Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /**
- * This function processes role assignment rules
- *
- * The function matches rule regular expressions with defined server variables
- * If there is a match, it assigns roles to the user logged in
- *
- * @param integer rule
- * The id of the rule currently processed.
- *
- * @return
- * 1 if profile changed and 0 if not.
- */
- function shib_auth_process_rule($rule) {
- global $user;
- $profile_changed = 0; // is a constant 0 when the rule is not a sticky one
- $fieldname = $rule['field'];
- $expression = '/' . urldecode($rule['regexpression']) . '/';
- // if the given server field exists
- if (isset($_SERVER[$fieldname])) {
- foreach (explode(';', $_SERVER[$fieldname]) as $value) {
- //check if the RegEx fits to one of the value of the server field
- if (preg_match($expression, trim($value))) {
- $roles = unserialize($rule['role']);
- // there is a match, so give this user the specified role(s)
- if (empty($roles)) {
- return NULL;
- }
- foreach ($roles as $role_id) {
- if (!$role_id)
- continue; // Zero is not allowed as a role_id
- $role_name = shib_auth_get_rolename($role_id);
- if (!empty ($user->roles[$role_id]) && $user->roles[$role_id] == $role_name) {
- continue; // NOP if the user already has the given role
- }
- $user->roles[$role_id] = $role_name;
- if ($rule['sticky']) { // Sticky rules change the profile
- $profile_changed = 1;
- if (!isset($_SESSION['shib_auth_rolelog'])) {
- watchdog('shib_grant_stick', 'Role "@id" has been permanently granted',
- array('@id' => $role_name), WATCHDOG_NOTICE);
- }
- }
- else {
- if (!isset($_SESSION['shib_auth_rolelog'])) {
- watchdog('shib_grant_role', 'Role "@id" has been granted',
- array('@id' => $role_name), WATCHDOG_NOTICE);
- }
- }
- }
- }
- }
- }
- return $profile_changed;
- } //function shib_auth_process_rule()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement