From df28327bba235204f9012ec9f35f88e2a5ace0e3 Mon Sep 17 00:00:00 2001
From: Nicolas Ducoulombier <nicolas@ldd.fr>
Date: Mon, 23 Sep 2024 14:56:39 +0200
Subject: [PATCH] Plugin: Azure: adapt order for role verification to have
 first admin, then teacher to avoid setting a teacher role to an admin - refs
 BT#21500

---
 plugin/azure_active_directory/src/callback.php | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/plugin/azure_active_directory/src/callback.php b/plugin/azure_active_directory/src/callback.php
index 6e59c9c8123..3bc85d443c5 100644
--- a/plugin/azure_active_directory/src/callback.php
+++ b/plugin/azure_active_directory/src/callback.php
@@ -97,10 +97,9 @@
 
         $azureGroups = $provider->get('me/memberOf', $token);
 
-        foreach ($azureGroups as $azureGroup) {
-            $azureGroupUid = $azureGroup['objectId'];
-
-            foreach ($roleGroups as $userRole => $groupUid) {
+        foreach ($roleGroups as $userRole => $groupUid) {
+            foreach ($azureGroups as $azureGroup) {
+                $azureGroupUid = $azureGroup['objectId'];
                 if ($azureGroupUid === $groupUid) {
                     $roleActions[$userRole]($user);