function _simplesamlphp_auth_evaulaterolerule in simpleSAMLphp Authentication 7.3
Same name and namespace in other branches
- 6.3 simplesamlphp_auth.module \_simplesamlphp_auth_evaulaterolerule()
- 6.2 simplesamlphp_auth.module \_simplesamlphp_auth_evaulaterolerule()
- 7 simplesamlphp_auth.module \_simplesamlphp_auth_evaulaterolerule()
- 7.2 simplesamlphp_auth.module \_simplesamlphp_auth_evaulaterolerule()
Evaluates a role rule.
The rules work as follows: = does an exact match on an attribute and will iterate over array values if the array is multivalued. @= matches the domain portion of an email address. It assumes the attribute is a string, and will not iterate over an array (but take the first value). ~= does a partial string match on the attribute, and does iterate over multiple values, returning true if any of the values match.
Parameters
array $roleruleevaluation: An array containing the role rule to evaluate.
array $attributes: An array containing the identity attributes.
Return value
array An array containing role value and the attribute, or FALSE.
1 call to _simplesamlphp_auth_evaulaterolerule()
- _simplesamlphp_auth_rolepopulation in ./
simplesamlphp_auth.module - Performs role population.
File
- ./
simplesamlphp_auth.module, line 577 - simpleSAMLphp authentication module for Drupal.
Code
function _simplesamlphp_auth_evaulaterolerule($roleruleevaluation, $attributes) {
if (variable_get('simplesamlphp_auth_debug', 0)) {
watchdog('simplesamlphp_auth', 'Evaluate rule (key=%key,operator=%op,value=%val)', array(
'%key' => $roleruleevaluation[0],
'%op' => $roleruleevaluation[1],
'%val' => $roleruleevaluation[2],
), WATCHDOG_DEBUG);
}
if (!array_key_exists($roleruleevaluation[0], $attributes)) {
return FALSE;
}
$attribute = $attributes[$roleruleevaluation[0]];
switch ($roleruleevaluation[1]) {
case '=':
return in_array($roleruleevaluation[2], $attribute);
case '@=':
$dc = explode('@', $attribute[0]);
if (count($dc) != 2) {
return FALSE;
}
return $dc[1] == $roleruleevaluation[2];
case '~=':
foreach ($attribute as $subattr) {
$pos = strpos($subattr, $roleruleevaluation[2]);
if ($pos !== FALSE) {
return TRUE;
}
}
return FALSE;
}
return FALSE;
}