|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
namespace App\Controller\Api; |
|
4
|
|
|
|
|
5
|
|
|
use App\Entity\ActiveDirectoryUser; |
|
6
|
|
|
use App\Repository\UserRepositoryInterface; |
|
7
|
|
|
use App\Request\ActiveDirectoryUserRequest; |
|
8
|
|
|
use App\Response\ErrorResponse; |
|
9
|
|
|
use App\Response\ListActiveDirectoryUserResponse; |
|
10
|
|
|
use App\Response\ViolationListResponse; |
|
11
|
|
|
use App\Security\ActiveDirectoryUserInformation; |
|
12
|
|
|
use App\Security\UserCreator; |
|
13
|
|
|
use Nelmio\ApiDocBundle\Annotation\Model; |
|
14
|
|
|
use OpenApi\Attributes as OA; |
|
15
|
|
|
use Sensio\Bundle\FrameworkExtraBundle\Configuration\IsGranted; |
|
16
|
|
|
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController; |
|
17
|
|
|
use Symfony\Component\HttpFoundation\Response; |
|
18
|
|
|
use Symfony\Component\Routing\Annotation\Route; |
|
19
|
|
|
use App\Response\ActiveDirectoryUser as ActiveDirectoryUserResponse; |
|
20
|
|
|
|
|
21
|
|
|
/** |
|
22
|
|
|
* Endpunkte für den Active Directory Connect Client |
|
23
|
|
|
*/ |
|
24
|
|
|
#[Route(path: '/api/ad_connect')] |
|
25
|
|
|
#[IsGranted('ROLE_ADCONNECT')] |
|
26
|
|
|
class ActiveDirectoryConnectController extends AbstractController { |
|
27
|
|
|
|
|
28
|
|
|
public function __construct(private UserCreator $userCreator, private UserRepositoryInterface $repository) { } |
|
29
|
|
|
|
|
30
|
|
|
/** |
|
31
|
|
|
* [Active Directory Connect Client] Gibt die Liste aller Benutzer zurück, die über den Active Directory Connect Client provisioniert wurden. Benutzer, |
|
32
|
|
|
* die gelöscht (aber nicht endgültig gelöscht sind), werden hier nicht berücksichtigt. |
|
33
|
|
|
*/ |
|
34
|
|
|
#[OA\Get(operationId: 'api_adconnect_list_users', tags: [ 'Active Directory Connect Client'])] |
|
35
|
|
|
#[OA\Response( |
|
36
|
|
|
response: "200", |
|
37
|
|
|
description: "Liste der Active Directory Benutzer.", |
|
38
|
|
|
content: new Model(type: ListActiveDirectoryUserResponse::class ) |
|
39
|
|
|
)] |
|
40
|
|
|
#[Route(path: '', methods: ['GET'])] |
|
41
|
|
|
public function list(): Response { |
|
42
|
|
|
$users = array_map(fn(ActiveDirectoryUser $user) => $this->transformResponse($user), $this->repository->findAllActiveDirectoryUsers()); |
|
43
|
|
|
return $this->json(new ListActiveDirectoryUserResponse($users)); |
|
44
|
|
|
} |
|
45
|
|
|
|
|
46
|
|
|
/** |
|
47
|
|
|
* [Active Directory Connect Client] Benutzer erstellen |
|
48
|
|
|
*/ |
|
49
|
|
|
#[OA\Post(operationId: 'api_adconnect_new_user', tags: [ 'Active Directory Connect Client'])] |
|
50
|
|
|
#[OA\RequestBody(content: new Model(type: ActiveDirectoryUserRequest::class))] |
|
51
|
|
|
#[OA\Response(response: '201', description: 'Benutzer wurde erfolgreich angelegt.')] |
|
52
|
|
|
#[OA\Response(response: '400', description: 'Validierung fehlgeschlagen.', content: new Model(type:ViolationListResponse::class))] |
|
53
|
|
|
#[OA\Response(response: '500', description: 'Serverfehler', content: new Model(type: ErrorResponse::class))] |
|
54
|
|
|
#[Route(path: '', methods: ['POST'])] |
|
55
|
|
|
public function add(ActiveDirectoryUserRequest $request): Response { |
|
56
|
|
|
$userInfo = $this->transformRequest($request); |
|
57
|
|
|
|
|
58
|
|
|
if($this->userCreator->canCreateUser($userInfo)) { |
|
59
|
|
|
