@@ -1961,4 +1961,113 @@ public function testApplyRightRulesWithDefaultProfile()
19611961 // Clean up: delete the test rule
19621962 $ this assertTrue ($ rule_rightdelete (['id ' => $ rule_id
19631963 }
1964+
1965+ // Test rule rights apply when user logs in from SSO
1966+ public function testGetFromSSOAndRightRules ()
1967+ {
1968+ /** @var array $CFG_GLPI */
1969+ global $ CFG_GLPI
1970+
1971+ $ this login ();
1972+
1973+ // Backup original SSO configuration
1974+ $ original_config
1975+ $ sso_fields
1976+ 'realname_ssofield ' => 'HTTP_REAL_NAME ' ,
1977+ 'firstname_ssofield ' => 'HTTP_FIRST_NAME ' ,
1978+ 'email1_ssofield ' => 'HTTP_EMAIL ' ,
1979+ 'title_ssofield ' => 'HTTP_TITLE ' ,
1980+ 'category_ssofield ' => 'HTTP_CATEGORY ' ,
1981+ ];
1982+
1983+ foreach ($ sso_fieldsas $ config_key$ server_key
1984+ $ original_config$ config_key$ CFG_GLPI $ config_key'' ;
1985+ $ CFG_GLPI $ config_key$ server_key
1986+ }
1987+
1988+ // Create a test group for the rule
1989+ $ groupnew \Group ();
1990+ $ group_id$ groupadd ([
1991+ 'name ' => 'SSO Test Group ' ,
1992+ 'comment ' => 'Group for SSO testing ' ,
1993+ ]);
1994+ $ this assertGreaterThan (0 , $ group_id
1995+
1996+ // Create a right rule that assigns Admin profile and root entity based on group membership
1997+ $ rule_rightnew \RuleRight ();
1998+ $ rule_id$ rule_rightadd ([
1999+ 'name ' => 'SSO Test Rule - Admin Profile Assignment ' ,
2000+ 'is_active ' => 1 ,
2001+ 'sub_type ' => 'RuleRight ' ,
2002+ 'match ' => 'AND ' ,
2003+ 'condition ' => 0 ,
2004+ ]);
2005+ $ this assertGreaterThan (0 , $ rule_id
2006+
2007+ // Add criteria: if user is member of our test group
2008+ $ rule_criterianew \RuleCriteria ();
2009+ $ criteria_id$ rule_criteriaadd ([
2010+ 'rules_id ' => $ rule_id
2011+ 'criteria ' => '_groups_id ' ,
2012+ 'condition ' => 0 , // is
2013+ 'pattern ' => $ group_id
2014+ ]);
2015+ $ this assertGreaterThan (0 , $ criteria_id
2016+
2017+ // Add action: assign Admin profile
2018+ $ admin_profile_idgetItemByTypeName ('Profile ' , 'Super-Admin ' , true );
2019+ $ rule_actionnew \RuleAction ();
2020+ $ action_id$ rule_actionadd ([
2021+ 'rules_id ' => $ rule_id
2022+ 'action_type ' => 'assign ' ,
2023+ 'field ' => 'profiles_id ' ,
2024+ 'value ' => $ admin_profile_id
2025+ ]);
2026+ $ this assertGreaterThan (0 , $ action_id
2027+
2028+ // Add action: assign to root entity (entity 0)
2029+ $ entity_action_id$ rule_actionadd ([
2030+ 'rules_id ' => $ rule_id
2031+ 'action_type ' => 'assign ' ,
2032+ 'field ' => 'entities_id ' ,
2033+ 'value ' => 0 ,
2034+ ]);
2035+ $ this assertGreaterThan (0 , $ entity_action_id
2036+
2037+ // Create a user and simulate SSO authentication
2038+ $ usernew \User ();
2039+ $ username'sso_test_user_ ' . mt_rand ();
2040+
2041+ // Simulate SSO server variables
2042+ $ _SERVER 'HTTP_REAL_NAME ' ] = 'Test ' ;
2043+ $ _SERVER 'HTTP_FIRST_NAME ' ] = 'SSO ' ;
2044+ $ _SERVER [
'HTTP_EMAIL ' ] =
'[email protected] ;
2045+ $ _SERVER 'HTTP_TITLE ' ] = 'Administrator ' ;
2046+ $ _SERVER 'HTTP_CATEGORY ' ] = 'IT Staff ' ;
2047+
2048+ // Create the user with basic information
2049+ $ user_id$ useradd ([
2050+ 'name ' => $ username
2051+ 'authtype ' => \Auth::EXTERNAL ,
2052+ ]);
2053+ $ this assertGreaterThan (0 , $ user_id
2054+ $ this assertTrue ($ usergetFromDB ($ user_id
2055+
2056+ // Add user to the test group to trigger the rule
2057+ $ group_usernew \Group_User ();
2058+ $ group_user_id$ group_useradd ([
2059+ 'users_id ' => $ user_id
2060+ 'groups_id ' => $ group_id
2061+ 'is_dynamic ' => 1 ,
2062+ ]);
2063+ $ this assertGreaterThan (0 , $ group_user_id
2064+
2065+ // Simulate the SSO authentication process
2066+ $ userfields ['_groups ' ] = [$ group_id// Simulate group membership from SSO
2067+ $ sso_result$ usergetFromSSO ();
2068+ $ this assertTrue ($ sso_result
2069+
2070+ $ this assertEquals ("0 " , $ userfields ["_ldap_rules " ]["rules_entities_rights " ][0 ][0 ]); // entities_id
2071+ $ this assertEquals ($ admin_profile_id$ userfields ["_ldap_rules " ]["rules_entities_rights " ][0 ][1 ]); // profiles_id
2072+ }
19642073}
0 commit comments