ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
Public Member Functions | Protected Member Functions | Protected Attributes
sspmod_authorize_Auth_Process_Authorize Class Reference
+ Inheritance diagram for sspmod_authorize_Auth_Process_Authorize:
+ Collaboration diagram for sspmod_authorize_Auth_Process_Authorize:

Public Member Functions

 __construct ($config, $reserved)
 Initialize this filter. More...
 
 process (&$request)
 Apply filter to validate attributes. More...
 
- Public Member Functions inherited from SimpleSAML_Auth_ProcessingFilter
 __construct (&$config, $reserved)
 Constructor for a processing filter. More...
 
 process (&$request)
 Process a request. More...
 

Protected Member Functions

 unauthorized (&$request)
 When the process logic determines that the user is not authorized for this service, then forward the user to an 403 unauthorized page. More...
 

Protected Attributes

 $deny = FALSE
 
 $regex = TRUE
 
 $valid_attribute_values = array()
 Array of valid users. More...
 

Additional Inherited Members

- Data Fields inherited from SimpleSAML_Auth_ProcessingFilter
 $priority = 50
 Priority of this filter. More...
 

Detailed Description

Definition at line 10 of file Authorize.php.

Constructor & Destructor Documentation

◆ __construct()

sspmod_authorize_Auth_Process_Authorize::__construct (   $config,
  $reserved 
)

Initialize this filter.

Validate configuration parameters.

Parameters
array$configConfiguration information about this filter.
mixed$reservedFor future use.

Definition at line 41 of file Authorize.php.

References $config, and array.

41  {
42  parent::__construct($config, $reserved);
43 
44  assert('is_array($config)');
45 
46  // Check for the deny option, get it and remove it
47  // Must be bool specifically, if not, it might be for a attrib filter below
48  if (isset($config['deny']) && is_bool($config['deny'])) {
49  $this->deny = $config['deny'];
50  unset($config['deny']);
51  }
52 
53  // Check for the regex option, get it and remove it
54  // Must be bool specifically, if not, it might be for a attrib filter below
55  if (isset($config['regex']) && is_bool($config['regex'])) {
56  $this->regex = $config['regex'];
57  unset($config['regex']);
58  }
59 
60  foreach ($config as $attribute => $values) {
61  if (is_string($values))
62  $values = array($values);
63  if (!is_array($values))
64  throw new Exception('Filter Authorize: Attribute values is neither string nor array: ' . var_export($attribute, TRUE));
65  foreach ($values as $value){
66  if(!is_string($value)) {
67  throw new Exception('Filter Authorize: Each value should be a string for attribute: ' . var_export($attribute, TRUE) . ' value: ' . var_export($value, TRUE) . ' Config is: ' . var_export($config, TRUE));
68  }
69  }
70  $this->valid_attribute_values[$attribute] = $values;
71  }
72  }
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19

Member Function Documentation

◆ process()

sspmod_authorize_Auth_Process_Authorize::process ( $request)

Apply filter to validate attributes.

Parameters
array&$requestThe current request

Definition at line 80 of file Authorize.php.

References $attributes, $deny, $name, array, and unauthorized().

80  {
81  $authorize = $this->deny;
82  assert('is_array($request)');
83  assert('array_key_exists("Attributes", $request)');
84 
85  $attributes =& $request['Attributes'];
86 
87  foreach ($this->valid_attribute_values as $name => $patterns) {
88  if(array_key_exists($name, $attributes)) {
89  foreach ($patterns as $pattern){
90  $values = $attributes[$name];
91  if (!is_array($values))
92  $values = array($values);
93  foreach ($values as $value){
94  if ($this->regex) {
95  $matched = preg_match($pattern, $value);
96  } else {
97  $matched = ($value == $pattern);
98  }
99  if ($matched) {
100  $authorize = ($this->deny ? FALSE : TRUE);
101  break 3;
102  }
103  }
104  }
105  }
106  }
107  if (!$authorize){
108  $this->unauthorized($request);
109  }
110  }
sspmod_authorize_Auth_Process_Authorize\$deny
$deny
Definition: Authorize.php:17
$attributes
$attributes
Definition: serviceValidate.php:33
$name
if($format !==null) $name
Definition: metadata.php:146
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
sspmod_authorize_Auth_Process_Authorize\unauthorized
unauthorized(&$request)
When the process logic determines that the user is not authorized for this service, then forward the user to an 403 unauthorized page.
Definition: Authorize.php:125
+ Here is the call graph for this function:

◆ unauthorized()

sspmod_authorize_Auth_Process_Authorize::unauthorized ( $request)
protected

When the process logic determines that the user is not authorized for this service, then forward the user to an 403 unauthorized page.

Separated this code into its own method so that child classes can override it and change the action. Forward thinking in case a "chained" ACL is needed, more complex permission logic.

Parameters
array$request

Definition at line 125 of file Authorize.php.

References $id, $url, array, SimpleSAML\Module\getModuleURL(), SimpleSAML\Utils\HTTP\redirectTrustedURL(), and SimpleSAML_Auth_State\saveState().

Referenced by process().

125  {
126  // Save state and redirect to 403 page
127  $id = SimpleSAML_Auth_State::saveState($request,
128  'authorize:Authorize');
129  $url = SimpleSAML\Module::getModuleURL(
130  'authorize/authorize_403.php');
131  \SimpleSAML\Utils\HTTP::redirectTrustedURL($url, array('StateId' => $id));
132  }
$id
if(!array_key_exists('StateId', $_REQUEST)) $id
Definition: expirywarning.php:14
SimpleSAML\Utils\HTTP\redirectTrustedURL
static redirectTrustedURL($url, $parameters=array())
This function redirects to the specified URL without performing any security checks.
Definition: HTTP.php:962
SimpleSAML\Module\getModuleURL
static getModuleURL($resource, array $parameters=array())
Get absolute URL to a specified module resource.
Definition: Module.php:303
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
$url
$url
Definition: proxy_ylocal.php:28
SimpleSAML_Auth_State\saveState
static saveState(&$state, $stage, $rawId=false)
Save the state.
Definition: State.php:194
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

Field Documentation

◆ $deny

sspmod_authorize_Auth_Process_Authorize::$deny = FALSE
protected

Definition at line 17 of file Authorize.php.

Referenced by process().

◆ $regex

sspmod_authorize_Auth_Process_Authorize::$regex = TRUE
protected

Definition at line 24 of file Authorize.php.

◆ $valid_attribute_values

sspmod_authorize_Auth_Process_Authorize::$valid_attribute_values = array()
protected

Array of valid users.

Each element is a regular expression. You should user \ to escape special chars, like '.' etc.

Definition at line 31 of file Authorize.php.

The documentation for this class was generated from the following file: