From: Jeff Davis Date: Sat, 9 Feb 2019 01:25:55 +0000 (-0800) Subject: LP#1715396: optionally run auth_proxy for specified orgs only X-Git-Url: https://old-git.evergreen-ils.org/?a=commitdiff_plain;h=refs%2Fheads%2Fuser%2Fjeffdavis%2Flp1715396-non-inclusive-authproxy;p=working%2FEvergreen.git LP#1715396: optionally run auth_proxy for specified orgs only Signed-off-by: Jeff Davis --- diff --git a/Open-ILS/examples/opensrf.xml.example b/Open-ILS/examples/opensrf.xml.example index 156562b82b..1f6dac57db 100644 --- a/Open-ILS/examples/opensrf.xml.example +++ b/Open-ILS/examples/opensrf.xml.example @@ -554,6 +554,7 @@ vim:et:ts=4:sw=4: 103 104 + false --> diff --git a/Open-ILS/src/perlmods/lib/OpenILS/Application/AuthProxy.pm b/Open-ILS/src/perlmods/lib/OpenILS/Application/AuthProxy.pm index 1f7832c653..56581255f4 100644 --- a/Open-ILS/src/perlmods/lib/OpenILS/Application/AuthProxy.pm +++ b/Open-ILS/src/perlmods/lib/OpenILS/Application/AuthProxy.pm @@ -213,12 +213,24 @@ sub login { foreach my $authenticator (@$auths) { # skip authenticators specified for a different login type - # or org unit id if ($authenticator->login_types and $args->{'type'}) { next unless grep(/^(all|$args->{'type'})$/, @{$authenticator->{'login_types'}}); } - if ($authenticator->org_units and $args->{'org'}) { - next unless grep(/^(all|$args->{'org'})$/, @{$authenticator->{'org_units'}}); + + if ($authenticator->org_units) { + if ($args->{'org'}) { + # We have a context org. Skip this authenticator unless it's + # configured to run for that org. + next unless grep(/^(all|$args->{'org'})$/, @{$authenticator->{'org_units'}}); + } else { + # By default, when we don't have a context org, configured org + # units are ignored and we run this authenticator for everybody. + # But if restrict_to_orgs is enabled, we should skip this + # authenticator (unless it runs for all orgs). + if (exists $authenticator->{restrict_to_orgs} and $authenticator->{restrict_to_orgs} =~ /^t/i) { + next unless grep(/^all$/, @{$authenticator->{'org_units'}}); + } + } } my $event;