kanboard
Set role for users created from OAuth2
This plugin does not set any role when a user logs in via OAuth2. This is sensible in so far as it does not override the role stored in the database for a given user, however there does not seem to be a good way to influence the default role a user gets upon creation[^1].
I want all users that are implicitly created through OAuth2 to be managers, but not override if a user has been given administrator privileges. I managed to achieve this by patching GenericOAuth2UserProvider, but I’m not confident enough with PHP and this code base in particular to submit this as patch, so I’ll just attach it here. But if you’re fine with it, I can certainly change this to a pull request.
diff --git a/User/GenericOAuth2UserProvider.php b/User/GenericOAuth2UserProvider.php
index 7e501fa..defde20 100644
--- a/User/GenericOAuth2UserProvider.php
+++ b/User/GenericOAuth2UserProvider.php
@@ -4,6 +4,7 @@ namespace Kanboard\Plugin\OAuth2\User;
use Kanboard\Core\Base;
use Kanboard\Core\User\UserProviderInterface;
+use Kanboard\Core\Security\Role;
use Pimple\Container;
/**
@@ -121,6 +122,13 @@ class GenericOAuth2UserProvider extends Base implements UserProviderInterface
*/
public function getRole()
{
+ $profile = $this->userModel->getByExternalId($this->getExternalIdColumn(), $this->getExternalId());
+
+ if (empty($profile)) {
+ // new user
+ return Role::APP_MANAGER;
+ }
+
return '';
}
[^1]: I briefly thought about changing the default for the role column in the users database table, but … what could possibly go wrong.
