Merge pull request #1 from ckogler-elements/master

Exclude users by there path / user_paths

README.md

@@ -52,7 +52,7 @@ Pimcore >= 5.1.0
 * **filter**: It lets you configure which LDAP query will be used. The {uid_key} string will be replaced by the value of the uid_key configuration value (by default, sAMAccountName), and the {username} string will be replaced by the username you are trying to load (required, default: `({uid_key}={username})`).
 * **exclude**: [DEPRECATED] List of Pimcore's usernames to exclude from LDAP authentication (example: `['admin']`). If already configured the values will be merged to `exclude_rules.users` configuration.
 * **exclude_rules**: List of rules which determine if a user has to be excluded from LDAP authentication (it supports regular expressions, see below).
-    * **users**: List of usernames or regular expressions matching usernames to exclude from LDAP authentication (example: `['admin', '/^noldap.*/i']` to exclude the user `admin` and all users with a username starting with `noldap` like `noldap_alep`).
+    * **users**: List of usernames or regular expressions matching usernames (or user full paths if the user already exists) to exclude from LDAP authentication (example: `['admin', '/^noldap.*/i']` to exclude the user `admin` and all users with a username starting with `noldap` like `noldap_alep`).
     * **roles**: List of roles or regular expressions matching role names to exclude from LDAP authentication (example: `['ROLE_PIMCORE_ADMIN', '/^ROLE_NOLDAP.*/i']` to exclude the users with `ROLE_PIMCORE_ADMIN` assigned and all users with a role starting with `ROLE_NOLDAP` like `ROLE_NOLDAP_USERS`).
 * **default_roles**: List of Pimcore's roles you wish to give to a user fetched from the LDAP server (example: `['ROLE_LDAP_USERS']`). All the configured default roles needs to be already present in Pimcore.
 * **mapper**: Data mapper service used to map ldap user data to Pimcore user (required, default: `Alep\LdapBundle\DataMapper\DefaultLdapUserMapper`). See [Custom data mapper](#custom-data-mapper) to build your own data mapper.

src/EventListener/LoginListener.php

@@ -147,9 +147,23 @@ private function isExcluded($username) {
 
         //Check users excluding rules
         if(isset($this->exclude_rules['users'])) {
+
+            $user = User::getByName($username);
+            $userFullPath = '';
+            if($user instanceof User) {
+                $tmp = $user;
+                $pathParts = [];
+                while ($tmp->getParentId()) {
+                    $folder = User\Folder::getById($tmp->getParentId());
+                    $pathParts[] = $folder->getName();
+                    $tmp = $folder;
+                }
+                $userFullPath = '/' . implode('/', array_reverse($pathParts)) . '/' . $username;
+            }
+
             foreach ($this->exclude_rules['users'] as $userExcludeRule) {
                 if (@preg_match($userExcludeRule, null) !== false) { //Check as regex (@ sign in front of the regex function is to prevent warnings on the valid regex test)
-                    if (preg_match($userExcludeRule, $username)) {
+                    if (preg_match($userExcludeRule, $username)  || preg_match($userExcludeRule, $userFullPath)) {
                         return true;
                     }
                 } elseif ($username == $userExcludeRule) { //Check as string