConfig);
 use Catalyst::Runtime '5.70';
 use Catalyst qw/ConfigLoader
                Static::Simple
@ -19,7 +20,6 @@ use Catalyst qw/ConfigLoader
                PrometheusTiny/,
                '-Log=warn,fatal,error';
 use CatalystX::RoleApplicator;
-use YAML qw(LoadFile);
 use Path::Class 'file';

 our $VERSION = '0.01';
@ -43,9 +43,7 @@ __PACKAGE__->config(
                role_field => "role",
            },
        },
-        ldap => $ENV{'HYDRA_LDAP_CONFIG'} ? LoadFile(
-            file($ENV{'HYDRA_LDAP_CONFIG'})
-        ) : undef
+        ldap => Hydra::Helper::Nix::getHydraConfig->{'ldap'}->{'config'}
    },
    'Plugin::ConfigLoader' => {
        driver => {
--- a/src/lib/Hydra/Controller/User.pm
+++ b/src/lib/Hydra/Controller/User.pm
@ -59,7 +59,9 @@ sub doLDAPLogin {

    my $user = $c->find_user({ username => $username });
    my $LDAPUser = $c->find_user({ username => $username }, 'ldap');
-    my @LDAPRoles = grep { (substr $_, 0, 6) eq "hydra_" } $LDAPUser->roles;
+    my @LDAPRoles = $LDAPUser->roles;
+    my %ldap_config = %{Hydra::Helper::Nix::getHydraConfig->{'ldap'}};
+    my %role_mapping = $ldap_config{'role_mapping'} ? %{$ldap_config{'role_mapping'}} : ();

    if (!$user) {
        $c->model('DB::Users')->create(
@ -79,8 +81,10 @@ sub doLDAPLogin {
        });
    }
    $user->userroles->delete;
-    if (@LDAPRoles) {
-        $user->userroles->create({ role => (substr $_, 6) }) for @LDAPRoles;
+    foreach my $ldap_role (@LDAPRoles) {
+        if (%role_mapping{$ldap_role}) {
+            $user->userroles->create({ role => $role_mapping{$ldap_role} });
+        }
    }
    $c->set_authenticated($user);
 }