ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
Authorize.php
Go to the documentation of this file.
1 <?php
2 
11 
17  protected $deny = FALSE;
18 
24  protected $regex = TRUE;
25 
32 
33 
41  public function __construct($config, $reserved) {
42  parent::__construct($config, $reserved);
43 
44  assert('is_array($config)');
45 
46  // Check for the deny option, get it and remove it
47  // Must be bool specifically, if not, it might be for a attrib filter below
48  if (isset($config['deny']) && is_bool($config['deny'])) {
49  $this->deny = $config['deny'];
50  unset($config['deny']);
51  }
52 
53  // Check for the regex option, get it and remove it
54  // Must be bool specifically, if not, it might be for a attrib filter below
55  if (isset($config['regex']) && is_bool($config['regex'])) {
56  $this->regex = $config['regex'];
57  unset($config['regex']);
58  }
59 
60  foreach ($config as $attribute => $values) {
61  if (is_string($values))
62  $values = array($values);
63  if (!is_array($values))
64  throw new Exception('Filter Authorize: Attribute values is neither string nor array: ' . var_export($attribute, TRUE));
65  foreach ($values as $value){
66  if(!is_string($value)) {
67  throw new Exception('Filter Authorize: Each value should be a string for attribute: ' . var_export($attribute, TRUE) . ' value: ' . var_export($value, TRUE) . ' Config is: ' . var_export($config, TRUE));
68  }
69  }
70  $this->valid_attribute_values[$attribute] = $values;
71  }
72  }
73 
74 
80  public function process(&$request) {
81  $authorize = $this->deny;
82  assert('is_array($request)');
83  assert('array_key_exists("Attributes", $request)');
84 
85  $attributes =& $request['Attributes'];
86 
87  foreach ($this->valid_attribute_values as $name => $patterns) {
88  if(array_key_exists($name, $attributes)) {
89  foreach ($patterns as $pattern){
90  $values = $attributes[$name];
91  if (!is_array($values))
92  $values = array($values);
93  foreach ($values as $value){
94  if ($this->regex) {
95  $matched = preg_match($pattern, $value);
96  } else {
97  $matched = ($value == $pattern);
98  }
99  if ($matched) {
100  $authorize = ($this->deny ? FALSE : TRUE);
101  break 3;
102  }
103  }
104  }
105  }
106  }
107  if (!$authorize){
108  $this->unauthorized($request);
109  }
110  }
111 
112 
125  protected function unauthorized(&$request) {
126  // Save state and redirect to 403 page
128  'authorize:Authorize');
130  'authorize/authorize_403.php');
132  }
133 }
if(!array_key_exists('StateId', $_REQUEST)) $id
$attributes
static redirectTrustedURL($url, $parameters=array())
This function redirects to the specified URL without performing any security checks.
Definition: HTTP.php:962
$valid_attribute_values
Array of valid users.
Definition: Authorize.php:31
static getModuleURL($resource, array $parameters=array())
Get absolute URL to a specified module resource.
Definition: Module.php:303
if($format !==null) $name
Definition: metadata.php:146
process(&$request)
Apply filter to validate attributes.
Definition: Authorize.php:80
Create styles array
The data for the language used.
__construct($config, $reserved)
Initialize this filter.
Definition: Authorize.php:41
$url
unauthorized(&$request)
When the process logic determines that the user is not authorized for this service, then forward the user to an 403 unauthorized page.
Definition: Authorize.php:125
static saveState(&$state, $stage, $rawId=false)
Save the state.
Definition: State.php:194