Skip to content
Snippets Groups Projects

ISTWCMS-5254: Use case-insensitive matching for AD group access control

Merged ISTWCMS-5254: Use case-insensitive matching for AD group access control
feature/ISTWCMS-5254-lkmorlan-case-insensitive-groups into 1.0.x
Merged Liam Morland requested to merge feature/ISTWCMS-5254-lkmorlan-case-insensitive-groups into 1.0.x
Compare
and
1 file
+ 4
0
Compare changes
  • Side-by-side
  • Inline
uw_cfg_common.module
+ 4
0
@@ -977,14 +977,18 @@ function uw_cfg_common_webform_access(WebformInterface $webform, string $operati
return AccessResult::forbidden();
}
// Access control by Active Directory group.
// Convert all groups to lowercase for case-insensitive matching.
$user_ad_groups = uw_cfg_common_get_user_ad_groups() ?: [];
$user_ad_groups = array_map('strtolower', $user_ad_groups);
// Required group. If at least one is provided, the user must be in it.
$ad_require_groups = $webform->getThirdPartySetting('uw_cfg_common', 'ad_require_groups');
$ad_require_groups = array_map('strtolower', $ad_require_groups);
if ($ad_require_groups && !array_intersect($ad_require_groups, $user_ad_groups)) {
return AccessResult::forbidden();
}
// Deny group. If at least one is provided, the user must not be in it.
$ad_deny_groups = $webform->getThirdPartySetting('uw_cfg_common', 'ad_deny_groups');
$ad_deny_groups = array_map('strtolower', $ad_deny_groups);
if ($ad_deny_groups && array_intersect($ad_deny_groups, $user_ad_groups)) {
return AccessResult::forbidden();
}