Permissions for Custom User Object Attributes in LDAP or AD

Introduction

Active Directory schemas often come with many customizations to cater to an organization's specific requirements.

How does it work?

This guide applies to all permission types, such as Form Permission and UI Category Permission.

The code snippet below can be used in Bean Shell Permission to retrieve the values of your custom user object attribute and to perform permission logic.

import java.util.Map;
import org.joget.directory.model.User;
import org.joget.plugin.ldap.model.UserLDAPImpl;
import javax.naming.directory.Attributes;
 
public boolean isAuthorized(User user, Map params) {
 
    /*
    'user' parameter is current user
    'user' parameter is of User object, UserLDAPImpl extends User
    */
 
    // Check if current user is not anonymous & current user belongs to AD user
    if (user != null && user instanceof UserLDAPImpl) {
 
        // Cast 'user' object to UserLDAPImpl
        UserLDAPImpl ldapUser = (UserLDAPImpl) user;
 
        // Re-use method getAttributes() to get user details
        Attributes attrs = ldapUser.getAttributes();
 
        //Change the attribute name here to suit your requirements
        String attributeName = "cn";
        if (attrs.get(attributeName) != null) {
 
            //This is how to retrieve attribute values
            System.out.println(attrs.get(attributeName).get().toString());
 
            /*
            Perform your permission logic for AD users here
            */
        }
    } else if (user != null && !(user instanceof UserLDAPImpl)) {
        /*
        Handle permission logic for non-AD users
        */
    } else {
        return false;
    }
}
 
//call isAuthorized method with injected variable
return isAuthorized(user, requestParams);

Created by Marcos Last modified by Aadrian on Dec 13, 2024

Tags:

Previous Using GIT for Feature Development in Joget NextInternationalization