From 02afff937a9d8dfaa9c293c05c384292e11a68af Mon Sep 17 00:00:00 2001
From: Liam Morland <lkmorlan@uwaterloo.ca>
Date: Tue, 14 Dec 2021 12:41:01 -0500
Subject: [PATCH] ISTWCMS-5254: Use case-insensitive matching for AD group
 access control

---
 uw_cfg_common.module | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/uw_cfg_common.module b/uw_cfg_common.module
index c423f467..f18e72a1 100644
--- a/uw_cfg_common.module
+++ b/uw_cfg_common.module
@@ -977,14 +977,18 @@ function uw_cfg_common_webform_access(WebformInterface $webform, string $operati
         return AccessResult::forbidden();
       }
       // Access control by Active Directory group.
+      // Convert all groups to lowercase for case-insensitive matching.
       $user_ad_groups = uw_cfg_common_get_user_ad_groups() ?: [];
+      $user_ad_groups = array_map('strtolower', $user_ad_groups);
       // Required group. If at least one is provided, the user must be in it.
       $ad_require_groups = $webform->getThirdPartySetting('uw_cfg_common', 'ad_require_groups');
+      $ad_require_groups = array_map('strtolower', $ad_require_groups);
       if ($ad_require_groups && !array_intersect($ad_require_groups, $user_ad_groups)) {
         return AccessResult::forbidden();
       }
       // Deny group. If at least one is provided, the user must not be in it.
       $ad_deny_groups = $webform->getThirdPartySetting('uw_cfg_common', 'ad_deny_groups');
+      $ad_deny_groups = array_map('strtolower', $ad_deny_groups);
       if ($ad_deny_groups && array_intersect($ad_deny_groups, $user_ad_groups)) {
         return AccessResult::forbidden();
       }
-- 
GitLab