You are here

function shib_auth_assignroles in Shibboleth Authentication 7.4

Same name and namespace in other branches
  1. 6.4 shib_auth.module \shib_auth_assignroles()

Defines authorization rules for assigning roles to users.

The admin can define authorization rules based on the server variables (possibly provided by Shibboleth IdP) to give roles to users. The rules can be defined as a [server field - Regexp - role(s)] triplet.

1 call to shib_auth_assignroles()
shib_auth_role_assignment in ./shib_auth.module
Assigns roles to the user's session.

File

./shib_auth.module, line 1263
Drupal Shibboleth authentication module.

Code

function shib_auth_assignroles() {
  global $user;
  $profile_changed = 0;

  // Store roles for further examination.
  $former_roles = serialize($user->roles);

  // Sticky rules come first.
  $rules = db_select('shib_auth', 'c')
    ->fields('c')
    ->orderBy('sticky', 'DESC')
    ->execute();
  while ($rule = $rules
    ->fetchAssoc()) {
    if ($profile_changed && !$rule['sticky']) {

      // This is the first non-sticky rule, and sticky rules have modified the
      // user's roles.
      shib_auth_save_roles();
      $profile_changed = 0;
    }

    // Only sticky rules return >0.
    $profile_changed += shib_auth_process_rule($rule);
  }
  if ($profile_changed) {
    shib_auth_save_roles();
  }
  $user->roles = array_filter($user->roles);

  // If the user roles array has been changed then reset the permission cache.
  if (serialize($user->roles) != $former_roles) {

    // Hack to reset the permissions
    // Clear the user access cache.
    drupal_static_reset('user_access');
    drupal_static_reset('menu_get_item');
  }
  $_SESSION['shib_auth_rolelog'] = '1';
}