You are here

Home » API reference » simpleSAMLphp Authentication 7.2 » simplesamlphp_auth.module

function _simplesamlphp_auth_evaulaterolerule in simpleSAMLphp Authentication 7.2

Same name and namespace in other branches
  1. 6.3 simplesamlphp_auth.module \_simplesamlphp_auth_evaulaterolerule()
  2. 6.2 simplesamlphp_auth.module \_simplesamlphp_auth_evaulaterolerule()
  3. 7.3 simplesamlphp_auth.module \_simplesamlphp_auth_evaulaterolerule()
  4. 7 simplesamlphp_auth.module \_simplesamlphp_auth_evaulaterolerule()

Evaluates a role rule. The rules work as follows: = does an exact match on an attribute and will iterate over array values if the array is multivalued. @= matches the domain portion of an email address. It assumes the attribute is a string, and will not iterate over an array (but take the first value). ~= does a partial string match on the attribute, and does iterate over multiple values, returning true if any of the values match.

Parameters

array $roleruleevaluation: An array containing the role rule to evaluate.

array $attributes: An array containing the identity attributes.

Return value

array An array containing role value and the attribute, or FALSE.

1 call to _simplesamlphp_auth_evaulaterolerule()
_simplesamlphp_auth_rolepopulation in ./simplesamlphp_auth.module
Performs role population.

File

./simplesamlphp_auth.module, line 713
simpleSAMLphp authentication module for Drupal.

Code

function _simplesamlphp_auth_evaulaterolerule($roleruleevaluation, $attributes) {
  _simplesaml_auth_debug(t('Evaluate rule (key=%key,operator=%op,value=%val)', array(
    '%key' => $roleruleevaluation[0],
    '%op' => $roleruleevaluation[1],
    '%val' => $roleruleevaluation[2],
  )));
  if (!array_key_exists($roleruleevaluation[0], $attributes)) {
    return FALSE;
  }
  $attribute = $attributes[$roleruleevaluation[0]];
  switch ($roleruleevaluation[1]) {
    case '=':
      return in_array($roleruleevaluation[2], $attribute);
    case '@=':
      $dc = explode('@', $attribute[0]);
      if (count($dc) != 2) {
        return FALSE;
      }
      return $dc[1] == $roleruleevaluation[2];
    case '~=':
      foreach ($attribute as $subattr) {
        $pos = strpos($subattr, $roleruleevaluation[2]);
        if ($pos !== FALSE) {
          return TRUE;
        }
      }
      return FALSE;
  }
  return FALSE;
}