You are here

README.txt in CAS roles 8

Same filename and directory in other branches
  1. 6 README.txt
  2. 7.2 README.txt
  3. 7 README.txt
==== CAS Roles ====

=== Introduction ===

This Module is supposed to be used in conjunction with cas and cas_attributes.
The general working principle is as follows:
You select a mask which contains attributes from the CAS user as a CAS role
reference. (If one of the CAS attributes is an array, the CAS role reference
is also an array. If several attributes are arrays, then the role eference is
the combination of all elements with all others.)
This role reference is then compared to the drupal roles.
How this comparison is done can be configured.


=== Options ===

== Fetch CAS Roles ==
  * only when a CAS account is created (i.e., the first login of a CAS user).
     The roles are only set at the first login, when the user is created. The
		 roles are not removed later.

  * every time a CAS user logs in.
     Every time the user logs in, the roles are updated. 

== CAS vs Drupal roles ==
  * Only assign roles which are present in drupal and match, remove user roles not present in CAS.
     If a role from CAS matches the name of a drupal role, the role is assigned. 
     If a user has a role in drupal but the role is not in the CAS attribute, the role is removed.
     
  * Create roles which don't exits in Drupal, remove user roles not present in CAS.
     The same as the first option except new drupal roles are created for every new CAS attribute.
     
  * Match roles with regular expressions. 
     The roles are managed by regular expressions. This is the option which
		 justifies the use of this module.

== Attribute for roles ==

A CAS attribute just like in the module cas_attributes.

The CAS attribute may also be an array or even a nested array.
The field may also contain several CAS attributes in a token format. If for
example you put: "[cas-attribute-drupal_roles]-[cas-attribute-campus]" and
someone logs in with the roles "student" and "volunteer" and has as campus
attribute "main" the result would be an array containing "student-main" and
"volunteer-main".

The roles are attributed if any of the array elemnts match

== CAS roles mappings ==

Regular expression to map user roles. The role is assigned if one of the roles
in the attribute array matches the expression. An empty field means the role is
not administrated by CAS.

The field needs to be empty or a valid regular expression.


=== Examples ===

== simple use case ==

you would like all roles from your cas_server enabled drupal host to be 
propagated to users on the client system.

configuration: * Fetch CAS Roles: every time a CAS user logs in. 
               * CAS vs Drupal roles: the first two options both work,
							   it depends on whether you would like roles created on the
								 server to be created on the client.
							 * Attribute for roles: [cas:attribute:drupal_roles]
		             (This is the default that ships with cas_server)

how it works: [cas:attribute:drupal_roles] is translated into an array with all
the roles so for our practical example it becomes:
array( 'authenticated user', 'editor', 'teacher' )

Then the items in this array are compared with the roles on your client system.
The roles that are present among the items are assigned, roles the user may
have but which are not present in the array are removed.
If you selected "Create roles" the roles which don't exist on the client are
created.

If you would like to have a role or two save from the removal (a local role)
you can use the regular expression matching or the role option of
cas_attributes


== compelx use case ==

Your organisation has many depatrments and a variety of roles that are
important in other parts of your system. The client site you want to build only
needs a handfull of roles but they depend on a variety of different attributes.

Lets assume for this example that one of the CAS attributes is called 'code'
and may contain a two digit country code. Another CAS attribute is called
'roles' and contains one or many roles which follow a certain pattern.
You would like to give users from a specific country special rights, while
other users may have a role 

configuration: * Fetch CAS Roles: every time a CAS user logs in. 
               * CAS vs Drupal roles: Match roles with regular expressions.
							 * Attribute for roles:
			[cas:attribute:code] [cas:attribute:roles]

Now the array with be the code a space and a role per item. If more than one
attribute is an array the array used for the comparison is all possible
combinations of the different items.

If any of the items in this big array matches the rgular expression for the
role, this trole is assigned if none matches the role is removed.
If there is no regular expression pattern, the role will not be assigned or
removed by cas_roles.

