public function SimplesamlphpDrupalAuth::getMatchingRoles in simpleSAMLphp Authentication 8.3

Get matching user roles to assign to user.

Matching roles are based on retrieved SimpleSAMLphp attributes.

Return value

array List of matching roles to assign to user.

1 call to SimplesamlphpDrupalAuth::getMatchingRoles()

SimplesamlphpDrupalAuth::roleMatchSync in src/Service/SimplesamlphpDrupalAuth.php

Synchronizes (adds/removes) user account roles.

File

src/Service/SimplesamlphpDrupalAuth.php, line 339

Class

SimplesamlphpDrupalAuth

Service to link SimpleSAMLphp authentication with Drupal users.

Namespace

Drupal\simplesamlphp_auth\Service

Code

public function getMatchingRoles() {
  $roles = [];

  // Obtain the role map stored. The role map is a concatenated string of
  // rules which, when SimpleSAML attributes on the user match, will add
  // roles to the user.
  // The full role map string, when mapped to the variables below, presents
  // itself thus:
  // $role_id:$key,$op,$value;$key,$op,$value;|$role_id:$key,$op,$value etc.
  if ($rolemap = $this->config
    ->get('role.population')) {
    foreach (explode('|', $rolemap) as $rolerule) {
      list($role_id, $role_eval) = explode(':', $rolerule, 2);
      foreach (explode(';', $role_eval) as $role_eval_part) {
        if ($this
          ->evalRoleRule($role_eval_part)) {
          $roles[$role_id] = $role_id;
        }
      }
    }
  }
  $attributes = $this->simplesamlAuth
    ->getAttributes();
  $this->moduleHandler
    ->alter('simplesamlphp_auth_user_roles', $roles, $attributes);
  return $roles;
}