ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
Static Public Member Functions
sspmod_statistics_AccessCheck Class Reference
+ Collaboration diagram for sspmod_statistics_AccessCheck:

Static Public Member Functions

static checkAccess (SimpleSAML_Configuration $statconfig)
 Check that the user has access to the statistics. More...
 

Detailed Description

Definition at line 8 of file AccessCheck.php.

Member Function Documentation

◆ checkAccess()

static sspmod_statistics_AccessCheck::checkAccess ( SimpleSAML_Configuration  $statconfig)
static

Check that the user has access to the statistics.

If the user doesn't have access, send the user to the login page.

Definition at line 15 of file AccessCheck.php.

16 {
17 $protected = $statconfig->getBoolean('protected', false);
18 $authsource = $statconfig->getString('auth', null);
19 $allowedusers = $statconfig->getValue('allowedUsers', null);
20 $useridattr = $statconfig->getString('useridattr', 'eduPersonPrincipalName');
21
22 $acl = $statconfig->getValue('acl', null);
23 if ($acl !== null && !is_string($acl) && !is_array($acl)) {
24 throw new SimpleSAML_Error_Exception('Invalid value for \'acl\'-option. Should be an array or a string.');
25 }
26
27 if (!$protected) {
28 return;
29 }
30
31 if (SimpleSAML\Utils\Auth::isAdmin()) {
32 // User logged in as admin. OK.
33 SimpleSAML\Logger::debug('Statistics auth - logged in as admin, access granted');
34 return;
35 }
36
37 if (!isset($authsource)) {
38 // If authsource is not defined, init admin login.
39 SimpleSAML\Utils\Auth::requireAdmin();
40 }
41
42 // We are using an authsource for login.
43
44 $as = new \SimpleSAML\Auth\Simple($authsource);
45 $as->requireAuth();
46
47 // User logged in with auth source.
48 SimpleSAML\Logger::debug('Statistics auth - valid login with auth source [' . $authsource . ']');
49
50 // Retrieving attributes
51 $attributes = $as->getAttributes();
52
53 if (!empty($allowedusers)) {
54 // Check if userid exists
55 if (!isset($attributes[$useridattr][0])) {
56 throw new Exception('User ID is missing');
57 }
58
59 // Check if userid is allowed access..
60 if (in_array($attributes[$useridattr][0], $allowedusers, true)) {
61 SimpleSAML\Logger::debug('Statistics auth - User granted access by user ID [' . $attributes[$useridattr][0] . ']');
62 return;
63 }
64 SimpleSAML\Logger::debug('Statistics auth - User denied access by user ID [' . $attributes[$useridattr][0] . ']');
65 } else {
66 SimpleSAML\Logger::debug('Statistics auth - no allowedUsers list.');
67 }
68
69 if (!is_null($acl)) {
70 $acl = new sspmod_core_ACL($acl);
71 if ($acl->allows($attributes)) {
72 SimpleSAML\Logger::debug('Statistics auth - allowed access by ACL.');
73 return;
74 }
75 SimpleSAML\Logger::debug('Statistics auth - denied access by ACL.');
76 } else {
77 SimpleSAML\Logger::debug('Statistics auth - no ACL configured.');
78 }
79 throw new SimpleSAML_Error_Exception('Access denied to the current user.');
80 }
SimpleSAML\Logger\debug
static debug($string)
Definition: Logger.php:213
SimpleSAML\Utils\Auth\requireAdmin
static requireAdmin()
Require admin access to the current page.
Definition: Auth.php:60
SimpleSAML_Error_Exception
Definition: Exception.php:13
sspmod_core_ACL
Definition: ACL.php:8
$as
$as
Definition: consentAdmin.php:73
SimpleSAML
Attribute-related utility methods.
$useridattr
$useridattr
Definition: registry.edit.php:11
$authsource
$authsource
Definition: registry.edit.php:10
$attributes
$attributes
Definition: serviceValidate.php:33
$statconfig
$statconfig
Definition: showstats.php:4

References $as, $attributes, $authsource, $statconfig, $useridattr, SimpleSAML\Logger\debug(), and SimpleSAML\Utils\Auth\requireAdmin().

+ Here is the call graph for this function:
The documentation for this class was generated from the following file: