You are here

Home » API reference » Keycloak OpenID Connect 8 » KeycloakRoleMatcher.php » KeycloakRoleMatcher

protected function KeycloakRoleMatcher::evalRoleRule in Keycloak OpenID Connect 8

Check, if the given rule matches the user groups.

This method applies the given user group rule to the user groups and evaluates, whether the rule action should be executed or not.

Parameters

array $groups: User groups to evaluate.

array $rule: User group rule to evaluate.

Return value

bool TRUE, if the rule matches the groups, FALSE otherwise.

1 call to KeycloakRoleMatcher::evalRoleRule()
KeycloakRoleMatcher::applyRoleRules in src/Service/KeycloakRoleMatcher.php
Applies user role rules to the given user account.

File

src/Service/KeycloakRoleMatcher.php, line 410

Class

KeycloakRoleMatcher
Role matcher service.

Namespace

Drupal\keycloak\Service

Code

protected function evalRoleRule(array $groups, array $rule) {

  // Whether teh rule is disabled.
  if (!$rule['enabled']) {
    return FALSE;
  }
  $operation = $rule['operation'];

  // Check the 'empty' operation.
  if ($operation == 'empty') {
    return empty($groups);
  }

  // Check the 'not_empty' operation.
  if ($operation == 'not_empty') {
    return !empty($groups);
  }
  $pattern = $this
    ->getEvalPattern($rule['pattern'], $operation, $rule['case_sensitive']);

  // Apply the pattern to the user groups.
  $result = preg_grep($pattern, $groups);

  // Evaluate the result.
  // 'not' operations are TRUE, if the result array is empty.
  if ($operation == 'not_equal' || $operation == 'starts_not_with' || $operation == 'ends_not_with' || $operation == 'contains_not' || $operation == 'not_regex') {
    return empty($result);
  }

  // All other operations are TRUE, if the result array is not empty.
  return !empty($result);
}