<?php 
/**
 * Allow site to gather more information from the LDAP Directory in order to
 * update user account.
 *
 * In order to activate the custom synchro, you need to:
 * - Implement the sync method of LDAPPluginCustomUserSync below.
 *   The current implementation is given as an example of what is possible, you
 *   can remove it.
 *   If you want to keep the default synchro (Real name & email), keep the first
 *   line: $modified = parent::sync($user, $lr);
 * - Once you are done with the implementation, in order to activate it, just
 *   uncomment the variable definition below ($syncClass).
 */

/*
 * In order to activate your own synchronization implementation, 
 * just uncomment the line below.
 */
//$syncClass = 'LDAPPluginCustomUserSync';

/*
 * Example of implementation: we want to restrict people based on some 
 * attribute:
 */
class LDAPPluginCustomUserSync extends LDAP_UserSync {

    /**
     * Return the sync attributes
     *
     *@return Array
     */ 
    public function getSyncAttributes($ldap) {
        $this->attributes = array('cn', 'mail', 'employeetype', 'st-eduid', 'o', 'uid', 'st-entrystatus');
        return $this->attributes;
    }
    
    /**
     * Do all the synchronization between an ldap result and a Codendi user.
     *
     * This method returns if it modified the user or not. This is usefull during
     * batch process in order to limit computing.
     * General advise when you manipulate LDAP attributes. They are case insensitive
     * So employeetype: GOLD == GoLd == gold. So we highly advise to 'strtolower'
     * all your tests.
     *
     * @param PFUser       $user Codendi user
     * @param LDAPResult $lr   Ldap result
     *
     * @return Boolean True if the method modified the user object
     */
    public function sync(PFUser $user, LDAPResult $lr) {
        $modified = parent::sync($user, $lr);

        switch (strtolower($lr->get('employeetype'))) {
            case 'company':
            case 'gold_partners':
                if ($user->getStatus() != PFUser::STATUS_ACTIVE) {
                    $user->setStatus(PFUser::STATUS_ACTIVE);
                    $modified = true;
                }
                break;

            default:
                if ($user->getStatus() != PFUser::STATUS_RESTRICTED) {
                    $user->setStatus(PFUser::STATUS_RESTRICTED);
                    $modified = true;
                    if (isset($GLOBALS['Response'])) {
                        $GLOBALS['Response']->addFeedback('info', "Your account is restricted to projects your are member of");
                    }
                }
                break;
        }

        // Suspend users that left the company and still present in LDAP
        if ($lr->get('st-entrystatus') == 'T') {
            $user->setStatus(PFUser::STATUS_SUSPENDED);
            $modified = true;
        }

        return $modified;
    }
}

?>