function shib_auth_assignroles in Shibboleth Authentication 6.4
Same name and namespace in other branches
- 7.4 shib_auth.module \shib_auth_assignroles()
The admin can define authorization rules based on the server variables (possibly provided by Shibboleth IdP) to give roles to users. The rules can be defined as a [server field - Regexp - role(s)] triplet
1 call to shib_auth_assignroles()
- shib_auth_role_assignment in ./
shib_auth.module - Assign roles to the user's session
File
- ./
shib_auth.module, line 1051 - Drupal Shibboleth authentication module.
Code
function shib_auth_assignroles() {
global $user;
$profile_changed = 0;
// Store roles for further examination
$former_roles = serialize($user->roles);
// Sticky rules come first
$rules = db_query("SELECT * FROM {shib_auth} ORDER BY sticky DESC");
while ($rule = db_fetch_array($rules)) {
if ($profile_changed && !$rule['sticky']) {
// This is the first non-sticky rule, and sticky rules have modified the user's roles
shib_auth_save_roles();
$profile_changed = 0;
}
$profile_changed += shib_auth_process_rule($rule);
// Only sticky rules return >0
}
if ($profile_changed) {
// must do this in case there's no non-sticky rule
shib_auth_save_roles();
}
$user->roles = array_filter($user->roles);
// If the user roles array has been changed then reset the permission cache
if (serialize($user->roles) != $former_roles) {
// Hack to reset the permissions
user_access('access content', $account, TRUE);
}
$_SESSION['shib_auth_rolelog'] = '1';
}