You are here

Home » API reference » CAS roles 7.2

README.txt in CAS roles 7.2

Same filename and directory in other branches
  1. 8 README.txt
  2. 6 README.txt
  3. 7 README.txt
==== CAS Roles ====

=== Introduction ===

This Module is supposed to be used in conjunction with cas and cas_attributes.
The general working principle is as follows:
You select a mask which contains attributes from the CAS user as a CAS role
reference. (If one of the CAS attributes is an array, the CAS role reference
is also an array. If several attributes are arrays, then the role reference is
the combination of all elements with all others.)
This role reference is then compared to the Drupal roles.
How this comparison is done can be configured.


=== Options ===

== Fetch CAS Roles ==
  * only when a CAS account is created (i.e., the first login of a CAS user).
     The roles are only set at the first login, when the user is created. The
     roles are not removed later.

  * every time a CAS user logs in.
     Every time the user logs in, the roles are updated.

== Attribute for roles ==

A CAS attribute just like in the module cas_attributes.

The CAS attribute may also be an array or even a nested array.
The field may also contain several CAS attributes in a token format. If for
example you put: "[cas-attribute-drupal_roles]-[cas-attribute-campus]" and
someone logs in with the roles "student" and "volunteer" and has as campus
attribute "main" the result would be an array containing "student-main" and
"volunteer-main".

The roles are attributed if any of the array elements match

== CAS roles mappings ==

Regular expression to map user roles. The role is assigned if one of the roles
in the attribute array matches the expression. An empty field means the role is
not administrated by CAS.

The field needs to be empty or a valid regular expression.


=== Examples ===

Your organisation has many departments and a variety of roles that are
important in other parts of your system. The client site you want to build only
needs a handful of roles but they depend on a variety of different attributes.

Lets assume for this example that one of the CAS attributes is called 'code'
and may contain a two digit country code. Another CAS attribute is called
'roles' and contains one or many roles which follow a certain pattern.
You would like to give users from a specific country special rights, while
other users may have a role 

configuration: * Fetch CAS Roles: every time a CAS user logs in. 
               * CAS vs Drupal roles: Match roles with regular expressions.
               * Attribute for roles:
      [cas:attribute:code] [cas:attribute:roles]

Now the array with be the code a space and a role per item. If more than one
attribute is an array the array used for the comparison is all possible
combinations of the different items.

If any of the items in this big array matches the regular expression for the
role, this role is assigned if none matches the role is removed.
If there is no regular expression pattern, the role will not be assigned nor
removed by cas_roles.

(side-note: if you have several complicated conditions and you are worried it
doesn't scale you may be better off implementing a module with
hook_cas_user_presave() to cater your specialised needs)

File

README.txt
View source 
  1. ==== CAS Roles ====

  2. 

  3. === Introduction ===

  4. 

  5. This Module is supposed to be used in conjunction with cas and cas_attributes.

  6. The general working principle is as follows:

  7. You select a mask which contains attributes from the CAS user as a CAS role

  8. reference. (If one of the CAS attributes is an array, the CAS role reference

  9. is also an array. If several attributes are arrays, then the role reference is

  10. the combination of all elements with all others.)

  11. This role reference is then compared to the Drupal roles.

  12. How this comparison is done can be configured.

  13. 

  14. 

  15. === Options ===

  16. 

  17. == Fetch CAS Roles ==

  18.   * only when a CAS account is created (i.e., the first login of a CAS user).

  19.      The roles are only set at the first login, when the user is created. The

  20.      roles are not removed later.

  21. 

  22.   * every time a CAS user logs in.

  23.      Every time the user logs in, the roles are updated.

  24. 

  25. == Attribute for roles ==

  26. 

  27. A CAS attribute just like in the module cas_attributes.

  28. 

  29. The CAS attribute may also be an array or even a nested array.

  30. The field may also contain several CAS attributes in a token format. If for

  31. example you put: "[cas-attribute-drupal_roles]-[cas-attribute-campus]" and

  32. someone logs in with the roles "student" and "volunteer" and has as campus

  33. attribute "main" the result would be an array containing "student-main" and

  34. "volunteer-main".

  35. 

  36. The roles are attributed if any of the array elements match

  37. 

  38. == CAS roles mappings ==

  39. 

  40. Regular expression to map user roles. The role is assigned if one of the roles

  41. in the attribute array matches the expression. An empty field means the role is

  42. not administrated by CAS.

  43. 

  44. The field needs to be empty or a valid regular expression.

  45. 

  46. 

  47. === Examples ===

  48. 

  49. Your organisation has many departments and a variety of roles that are

  50. important in other parts of your system. The client site you want to build only

  51. needs a handful of roles but they depend on a variety of different attributes.

  52. 

  53. Lets assume for this example that one of the CAS attributes is called 'code'

  54. and may contain a two digit country code. Another CAS attribute is called

  55. 'roles' and contains one or many roles which follow a certain pattern.

  56. You would like to give users from a specific country special rights, while

  57. other users may have a role 

  58. 

  59. configuration: * Fetch CAS Roles: every time a CAS user logs in. 

  60.                * CAS vs Drupal roles: Match roles with regular expressions.

  61.                * Attribute for roles:

  62.       [cas:attribute:code] [cas:attribute:roles]

  63. 

  64. Now the array with be the code a space and a role per item. If more than one

  65. attribute is an array the array used for the comparison is all possible

  66. combinations of the different items.

  67. 

  68. If any of the items in this big array matches the regular expression for the

  69. role, this role is assigned if none matches the role is removed.

  70. If there is no regular expression pattern, the role will not be assigned nor

  71. removed by cas_roles.

  72. 

  73. (side-note: if you have several complicated conditions and you are worried it

  74. doesn't scale you may be better off implementing a module with

  75. hook_cas_user_presave() to cater your specialised needs)