You are here

Home » API reference » CAS Attributes 2.x » CasAttributesSubscriber.php » CasAttributesSubscriber

protected function CasAttributesSubscriber::doRoleMapCheck in CAS Attributes 2.x

Same name and namespace in other branches
  1. 8 src/Subscriber/CasAttributesSubscriber.php \Drupal\cas_attributes\Subscriber\CasAttributesSubscriber::doRoleMapCheck()

Determine which roles should be added/removed based on attributes.

Parameters

array $attributes: The attributes associated with the user.

Return value

array Array containing two keys:

  • add: the list of RIDs to add to the user
  • remove: the list of RIDs to remove from the user
2 calls to CasAttributesSubscriber::doRoleMapCheck()
CasAttributesSubscriber::onPreLogin in src/Subscriber/CasAttributesSubscriber.php
Subscribe to the CasPreLoginEvent.
CasAttributesSubscriber::onPreRegister in src/Subscriber/CasAttributesSubscriber.php
Subscribe to the CasPreRegisterEvent.

File

src/Subscriber/CasAttributesSubscriber.php, line 187

Class

CasAttributesSubscriber
Provides a CasAttributesSubscriber.

Namespace

Drupal\cas_attributes\Subscriber

Code

protected function doRoleMapCheck(array $attributes = NULL) {
  $role_map = $this->settings
    ->get('role.mappings');
  if (empty($role_map)) {
    return [
      'add' => [],
      'remove' => [],
    ];
  }
  $rolesToAdd = [];
  $rolesToRemove = [];
  if (is_array($attributes)) {

    // Change attribute names to lower case. We do this for attributes used
    // as tokens as well so this keeps their usage consistent no where
    // they are used.
    $attributes = array_change_key_case($attributes, CASE_LOWER);
  }
  foreach ($role_map as $condition) {

    // Force attr name to lowercase before comparing as we lowered the case
    // of the attributes array as well. This allows case differences between
    // the attribute names returned from the server and the ones configured
    // to not matter.
    $conditionAttribute = strtolower($condition['attribute']);

    // Attribute not found; don't map role.
    if (!isset($attributes[$conditionAttribute])) {
      continue;
    }
    $attributeValue = $attributes[$conditionAttribute];
    if (!is_array($attributeValue)) {
      $attributeValue = [
        $attributeValue,
      ];
    }
    $valueToMatch = $condition['value'];
    $matched = FALSE;
    switch ($condition['method']) {
      case 'exact_single':
        $matched = $this
          ->checkRoleMatchExactSingle($attributeValue, $valueToMatch);
        break;
      case 'exact_any':
        $matched = $this
          ->checkRoleMatchExactAny($attributeValue, $valueToMatch);
        break;
      case 'contains_any':
        $matched = $this
          ->checkRoleMatchContainsAny($attributeValue, $valueToMatch);
        break;
      case 'regex_any':
        $matched = $this
          ->checkRoleMatchRegexAny($attributeValue, $valueToMatch);
      default:
    }
    if (isset($condition['negate']) && $condition['negate']) {
      $matched = !$matched;
    }
    if ($matched) {
      $rolesToAdd[] = $condition['rid'];
    }
    elseif ($condition['remove_without_match']) {
      $rolesToRemove[] = $condition['rid'];
    }
  }
  return [
    'add' => $rolesToAdd,
    'remove' => $rolesToRemove,
  ];
}