oimer/GTA
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6f75a669060a731d5f92c649a06b298adcf89052
GTA/project/public/php/check-user-groups.php
Ouijdane IMER 6f75a66906 Revert "V1_GTA" 
This reverts commit 881476122c.
2025-12-02 17:50:31 +01:00

148 lines
4.4 KiB
PHP
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<?php
header("Access-Control-Allow-Origin: *");
header("Content-Type: application/json");
header("Access-Control-Allow-Headers: Content-Type, Authorization");
// Connexion DB
$host = "192.168.0.4";
$dbname = "DemandeConge";
$username = "wpuser";
$password = "-2b/)ru5/Bi8P[7_";
$conn = new mysqli($host, $username, $password, $dbname);
if ($conn->connect_error) {
die(json_encode(["authorized" => false, "message" => "Erreur DB: " . $conn->connect_error]));
}
// --- ID du groupe cible (Ensup-Groupe) ---
$groupId = "c1ea877c-6bca-4f47-bfad-f223640813a0";
// Récupération des données POST
$data = json_decode(file_get_contents("php://input"), true);
$userPrincipalName = $data["userPrincipalName"] ?? "";
// Récupération du token dans les headers
$headers = getallheaders();
$accessToken = isset($headers['Authorization'])
? str_replace("Bearer ", "", $headers['Authorization'])
: "";
if (!$userPrincipalName || !$accessToken) {
echo json_encode(["authorized" => false, "message" => "Email ou token manquant"]);
exit;
}
/**
* Fonction générique pour appeler Graph API
*/
function callGraph($url, $accessToken, $method = "GET", $body = null) {
$ch = curl_init($url);
$headers = ["Authorization: Bearer $accessToken"];
if ($method === "POST") {
$headers[] = "Content-Type: application/json";
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $body);
}
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
if ($httpCode !== 200) {
return null;
}
return json_decode($response, true);
}
/**
* Vérifier si utilisateur appartient à un groupe
*/
function isUserInGroup($userId, $groupId, $accessToken) {
$url = "https://graph.microsoft.com/v1.0/users/$userId/checkMemberGroups";
$data = json_encode(["groupIds" => [$groupId]]);
$result = callGraph($url, $accessToken, "POST", $data);
return $result && isset($result["value"]) && in_array($groupId, $result["value"]);
}
// 🔹 1. Vérifier si utilisateur existe déjà en DB
$stmt = $conn->prepare("SELECT id, entraUserId, prenom, nom, email, service, role FROM CollaborateurAD WHERE email = ? LIMIT 1");
$stmt->bind_param("s", $userPrincipalName);
$stmt->execute();
$result = $stmt->get_result();
$user = $result->fetch_assoc();
$stmt->close();
if ($user) {
echo json_encode([
"authorized" => true,
"role" => $user["role"],
"groups" => [$user["role"]],
"localUserId" => (int)$user["id"], // 🔹 ajout important
"user" => $user
]);
$conn->close();
exit;
}
// 🔹 2. Sinon → chercher lutilisateur dans Microsoft Graph
$userGraph = callGraph("https://graph.microsoft.com/v1.0/users/$userPrincipalName?\$select=id,displayName,givenName,surname,mail,department,jobTitle", $accessToken);
if (!$userGraph) {
echo json_encode([
"authorized" => false,
"message" => "Utilisateur introuvable dans Entra ou token invalide"
]);
$conn->close();
exit;
}
// 🔹 3. Vérifier appartenance au groupe Ensup-Groupe
$isInTargetGroup = isUserInGroup($userGraph["id"], $groupId, $accessToken);
if (!$isInTargetGroup) {
echo json_encode([
"authorized" => false,
"message" => "Utilisateur non autorisé : il n'appartient pas au groupe requis"
]);
$conn->close();
exit;
}
// 🔹 4. Insérer dans la base si nouveau
$entraUserId = $userGraph["id"];
$prenom = $userGraph["givenName"] ?? "";
$nom = $userGraph["surname"] ?? "";
$email = $userGraph["mail"] ?? $userPrincipalName;
$service = $userGraph["department"] ?? "";
$role = "Collaborateur"; // rôle par défaut
$stmt = $conn->prepare("INSERT INTO CollaborateurAD (entraUserId, prenom, nom, email, service, role)
VALUES (?, ?, ?, ?, ?, ?)");
$stmt->bind_param("ssssss", $entraUserId, $prenom, $nom, $email, $service, $role);
$stmt->execute();
$newUserId = $stmt->insert_id;
$stmt->close();
// 🔹 5. Réponse finale
echo json_encode([
"authorized" => true,
"role" => $role,
"groups" => [$role],
"localUserId" => (int)$newUserId,
"user" => [
"id" => $newUserId,
"entraUserId" => $entraUserId,
"prenom" => $prenom,
"nom" => $nom,
"email" => $email,
"service" => $service,
"role" => $role
]
]);
$conn->close();
?>
Reference in New Issue View Git Blame Copy Permalink