(sidenote: if you have several complicated conditions and you are worried it
doesn't scale you may be better off implementing a module with
hook_cas_user_presave() to cater your specialised needs)



















File

README.txt
View source
  1. ==== CAS Roles ====
  2. === Introduction ===
  3. This Module is supposed to be used in conjunction with cas and cas_attributes.
  4. The general working principle is as follows:
  5. You select a mask which contains attributes from the CAS user as a CAS role
  6. reference. (If one of the CAS attributes is an array, the CAS role reference
  7. is also an array. If several attributes are arrays, then the role eference is
  8. the combination of all elements with all others.)
  9. This role reference is then compared to the drupal roles.
  10. How this comparison is done can be configured.
  11. === Options ===
  12. == Fetch CAS Roles ==
  13. * only when a CAS account is created (i.e., the first login of a CAS user).
  14. The roles are only set at the first login, when the user is created. The
  15. roles are not removed later.
  16. * every time a CAS user logs in.
  17. Every time the user logs in, the roles are updated.
  18. == CAS vs Drupal roles ==
  19. * Only assign roles which are present in drupal and match, remove user roles not present in CAS.
  20. If a role from CAS matches the name of a drupal role, the role is assigned.
  21. If a user has a role in drupal but the role is not in the CAS attribute, the role is removed.
  22. * Create roles which don't exits in Drupal, remove user roles not present in CAS.
  23. The same as the first option except new drupal roles are created for every new CAS attribute.
  24. * Match roles with regular expressions.
  25. The roles are managed by regular expressions. This is the option which
  26. justifies the use of this module.
  27. == Attribute for roles ==
  28. A CAS attribute just like in the module cas_attributes.
  29. The CAS attribute may also be an array or even a nested array.
  30. The field may also contain several CAS attributes in a token format. If for
  31. example you put: "[cas-attribute-drupal_roles]-[cas-attribute-campus]" and
  32. someone logs in with the roles "student" and "volunteer" and has as campus
  33. attribute "main" the result would be an array containing "student-main" and
  34. "volunteer-main".
  35. The roles are attributed if any of the array elemnts match
  36. == CAS roles mappings ==
  37. Regular expression to map user roles. The role is assigned if one of the roles
  38. in the attribute array matches the expression. An empty field means the role is
  39. not administrated by CAS.
  40. The field needs to be empty or a valid regular expression.
  41. === Examples ===
  42. == simple use case ==
  43. you would like all roles from your cas_server enabled drupal host to be
  44. propagated to users on the client system.
  45. configuration: * Fetch CAS Roles: every time a CAS user logs in.
  46. * CAS vs Drupal roles: the first two options both work,
  47. it depends on whether you would like roles created on the
  48. server to be created on the client.
  49. * Attribute for roles: [cas:attribute:drupal_roles]
  50. (This is the default that ships with cas_server)
  51. how it works: [cas:attribute:drupal_roles] is translated into an array with all
  52. the roles so for our practical example it becomes:
  53. array( 'authenticated user', 'editor', 'teacher' )
  54. Then the items in this array are compared with the roles on your client system.
  55. The roles that are present among the items are assigned, roles the user may
  56. have but which are not present in the array are removed.
  57. If you selected "Create roles" the roles which don't exist on the client are
  58. created.
  59. If you would like to have a role or two save from the removal (a local role)
  60. you can use the regular expression matching or the role option of
  61. cas_attributes
  62. == compelx use case ==
  63. Your organisation has many depatrments and a variety of roles that are
  64. important in other parts of your system. The client site you want to build only
  65. needs a handfull of roles but they depend on a variety of different attributes.
  66. Lets assume for this example that one of the CAS attributes is called 'code'
  67. and may contain a two digit country code. Another CAS attribute is called
  68. 'roles' and contains one or many roles which follow a certain pattern.
  69. You would like to give users from a specific country special rights, while
  70. other users may have a role
  71. configuration: * Fetch CAS Roles: every time a CAS user logs in.
  72. * CAS vs Drupal roles: Match roles with regular expressions.
  73. * Attribute for roles:
  74. [cas:attribute:code] [cas:attribute:roles]
  75. Now the array with be the code a space and a role per item. If more than one
  76. attribute is an array the array used for the comparison is all possible
  77. combinations of the different items.
  78. If any of the items in this big array matches the rgular expression for the
  79. role, this trole is assigned if none matches the role is removed.
  80. If there is no regular expression pattern, the role will not be assigned or
  81. removed by cas_roles.
  82. (sidenote: if you have several complicated conditions and you are worried it
  83. doesn't scale you may be better off implementing a module with
  84. hook_cas_user_presave() to cater your specialised needs)