From 79ad9d34238ff797a74fb33a219f3ea0b87c0adc Mon Sep 17 00:00:00 2001
From: Robert von Burg <eitch@eitchnet.ch>
Date: Mon, 15 Apr 2019 17:48:27 +0200
Subject: [PATCH] [New] Added an override for users to LDAP groups

---
 .../JsonConfigLdapPrivilegeHandler.java       | 21 +++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/li.strolch.privilege/src/main/java/li/strolch/privilege/handler/JsonConfigLdapPrivilegeHandler.java b/li.strolch.privilege/src/main/java/li/strolch/privilege/handler/JsonConfigLdapPrivilegeHandler.java
index 2b896a685..2d8d26875 100644
--- a/li.strolch.privilege/src/main/java/li/strolch/privilege/handler/JsonConfigLdapPrivilegeHandler.java
+++ b/li.strolch.privilege/src/main/java/li/strolch/privilege/handler/JsonConfigLdapPrivilegeHandler.java
@@ -24,6 +24,7 @@ public class JsonConfigLdapPrivilegeHandler extends BaseLdapPrivilegeHandler {
 	private JsonObject configJ;
 	private Set<String> ldapGroupNames;
 	private String realm;
+	private HashMap<String, String> userLdapGroupOverrides;
 
 	@Override
 	public synchronized void initialize(Map<String, String> parameterMap, EncryptionHandler encryptionHandler,
@@ -56,6 +57,9 @@ public class JsonConfigLdapPrivilegeHandler extends BaseLdapPrivilegeHandler {
 		}
 
 		// validate the configuration
+		if (!this.configJ.has("ldapGroupConfigs") || !this.configJ.get("ldapGroupConfigs").isJsonObject())
+			throw new IllegalStateException("JSON config is missing ldapGroupConfigs element!");
+
 		this.ldapGroupNames = this.configJ.keySet();
 		if (this.ldapGroupNames.isEmpty())
 			throw new IllegalStateException(
@@ -73,6 +77,16 @@ public class JsonConfigLdapPrivilegeHandler extends BaseLdapPrivilegeHandler {
 				throw new IllegalStateException("LDAP Group " + name
 						+ " is missing a roles attribute, or it is not an array or the array is empty");
 		}
+
+		this.userLdapGroupOverrides = new HashMap<>();
+		if (this.configJ.has("userLdapGroupOverrides")) {
+			JsonObject userLdapGroupOverrides = this.configJ.get("userLdapGroupOverrides").getAsJsonObject();
+			for (String username : userLdapGroupOverrides.keySet()) {
+				String group = userLdapGroupOverrides.get(username).getAsString();
+				logger.info("Registered LDAP group override for user " + username + " to group " + group);
+				this.userLdapGroupOverrides.put(username, group);
+			}
+		}
 	}
 
 	@Override
@@ -98,6 +112,13 @@ public class JsonConfigLdapPrivilegeHandler extends BaseLdapPrivilegeHandler {
 		logger.info("User " + username + " has LDAP Groups: ");
 		ldapGroups.forEach(s -> logger.info("- " + s));
 
+		if (this.userLdapGroupOverrides.containsKey(username)) {
+			String overrideGroup = this.userLdapGroupOverrides.get(username);
+			ldapGroups.clear();
+			ldapGroups.add(overrideGroup);
+			logger.info("Overriding LDAP group for user " + username + " to " + overrideGroup);
+		}
+
 		Set<String> relevantLdapGroups = ldapGroups.stream().filter(s -> this.ldapGroupNames.contains(s))
 				.collect(toSet());
 		if (relevantLdapGroups.isEmpty())