You are here

Home » API reference » CAS roles 6

cas_roles.module in CAS roles 6

Same filename and directory in other branches
  1. 8 cas_roles.module
  2. 7.2 cas_roles.module
  3. 7 cas_roles.module

Allows user account and profile attributes to be automatically populated using tokens. Provides basic tokens for attributes returned by the CAS server.

File

cas_roles.module
View source 
<?php

/**
 * @file
 * Allows user account and profile attributes to be automatically populated
 * using tokens. Provides basic tokens for attributes returned by the CAS
 * server.
 */

/**
 * Only assign roles which are present in drupal and match,
 * remove user roles not present in CAS.
 */
define('CAS_ROLES_DRUPAL_ROLES_ONLY', 0);

/**
 * Create roles which don't exits in Drupal,
 * remove user roles not present in CAS.
 */
define('CAS_ROLES_CREATE_NEW_ROLES', 1);

/**
 * Match roles with regular expressions.
 */
define('CAS_ROLES_MATCH_REGEX', 2);

/**
 * Implements hook_menu().
 */
function cas_roles_menu() {
  $items = array();
  $items['admin/user/cas/roles'] = array(
    'title' => 'Roles',
    'description' => 'Settings for CAS roles.',
    'page callback' => 'drupal_get_form',
    'page arguments' => array(
      'cas_roles_admin_settings',
    ),
    'access arguments' => array(
      'administer cas',
    ),
    'file' => 'cas_roles.admin.inc',
    'type' => MENU_LOCAL_TASK,
    'weight' => -7,
  );
  return $items;
}

/**
 * Implements hook_cas_user_presave().
 */
function cas_roles_cas_user_presave(&$edit, $account) {
  $sync_every_login = variable_get('cas_roles_sync_every_login', 0);
  $behavior = variable_get('cas_roles_behavior', CAS_ROLES_DRUPAL_ROLES_ONLY);
  $roles = variable_get('cas_roles_roles', '');
  $relations = variable_get('cas_roles_relations', array(
    DRUPAL_AUTHENTICATED_RID => NULL,
  ));

  // We synchronize on the first login (always) & on future logins (if chosen).
  if ($account->login && !$sync_every_login) {

    // The user has logged in before and we are not set to always synchronize.
    return;
  }

  // The users CAS attributes from the CAS module.
  $cas_attributes = $edit['cas_user']['attributes'];

  // get the name of the attributes
  $tokens = token_scan($roles);

  //$tokens = token_find_with_prefix($tokens['cas'], 'attribute');
  $new_tokens = array();
  foreach ($tokens as $token) {
    $new_tokens[str_replace('cas-attribute-', '', $token)] = '[' . $token . ']';
  }
  $tokens = $new_tokens;

  // An Array with the relevant CAS attribute arrays.
  $arr = array();
  foreach ($tokens as $name => $original) {
    $chain = explode('-', $name);
    $tmp = $cas_attributes;
    foreach ($chain as $link) {
      if (isset($tmp[$link])) {
        $tmp = $tmp[$link];
      }
    }
    $arr[$original] = $tmp;
  }

  // Assemble the patterns.
  $role_patterns = array(
    $roles,
  );
  foreach ($arr as $token => $elements) {
    foreach ($role_patterns as $key => $pattern) {
      $new_pattern = array();
      if (!is_array($elements)) {
        $new_pattern[] = str_replace($token, $elements, $pattern);
      }
      else {
        foreach ($elements as $element) {
          $new_pattern[] = str_replace($token, $element, $pattern);
        }
      }
      unset($role_patterns[$key]);
      $role_patterns = array_merge($role_patterns, $new_pattern);
    }
  }
  $role_patterns = array_unique($role_patterns);
  if ($behavior == CAS_ROLES_CREATE_NEW_ROLES) {
    $new_roles = array_diff($role_patterns, user_roles());

    // Create new roles.
    foreach ($new_roles as $new) {
      $role = (object) array(
        'name' => $new,
      );
      user_role_save($role);
    }
  }
  if ($behavior == CAS_ROLES_MATCH_REGEX) {

    // Do regexp matching!
    $custom_roles = cas_roles_cutsom_user_roles();
    $new_user_roles = $edit['roles'];
    foreach ($custom_roles as $rid => $role) {
      if ($relations[$rid]) {
        $matches = preg_grep($relations[$rid], $role_patterns);
        if (!empty($matches)) {
          $new_user_roles[$rid] = $role;
        }
        else {
          unset($new_user_roles[$rid]);
        }
      }
    }
  }
  else {

    // Just assign the roles!
    // Add the authenticated user role.
    $new_user_roles = array_intersect(cas_roles_cutsom_user_roles(), $role_patterns);
    $new_user_roles[DRUPAL_AUTHENTICATED_RID] = 'authenticated user';
  }

  // Set the (new) roles.
  $edit['roles'] = $new_user_roles;
}

/**
 * Function to remove the authenticated user role.
 */
function cas_roles_cutsom_user_roles($permission = NULL) {
  return array_diff_key(user_roles(TRUE, $permission), array(
    DRUPAL_AUTHENTICATED_RID => 'authenticated user',
  ));
}

/**
 * Backport user_role_save
 * Ahh the joys which drupal 7 brings...
 */
if (!function_exists('user_role_save')) {
  function user_role_save($role) {
    require_once drupal_get_path('module', 'user') . "/user.admin.inc";
    $form_id = "user_admin_new_role";
    $form_values = array();
    $form_values["name"] = $role->name;
    $form_values["op"] = t('Add role');
    $form_state = array();
    $form_state["values"] = $form_values;
    drupal_execute($form_id, $form_state);
  }
}

Functions

Namesort descending Description
cas_roles_cas_user_presave Implements hook_cas_user_presave().
cas_roles_cutsom_user_roles Function to remove the authenticated user role.
cas_roles_menu Implements hook_menu().

Constants

Namesort descending Description
CAS_ROLES_CREATE_NEW_ROLES Create roles which don't exits in Drupal, remove user roles not present in CAS.
CAS_ROLES_DRUPAL_ROLES_ONLY Only assign roles which are present in drupal and match, remove user roles not present in CAS.
CAS_ROLES_MATCH_REGEX Match roles with regular expressions.