foreach my $authenticator (@$auths) {
# skip authenticators specified for a different login type
- # or org unit id
if ($authenticator->login_types and $args->{'type'}) {
next unless grep(/^(all|$args->{'type'})$/, @{$authenticator->{'login_types'}});
}
- if ($authenticator->org_units and $args->{'org'}) {
- next unless grep(/^(all|$args->{'org'})$/, @{$authenticator->{'org_units'}});
+
+ if ($authenticator->org_units) {
+ if ($args->{'org'}) {
+ # We have a context org. Skip this authenticator unless it's
+ # configured to run for that org.
+ next unless grep(/^(all|$args->{'org'})$/, @{$authenticator->{'org_units'}});
+ } else {
+ # By default, when we don't have a context org, configured org
+ # units are ignored and we run this authenticator for everybody.
+ # But if restrict_to_orgs is enabled, we should skip this
+ # authenticator (unless it runs for all orgs).
+ if (exists $authenticator->{restrict_to_orgs} and $authenticator->{restrict_to_orgs} =~ /^t/i) {
+ next unless grep(/^all$/, @{$authenticator->{'org_units'}});
+ }
+ }
}
my $event;
projects / working / Evergreen.git / commitdiff