You are here

Home » API reference » CAS roles 7

README.txt in CAS roles 7

Same filename and directory in other branches
  1. 8 README.txt
  2. 6 README.txt
  3. 7.2 README.txt
==== CAS Roles ====

=== Introduction ===

This Module is supposed to be used in conjunction with cas and cas_attributes.
The general working principle is as follows:
You select a mask which contains attributes from the CAS user as a CAS role
reference. (If one of the CAS attributes is an array, the CAS role reference
is also an array. If several attributes are arrays, then the role reference is
the combination of all elements with all others.)
This role reference is then compared to the Drupal roles.
How this comparison is done can be configured.


=== Options ===

== Fetch CAS Roles ==
  * only when a CAS account is created (i.e., the first login of a CAS user).
     The roles are only set at the first login, when the user is created. The
     roles are not removed later.

  * every time a CAS user logs in.
     Every time the user logs in, the roles are updated. 

== CAS vs Drupal roles ==
  * Only assign roles which are present in Drupal and match, remove user roles not present in CAS.
     If a role from CAS matches the name of a Drupal role, the role is assigned. 
     If a user has a role in Drupal but the role is not in the CAS attribute, the role is removed.
     
  * Create roles which don't exits in Drupal, remove user roles not present in CAS.
     The same as the first option except new Drupal roles are created for every new CAS attribute.
     
  * Match roles with regular expressions. 
     The roles are managed by regular expressions. This is the option which
     justifies the use of this module.

== Attribute for roles ==

A CAS attribute just like in the module cas_attributes.

The CAS attribute may also be an array or even a nested array.
The field may also contain several CAS attributes in a token format. If for
example you put: "[cas-attribute-drupal_roles]-[cas-attribute-campus]" and
someone logs in with the roles "student" and "volunteer" and has as campus
attribute "main" the result would be an array containing "student-main" and
"volunteer-main".

The roles are attributed if any of the array elements match

== CAS roles mappings ==

Regular expression to map user roles. The role is assigned if one of the roles
in the attribute array matches the expression. An empty field means the role is
not administrated by CAS.

The field needs to be empty or a valid regular expression.


=== Examples ===

== simple use case ==

you would like all roles from your cas_server enabled Drupal host to be 
propagated to users on the client system.

configuration: * Fetch CAS Roles: every time a CAS user logs in. 
               * CAS vs Drupal roles: the first two options both work,
                 it depends on whether you would like roles created on the
                 server to be created on the client.
               * Attribute for roles: [cas:attribute:drupal_roles]
                 (This is the default that ships with cas_server)

how it works: [cas:attribute:drupal_roles] is translated into an array with all
the roles so for our practical example it becomes:
array( 'authenticated user', 'editor', 'teacher' )

Then the items in this array are compared with the roles on your client system.
The roles that are present among the items are assigned, roles the user may
have but which are not present in the array are removed.
If you selected "Create roles" the roles which don't exist on the client are
created.

If you would like to have a role or two save from the removal (a local role)
you can use the regular expression matching or the role option of
cas_attributes


== complex use case ==

Your organisation has many departments and a variety of roles that are
important in other parts of your system. The client site you want to build only
needs a handful of roles but they depend on a variety of different attributes.

Lets assume for this example that one of the CAS attributes is called 'code'
and may contain a two digit country code. Another CAS attribute is called
'roles' and contains one or many roles which follow a certain pattern.
You would like to give users from a specific country special rights, while
other users may have a role 

configuration: * Fetch CAS Roles: every time a CAS user logs in. 
               * CAS vs Drupal roles: Match roles with regular expressions.
               * Attribute for roles:
      [cas:attribute:code] [cas:attribute:roles]

Now the array with be the code a space and a role per item. If more than one
attribute is an array the array used for the comparison is all possible
combinations of the different items.

If any of the items in this big array matches the regular expression for the
role, this role is assigned if none matches the role is removed.
If there is no regular expression pattern, the role will not be assigned nor
removed by cas_roles.

(side-note: if you have several complicated conditions and you are worried it
doesn't scale you may be better off implementing a module with
hook_cas_user_presave() to cater your specialised needs)

File

README.txt
View source 
  1. ==== CAS Roles ====

  2. 

  3. === Introduction ===

  4. 

  5. This Module is supposed to be used in conjunction with cas and cas_attributes.

  6. The general working principle is as follows:

  7. You select a mask which contains attributes from the CAS user as a CAS role

  8. reference. (If one of the CAS attributes is an array, the CAS role reference

  9. is also an array. If several attributes are arrays, then the role reference is

  10. the combination of all elements with all others.)

