Add group filter

ullriti · web-flow · commit 5b386c0ea12b · 2020-04-28T20:45:35.000-07:00
diff --git a/Template/config/integration.php b/Template/config/integration.php
@@ -44,6 +44,10 @@
     <?= $this->form->text('oauth2_key_groups', $values) ?>
     <p class="form-help"><?= t('Leave empty, when no group mapping is wanted') ?></p>
 
+    <?= $this->form->label(t('Group Filter'), 'oauth2_key_group_filter') ?>
+    <?= $this->form->text('oauth2_key_group_filter', $values) ?>
+    <p class="form-help"><?= t('Use a comma to enter multiple useable groups: group1,group2') ?></p>
+
     <div class="form-actions">
         <input type="submit" value="<?= t('Save') ?>" class="btn btn-blue"/>
     </div>
diff --git a/User/GenericOAuth2UserProvider.php b/User/GenericOAuth2UserProvider.php
@@ -146,6 +146,27 @@ public function getEmail()
         return $this->getKey('oauth2_key_email');
     }
 
+    /**
+     * Check if group is in filter
+     *
+     * @access protected
+     * @param string $group
+     * @return boolean
+     */
+    protected function isGroupInFilter(string $group, array $filter) 
+    {
+        if (empty($filter)) {
+            $this->logger->debug('OAuth2: No group specified in filter. All provided groups will be used.');
+            return true;
+        } else {
+            if (in_array($group, $filter)) {
+                return true;
+            } else {
+                return false;
+            }
+        }
+    }
+
     /**
      * Get external group ids
      *
@@ -173,11 +194,19 @@ public function getExternalGroupIds()
         $groups = array_unique($groups);
         $this->logger->debug('OAuth2: '.$this->getUsername().' groups are '. join(',', $groups));
 
+        $filteredGroups = array();
+        $groupFilter = explode(',',$this->configModel->get('oauth2_key_group_filter'));
+
         foreach ($groups as $group) {
-            $this->groupModel->getOrCreateExternalGroupId($group, $group);
+            if ( $this->isGroupInFilter($group, $groupFilter)) {
+                $this->groupModel->getOrCreateExternalGroupId($group, $group);
+                array_push($filteredGroups, $group);
+            } else {
+                $this->logger->debug('OAuth2: '.$group.' will be ignored.');
+            }
         }
 
-        return $groups;
+        return $filteredGroups;
     }
 
     /**
