From e283739f7a31c05bc3965adc880ea061f55bb9da Mon Sep 17 00:00:00 2001
From: Francesco Malvezzi <francesco.malvezzi@unimore.it>
Date: Fri, 10 Apr 2015 14:07:35 +0200
Subject: [PATCH] Added $shib_group_delete flag

---
 README.md          |  9 +++++++++
 ShibAuthPlugin.php | 11 +++++++----
 2 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 66f3541..69bddb6 100644
--- a/README.md
+++ b/README.md
@@ -38,6 +38,15 @@ $shib_email = isset($_SERVER['HTTP_EMAIL']) ? $_SERVER['HTTP_EMAIL'] : null;
 $shib_groups = isset($_SERVER['isMemberOf']) ? $_SERVER['isMemberOf'] : null;
 $shib_group_prefix = "wiki";
 
+// Should pre-existing groups be deleted?
+// If groups are fetched only from Shibboleth it should be true
+// if memberships are granted from mediawiki User rights management
+// page, it should be false
+// PLEASE NOTE: with $shib_group_delete = false, in order to revoke
+// a membership it should be deleted both from Shibboleth and 
+// User rights management page!
+$shib_group_delete = false;
+
 // The ShibUpdateUser hook is executed on login.
 // It has two arguments:
 // - $existing: True if this is an existing user, false if it is a new user being added
diff --git a/ShibAuthPlugin.php b/ShibAuthPlugin.php
index 1a0084b..065756a 100644
--- a/ShibAuthPlugin.php
+++ b/ShibAuthPlugin.php
@@ -469,11 +469,14 @@ function ShibUserLoadFromSession($user, &$result)
 function ShibAddGroups($user) {
 	global $shib_groups;
 	global $shib_group_prefix;
+	global $shib_group_delete;
 
-	$oldGroups = $user->getGroups();
-        foreach ($oldGroups as $group) {
-                $user->removeGroup($group);
-        }
+	if (isset($shib_group_delete) && $shib_group_delete) {
+		$oldGroups = $user->getGroups();
+        	foreach ($oldGroups as $group) {
+                	$user->removeGroup($group);
+        	}
+	}
 
 	if (isset($shib_groups)) {
 		foreach (explode(';', $shib_groups) as $group) {
-- 
GitLab