protected function CasAttributesSubscriber::doRoleMapCheck in CAS Attributes 2.x
Same name and namespace in other branches
- 8 src/Subscriber/CasAttributesSubscriber.php \Drupal\cas_attributes\Subscriber\CasAttributesSubscriber::doRoleMapCheck()
Determine which roles should be added/removed based on attributes.
Parameters
array $attributes: The attributes associated with the user.
Return value
array Array containing two keys:
- add: the list of RIDs to add to the user
- remove: the list of RIDs to remove from the user
2 calls to CasAttributesSubscriber::doRoleMapCheck()
- CasAttributesSubscriber::onPreLogin in src/
Subscriber/ CasAttributesSubscriber.php - Subscribe to the CasPreLoginEvent.
- CasAttributesSubscriber::onPreRegister in src/
Subscriber/ CasAttributesSubscriber.php - Subscribe to the CasPreRegisterEvent.
File
- src/
Subscriber/ CasAttributesSubscriber.php, line 187
Class
- CasAttributesSubscriber
- Provides a CasAttributesSubscriber.
Namespace
Drupal\cas_attributes\SubscriberCode
protected function doRoleMapCheck(array $attributes = NULL) {
$role_map = $this->settings
->get('role.mappings');
if (empty($role_map)) {
return [
'add' => [],
'remove' => [],
];
}
$rolesToAdd = [];
$rolesToRemove = [];
if (is_array($attributes)) {
// Change attribute names to lower case. We do this for attributes used
// as tokens as well so this keeps their usage consistent no where
// they are used.
$attributes = array_change_key_case($attributes, CASE_LOWER);
}
foreach ($role_map as $condition) {
// Force attr name to lowercase before comparing as we lowered the case
// of the attributes array as well. This allows case differences between
// the attribute names returned from the server and the ones configured
// to not matter.
$conditionAttribute = strtolower($condition['attribute']);
// Attribute not found; don't map role.
if (!isset($attributes[$conditionAttribute])) {
continue;
}
$attributeValue = $attributes[$conditionAttribute];
if (!is_array($attributeValue)) {
$attributeValue = [
$attributeValue,
];
}
$valueToMatch = $condition['value'];
$matched = FALSE;
switch ($condition['method']) {
case 'exact_single':
$matched = $this
->checkRoleMatchExactSingle($attributeValue, $valueToMatch);
break;
case 'exact_any':
$matched = $this
->checkRoleMatchExactAny($attributeValue, $valueToMatch);
break;
case 'contains_any':
$matched = $this
->checkRoleMatchContainsAny($attributeValue, $valueToMatch);
break;
case 'regex_any':
$matched = $this
->checkRoleMatchRegexAny($attributeValue, $valueToMatch);
default:
}
if (isset($condition['negate']) && $condition['negate']) {
$matched = !$matched;
}
if ($matched) {
$rolesToAdd[] = $condition['rid'];
}
elseif ($condition['remove_without_match']) {
$rolesToRemove[] = $condition['rid'];
}
}
return [
'add' => $rolesToAdd,
'remove' => $rolesToRemove,
];
}