You are here

Home » API reference » simpleSAMLphp Authentication 7.3 » simplesamlphp_auth.module

function _simplesamlphp_auth_rolepopulation in simpleSAMLphp Authentication 7.3

Same name and namespace in other branches
  1. 6.3 simplesamlphp_auth.module \_simplesamlphp_auth_rolepopulation()
  2. 6.2 simplesamlphp_auth.module \_simplesamlphp_auth_rolepopulation()
  3. 7 simplesamlphp_auth.module \_simplesamlphp_auth_rolepopulation()
  4. 7.2 simplesamlphp_auth.module \_simplesamlphp_auth_rolepopulation()

Performs role population.

Parameters

array $rolemap: A string containing the role map.

Return value

array An array containing user's roles.

2 calls to _simplesamlphp_auth_rolepopulation()
_simplesaml_auth_user_login in ./simplesamlphp_auth.inc
Logs an SAML-authenticated user into Drupal.
_simplesaml_auth_user_register in ./simplesamlphp_auth.inc
Creates a new Drupal account for a SAML authenticated user.

File

./simplesamlphp_auth.module, line 625
simpleSAMLphp authentication module for Drupal.

Code

function _simplesamlphp_auth_rolepopulation($rolemap) {
  global $_simplesamlphp_auth_as;
  global $_simplesamlphp_auth_saml_attributes;
  $roles = array();
  if (variable_get('simplesamlphp_auth_debug', 0)) {
    watchdog('simplesamlphp_auth', 'Rolemap: %rolemap', array(
      '%rolemap' => $rolemap,
    ), WATCHDOG_DEBUG);
  }

  // Check if valid local session exists..
  if (!empty($rolemap) && $_simplesamlphp_auth_as
    ->isAuthenticated()) {
    $attributes = $_simplesamlphp_auth_saml_attributes;
    if (variable_get('simplesamlphp_auth_debug', 0)) {
      watchdog('simplesamlphp_auth', 'Evaluate rolemap: %rolemap', array(
        '%rolemap' => $rolemap,
      ), WATCHDOG_DEBUG);
    }
    $rolerules = explode('|', $rolemap);
    foreach ($rolerules as $rolerule) {
      if (variable_get('simplesamlphp_auth_debug', 0)) {
        watchdog('simplesamlphp_auth', 'Evaluate role rule: %rolerule', array(
          '%rolerule' => $rolerule,
        ), WATCHDOG_DEBUG);
      }
      $roleruledecompose = explode(':', $rolerule, 2);
      $roleid = $roleruledecompose[0];
      $roleruleevaluations = explode(';', $roleruledecompose[1]);
      $addnew = TRUE;
      foreach ($roleruleevaluations as $roleruleevaluation) {
        if (variable_get('simplesamlphp_auth_debug', 0)) {
          watchdog('simplesamlphp_auth', 'Evaluate role evaulation: %roleruleeval', array(
            '%roleruleeval' => $roleruleevaluation,
          ), WATCHDOG_DEBUG);
        }
        $roleruleevaluationdc = str_getcsv($roleruleevaluation);
        if (!_simplesamlphp_auth_evaulaterolerule($roleruleevaluationdc, $attributes)) {
          $addnew = FALSE;
        }
      }
      if ($addnew) {
        $roles[$roleid] = $roleid;
        if (variable_get('simplesamlphp_auth_debug', 0)) {
          watchdog('simplesamlphp_auth', 'Add new role: %roleid', array(
            '%roleid' => $roleid,
          ), WATCHDOG_DEBUG);
        }
      }
    }
  }
  drupal_alter('simplesamlphp_auth_user_roles', $roles);
  return $roles;
}