LDAP groups sync to Bookstack roles.

Closes #75

.env.example

@@ -67,6 +67,15 @@ LDAP_DN=false
 LDAP_PASS=false
 LDAP_USER_FILTER=false
 LDAP_VERSION=false
+#do you want to sync LDAP groups to BookStack roles for a user
+LDAP_USER_TO_GROUPS=false
+#what is the LDAP attribute for group memberships
+LDAP_GROUP_ATTRIBUTE="memberOf"
+#what LDAP group should the user be a part of to be an admin on BookStack
+LDAP_ADMIN_GROUP="Domain Admins"
+#would you like to remove users from roles on bookstack if they do not match on LDAP
+#if false, the ldap groups-roles sync will only add users to roles
+LDAP_REMOVE_FROM_GROUPS=false
 
 # Mail settings
 MAIL_DRIVER=smtp

app/Http/Controllers/Auth/LoginController.php

@@ -5,6 +5,7 @@
 use BookStack\Exceptions\AuthException;
 use BookStack\Http\Controllers\Controller;
 use BookStack\Repos\UserRepo;
+use BookStack\Repos\LdapRepo;
 use BookStack\Services\SocialAuthService;
 use Illuminate\Contracts\Auth\Authenticatable;
 use Illuminate\Foundation\Auth\AuthenticatesUsers;
@@ -96,7 +97,14 @@ protected function authenticated(Request $request, Authenticatable $user)
             auth()->login($user);
         }
 
-        $path = session()->pull('url.intended', '/');
+		// ldap groups refresh
+		if (config('services.ldap.user_to_groups') !== false && $request->filled('username')) {
+			$ldapRepo = new LdapRepo($this->userRepo);
+			$ldapRepo->syncGroups($user,$request->input('username'));
+		}
+
+
+		$path = session()->pull('url.intended', '/');
         $path = baseUrl($path, true);
         return redirect($path);
     }

app/Repos/LdapRepo.php

@@ -0,0 +1,84 @@
+<?php namespace BookStack\Repos;
+
+use BookStack\Services\Ldap;
+use BookStack\Services\LdapService;
+use BookStack\Role;
+use BookStack\Repos\UserRepo;
+
+class LdapRepo
+{
+
+	protected $ldap = null;
+	protected $ldapService = null;
+
+	protected $config;
+
+	/**
+	 * LdapRepo constructor.
+	 * @param \BookStack\Repos\UserRepo $userRepo
+	 */
+	public function __construct(UserRepo $userRepo)
+	{
+		$this->config = config('services.ldap');
+
+		if (config('auth.method') !== 'ldap') {
+			return false;
+		}
+
+		$this->ldapService = new LdapService(new Ldap);
+		$this->userRepo = $userRepo;
+	}
+
+	/**
+	 * If there is no ldap connection, all methods calls to this library will return null
+	 */
+	public function __call($method, $arguments)
+	{
+		if ($this->ldap === null) {
+			return null;
+		}
+
+		return call_user_func_array(array($this,$method),$arguments);
+	}
+
+	/**
+	 * Sync the LDAP groups to the user roles for the current user
+	 * @param \BookStack\User $user
+	 * @param string $userName
+	 * @throws \BookStack\Exceptions\NotFoundException
+	 */
+	public function syncGroups($user,$userName)
+	{
+		$userLdapGroups = $this->ldapService->getUserGroups($userName);
+		$userLdapGroups = $this->groupNameFilter($userLdapGroups);
+		// get the ids for the roles from the names
+		$ldapGroupsAsRoles = Role::whereIn('name',$userLdapGroups)->pluck('id');
+		// sync groups
+		if ($this->config['remove_from_groups']) {
+			$user->roles()->sync($ldapGroupsAsRoles);
+			$this->userRepo->attachDefaultRole($user);
+		} else {
+			$user->roles()->syncWithoutDetaching($ldapGroupsAsRoles);
+		}
+
+		// make the user an admin?
+		if (in_array($this->config['admin'],$userLdapGroups)) {
+			$this->userRepo->attachSystemRole($user,'admin');
+		}
+	}
+
+	/**
+	 * Filter to convert the groups from ldap to the format of the roles name on BookStack
+	 * Spaces replaced with -, all lowercase letters
+	 * @param array $groups
+	 * @return array
+	 */
+	private function groupNameFilter($groups)
+	{
+		$return = [];
+		foreach ($groups as $groupName) {
+			$return[] = str_replace(' ', '-', strtolower($groupName));
+		}
+		return $return;
+	}
+}