$user = $this->userCreator->createUser($userInfo); |
|
60
|
|
|
$user->setDeletedAt(null); // Adds ability to restore users from Active Directory Connect |
|
61
|
|
|
$this->repository->persist($user); |
|
62
|
|
|
|
|
63
|
|
|
return new Response(null, Response::HTTP_CREATED); |
|
64
|
|
|
} |
|
65
|
|
|
|
|
66
|
|
|
return $this->json( |
|
67
|
|
|
new ErrorResponse('Cannot create user. Specify a sync rule first.') |
|
68
|
|
|
); |
|
69
|
|
|
} |
|
70
|
|
|
|
|
71
|
|
|
/** |
|
72
|
|
|
* [Active Directory Connect Client] Benutzer aktualisieren |
|
73
|
|
|
*/ |
|
74
|
|
|
#[OA\Patch(operationId: 'api_adconnect_update_user', tags: [ 'Active Directory Connect Client'])] |
|
75
|
|
|
#[OA\RequestBody(content: new Model(type:ActiveDirectoryUserRequest::class))] |
|
76
|
|
|
#[OA\Response(response: '200', description: 'Benutzer wurde erfolgreich aktualisiert.')] |
|
77
|
|
|
#[OA\Response(response: '400', description: 'Validierung fehlgeschlagen.', content: new Model(type:ViolationListResponse::class))] |
|
78
|
|
|
#[OA\Response(response: '500', description: 'Serverfehler', content: new Model(type: ErrorResponse::class))] |
|
79
|
|
|
#[Route(path: '/{objectGuid}', methods: ['PATCH'])] |
|
80
|
|
|
public function update(ActiveDirectoryUser $user, ActiveDirectoryUserRequest $request): Response { |
|
81
|
|
|
$user = $this->userCreator->createUser($this->transformRequest($request), $user); |
|
82
|
|
|
$this->repository->persist($user); |
|
83
|
|
|
return new Response(null, Response::HTTP_NO_CONTENT); |
|
84
|
|
|
} |
|
85
|
|
|
|
|
86
|
|
|
/** |
|
87
|
|
|
* [Active Directory Connect Client] Benutzer löschen |
|
88
|
|
|
*/ |
|
89
|
|
|
#[OA\Delete(operationId: 'api_adconnect_delete_user', tags: [ 'Active Directory Connect Client'])] |
|
90
|
|
|
#[OA\Response(response: '204', description: 'Benutzer wurde erfolgreich gelöscht.')] |
|
91
|
|
|
#[OA\Response(response: '404', description: 'Benutzer wurde nicht gefunden.')] |
|
92
|
|
|
#[OA\Response(response: '500', description: 'Serverfehler', content: new Model(type: ErrorResponse::class))] |
|
93
|
|
|
#[Route(path: '/{objectGuid}', methods: ['DELETE'])] |
|
94
|
|
|
public function remove(ActiveDirectoryUser $user): Response { |
|
95
|
|
|
$this->repository->remove($user); |
|
96
|
|
|
return new Response(null, Response::HTTP_NO_CONTENT); |
|
97
|
|
|
} |
|
98
|
|
|
|
|
99
|
|
|
private function transformRequest(ActiveDirectoryUserRequest $request): ActiveDirectoryUserInformation { |
|
100
|
|
|
return (new ActiveDirectoryUserInformation()) |
|
101
|
|
|
->setUsername($request->getSamAccountName()) |
|
102
|
|
|
->setUserPrincipalName($request->getUserPrincipalName()) |
|
103
|
|
|
->setFirstname($request->getFirstname()) |
|
104
|
|
|
->setLastname($request->getLastname()) |
|
105
|
|
|
->setEmail($request->getEmail()) |
|
106
|
|
|
->setGuid($request->getObjectGuid()) |
|
107
|
|
|
->setOu($request->getOu()) |
|
108
|
|
|
->setGroups($request->getGroups()); |
|
109
|
|
|
} |
|
110
|
|
|
|
|
111
|
|
|
private function transformResponse(ActiveDirectoryUser $user): ActiveDirectoryUserResponse { |
|
112
|
|
|
return new ActiveDirectoryUserResponse($user->getUserIdentifier(), $user->getFirstname(), $user->getLastname(), $user->getGrade(), $user->getObjectGuid()); |
|
|
|
|
|
|
113
|
|
|
} |
|
114
|
|
|
} |
SchulIT /
idp
Loading history...