  11. This role reference is then compared to the Drupal roles.

  12. How this comparison is done can be configured.

  13. 

  14. 

  15. === Options ===

  16. 

  17. == Fetch CAS Roles ==

  18.   * only when a CAS account is created (i.e., the first login of a CAS user).

  19.      The roles are only set at the first login, when the user is created. The

  20.      roles are not removed later.

  21. 

  22.   * every time a CAS user logs in.

  23.      Every time the user logs in, the roles are updated. 

  24. 

  25. == CAS vs Drupal roles ==

  26.   * Only assign roles which are present in Drupal and match, remove user roles not present in CAS.

  27.      If a role from CAS matches the name of a Drupal role, the role is assigned. 

  28.      If a user has a role in Drupal but the role is not in the CAS attribute, the role is removed.

  29.      

  30.   * Create roles which don't exits in Drupal, remove user roles not present in CAS.

  31.      The same as the first option except new Drupal roles are created for every new CAS attribute.

  32.      

  33.   * Match roles with regular expressions. 

  34.      The roles are managed by regular expressions. This is the option which

  35.      justifies the use of this module.

  36. 

  37. == Attribute for roles ==

  38. 

  39. A CAS attribute just like in the module cas_attributes.

  40. 

  41. The CAS attribute may also be an array or even a nested array.

  42. The field may also contain several CAS attributes in a token format. If for

  43. example you put: "[cas-attribute-drupal_roles]-[cas-attribute-campus]" and

  44. someone logs in with the roles "student" and "volunteer" and has as campus

  45. attribute "main" the result would be an array containing "student-main" and

  46. "volunteer-main".

  47. 

  48. The roles are attributed if any of the array elements match

  49. 

  50. == CAS roles mappings ==

  51. 

  52. Regular expression to map user roles. The role is assigned if one of the roles

  53. in the attribute array matches the expression. An empty field means the role is

  54. not administrated by CAS.

  55. 

  56. The field needs to be empty or a valid regular expression.

  57. 

  58. 

  59. === Examples ===

  60. 

  61. == simple use case ==

  62. 

  63. you would like all roles from your cas_server enabled Drupal host to be 

  64. propagated to users on the client system.

  65. 

  66. configuration: * Fetch CAS Roles: every time a CAS user logs in. 

  67.                * CAS vs Drupal roles: the first two options both work,

  68.                  it depends on whether you would like roles created on the

  69.                  server to be created on the client.

  70.                * Attribute for roles: [cas:attribute:drupal_roles]

  71.                  (This is the default that ships with cas_server)

  72. 

  73. how it works: [cas:attribute:drupal_roles] is translated into an array with all

  74. the roles so for our practical example it becomes:

  75. array( 'authenticated user', 'editor', 'teacher' )

  76. 

  77. Then the items in this array are compared with the roles on your client system.

  78. The roles that are present among the items are assigned, roles the user may

  79. have but which are not present in the array are removed.

  80. If you selected "Create roles" the roles which don't exist on the client are

  81. created.

  82. 

  83. If you would like to have a role or two save from the removal (a local role)

  84. you can use the regular expression matching or the role option of

  85. cas_attributes

  86. 

  87. 

  88. == complex use case ==

  89. 

  90. Your organisation has many departments and a variety of roles that are

  91. important in other parts of your system. The client site you want to build only

  92. needs a handful of roles but they depend on a variety of different attributes.

  93. 

  94. Lets assume for this example that one of the CAS attributes is called 'code'

  95. and may contain a two digit country code. Another CAS attribute is called

  96. 'roles' and contains one or many roles which follow a certain pattern.

  97. You would like to give users from a specific country special rights, while

  98. other users may have a role 

  99. 

  100. configuration: * Fetch CAS Roles: every time a CAS user logs in. 

  101.                * CAS vs Drupal roles: Match roles with regular expressions.

  102.                * Attribute for roles:

  103.       [cas:attribute:code] [cas:attribute:roles]

  104. 

  105. Now the array with be the code a space and a role per item. If more than one

  106. attribute is an array the array used for the comparison is all possible

  107. combinations of the different items.

  108. 

  109. If any of the items in this big array matches the regular expression for the

  110. role, this role is assigned if none matches the role is removed.

  111. If there is no regular expression pattern, the role will not be assigned nor

  112. removed by cas_roles.

  113. 

  114. (side-note: if you have several complicated conditions and you are worried it

  115. doesn't scale you may be better off implementing a module with

  116. hook_cas_user_presave() to cater your specialised needs)