Remove user_paths and add it to the "users" exclude functionality

README.md

@@ -52,8 +52,7 @@ Pimcore >= 5.1.0
 * **filter**: It lets you configure which LDAP query will be used. The {uid_key} string will be replaced by the value of the uid_key configuration value (by default, sAMAccountName), and the {username} string will be replaced by the username you are trying to load (required, default: `({uid_key}={username})`).
 * **exclude**: [DEPRECATED] List of Pimcore's usernames to exclude from LDAP authentication (example: `['admin']`). If already configured the values will be merged to `exclude_rules.users` configuration.
 * **exclude_rules**: List of rules which determine if a user has to be excluded from LDAP authentication (it supports regular expressions, see below).
-    * **users**: List of usernames or regular expressions matching usernames to exclude from LDAP authentication (example: `['admin', '/^noldap.*/i']` to exclude the user `admin` and all users with a username starting with `noldap` like `noldap_alep`).
-    * **user_paths**: List of paths or regular expressions matching user paths to exclude from LDAP authentication (example: `['no-ldap-users', '/.*mycomany.com.*/i']` to exclude users in the folder "no-ldap-users" or users that full path/folder path matches thes regex. e.g /at-users-mycompany.com/no-lap)
+    * **users**: List of usernames or regular expressions matching usernames (or user full paths if the user already exists) to exclude from LDAP authentication (example: `['admin', '/^noldap.*/i']` to exclude the user `admin` and all users with a username starting with `noldap` like `noldap_alep`).
     * **roles**: List of roles or regular expressions matching role names to exclude from LDAP authentication (example: `['ROLE_PIMCORE_ADMIN', '/^ROLE_NOLDAP.*/i']` to exclude the users with `ROLE_PIMCORE_ADMIN` assigned and all users with a role starting with `ROLE_NOLDAP` like `ROLE_NOLDAP_USERS`).
 * **default_roles**: List of Pimcore's roles you wish to give to a user fetched from the LDAP server (example: `['ROLE_LDAP_USERS']`). All the configured default roles needs to be already present in Pimcore.
 * **mapper**: Data mapper service used to map ldap user data to Pimcore user (required, default: `Alep\LdapBundle\DataMapper\DefaultLdapUserMapper`). See [Custom data mapper](#custom-data-mapper) to build your own data mapper.

src/DependencyInjection/Configuration.php

@@ -80,7 +80,6 @@ public function getConfigTreeBuilder()
                     ->info('This is a list of usernames/roles to exclude from LDAP authentication (supports regular expressions).')
                     ->children()
                         ->arrayNode('users')->scalarPrototype()->end()->end()
-                        ->arrayNode('user_paths')->scalarPrototype()->end()->end()
                         ->arrayNode('roles')->scalarPrototype()->end()->end()
                     ->end()
                 ->end()

src/EventListener/LoginListener.php

@@ -147,39 +147,27 @@ private function isExcluded($username) {
 
         //Check users excluding rules
         if(isset($this->exclude_rules['users'])) {
-            foreach ($this->exclude_rules['users'] as $userExcludeRule) {
-                if (@preg_match($userExcludeRule, null) !== false) { //Check as regex (@ sign in front of the regex function is to prevent warnings on the valid regex test)
-                    if (preg_match($userExcludeRule, $username)) {
-                        return true;
-                    }
-                } elseif ($username == $userExcludeRule) { //Check as string
-                    return true;
-                }
-            }
-        }
 
-        //check user excluding paths
-        if(isset($this->exclude_rules['user_paths'])) {
             $user = User::getByName($username);
-            if($user instanceof User){
+            $userFullPath = '';
+            if($user instanceof User) {
                 $tmp = $user;
                 $pathParts = [];
-                while ($tmp->getParentId()){
+                while ($tmp->getParentId()) {
                     $folder = User\Folder::getById($tmp->getParentId());
                     $pathParts[] = $folder->getName();
                     $tmp = $folder;
                 }
-                $folderPath = '/'.implode('/',array_reverse($pathParts));
-
-                foreach ($this->exclude_rules['user_paths'] as $userExcludePath) {
+                $userFullPath = '/' . implode('/', array_reverse($pathParts)) . '/' . $username;
+            }
 
-                    if (@preg_match($userExcludePath, null) !== false) { //Check as regex (@ sign in front of the regex function is to prevent warnings on the valid regex test)
-                        if (preg_match($userExcludePath, $folderPath)) {
-                            return true;
-                        }
-                    } elseif($userExcludePath == $folderPath){
+            foreach ($this->exclude_rules['users'] as $userExcludeRule) {
+                if (@preg_match($userExcludeRule, null) !== false) { //Check as regex (@ sign in front of the regex function is to prevent warnings on the valid regex test)
+                    if (preg_match($userExcludeRule, $username)  || preg_match($userExcludeRule, $userFullPath)) {
                         return true;
                     }
+                } elseif ($username == $userExcludeRule) { //Check as string
+                    return true;
                 }
             }
         }