Application list display and specific rules
Concerned version
Version: %2.0.2
Platform: (Nginx/Apache/Node.js)
Summary
Application display does not always respect defined specific rule
Logs
no logs
Backends used
For any bug on configuration/sessions storage, give us details on backends
Possible fixes
I tried to identify the bug and found that it seems to come from what's called the "cache". Once i commented it, every application is rightfully displayed or hidden, respectfully to the defined special appdisplay rule :
in /usr/share/perl5/vendor_perl/Lemonldap/NG/Portal/Main/Menu.pm :
## @method private string _filterHash(hashref apphash)
# Remove unauthorized menu elements
# @param $apphash Menu elements
# @return filtered hash
sub _filterHash {
my ( $self, $req, $apphash ) = @_;
foreach my $key ( keys %$apphash ) {
next if $key =~ /(type|options|catname)/;
if ( $apphash->{$key}->{type}
and $apphash->{$key}->{type} eq "category" )
{
# Filter the category
$self->_filterHash( $req, $apphash->{$key} );
}
if ( $apphash->{$key}->{type}
and $apphash->{$key}->{type} eq "application" )
{
# Find sub applications and filter them
foreach my $appkey ( keys %{ $apphash->{$key} } ) {
next if $appkey =~ /(type|options|catname)/;
# We have sub elements, so we filter them
$self->_filterHash( $req, $apphash->{$key} );
}
# Check rights
my $appdisplay = $apphash->{$key}->{options}->{display}
|| "auto";
my ( $vhost, $appuri ) =
$apphash->{$key}->{options}->{uri} =~ m#^https?://([^/]*)(.*)#;
$vhost =~ s/:\d+$//;
$vhost = $self->p->HANDLER->resolveAlias($vhost);
$appuri ||= '/';
# Remove if display is "no" or "off"
delete $apphash->{$key} and next if ( $appdisplay =~ /^(no|off)$/ );
# Keep node if display is "yes" or "on"
next if ( $appdisplay =~ /^(yes|on)$/ );
my $cond = undef;
# Handle partner rules (SAML, CAS or OIDC)
if ( $appdisplay =~ /^sp:\s*(.*)$/ ) {
$self->logger->warn("jepassedanssamlcasoidc");#pouet
my $p = $1;
if ( my $sub = $self->p->spRules->{$p} ) {
eval {
delete $apphash->{$key}
unless ( $sub->( $req, $req->sessionInfo ) );
};
if ($@) {
$self->logger->error("Partner rule $p returns: $@");
}
}
next;
}
# If a specific rule exists, get it from cache or compile it
if ( $appdisplay !~ /^auto$/i ) {
# if ( $self->specific->{$appuri} ) {
# $cond = $self->specific->{$appuri};
# }
# else {
$cond = $self->specific->{$appuri} =
$self->p->HANDLER->buildSub(
$self->p->HANDLER->substitute($appdisplay) );
# }
}
# Check grant function if display is "auto" (this is the default)
delete $apphash->{$key}
unless (
$self->p->HANDLER->grant(
$req, $req->sessionInfo, $appuri, $cond, $vhost
)
);
next;
}
}
}