You are here

function _simplesamlphp_auth_rolepopulation in simpleSAMLphp Authentication 6.2

Same name and namespace in other branches
  1. 6.3 simplesamlphp_auth.module \_simplesamlphp_auth_rolepopulation()
  2. 7.3 simplesamlphp_auth.module \_simplesamlphp_auth_rolepopulation()
  3. 7 simplesamlphp_auth.module \_simplesamlphp_auth_rolepopulation()
  4. 7.2 simplesamlphp_auth.module \_simplesamlphp_auth_rolepopulation()

Performs role population.

Parameters

$rolemap: A string containing the role map.

Return value

An array containing user's roles.

1 call to _simplesamlphp_auth_rolepopulation()
simplesamlphp_auth_init in ./simplesamlphp_auth.module
Implementation of hook_init().

File

./simplesamlphp_auth.module, line 781
simpleSAMLphp authentication module for Drupal.

Code

function _simplesamlphp_auth_rolepopulation($rolemap) {
  global $_simplesamlphp_auth_as;
  global $_simplesamlphp_auth_saml_attributes;
  $roles = array();
  _simplesaml_auth_debug(t('Rolemap: %rolemap', array(
    '%rolemap' => $rolemap,
  )));

  // Check if valid local session exists..
  if ($_simplesamlphp_auth_as
    ->isAuthenticated()) {
    $attributes = $_simplesamlphp_auth_saml_attributes;
    if (empty($rolemap)) {
      return $roles;
    }
    _simplesaml_auth_debug(t('Evaluate rolemap: %rolemap', array(
      '%rolemap' => $rolemap,
    )));
    $rolerules = explode('|', $rolemap);
    foreach ($rolerules as $rolerule) {
      _simplesaml_auth_debug(t('Evaluate role rule: %rolerule', array(
        '%rolerule' => $rolerule,
      )));
      $roleruledecompose = explode(':', $rolerule);
      $roleid = $roleruledecompose[0];
      $roleruleevaluations = explode(';', $roleruledecompose[1]);
      $addnew = TRUE;
      foreach ($roleruleevaluations as $roleruleevaluation) {
        _simplesaml_auth_debug(t('Evaluate role evaulation: %roleruleeval', array(
          '%roleruleeval' => $roleruleevaluation,
        )));
        $roleruleevaluationdc = explode(',', $roleruleevaluation);
        if (!_simplesamlphp_auth_evaulaterolerule($roleruleevaluationdc, $attributes)) {
          $addnew = FALSE;
        }
      }
      if ($addnew) {
        $roles[$roleid] = $roleid;
        _simplesaml_auth_debug(t('Add new role: %roleid', array(
          '%roleid' => $roleid,
        )));
      }
    }
  }
  return $roles;
}