ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
AccessCheck.php
Go to the documentation of this file.
1 <?php
2 
8 class sspmod_statistics_AccessCheck
9 {
15  public static function checkAccess(SimpleSAML_Configuration $statconfig)
16  {
17  $protected = $statconfig->getBoolean('protected', false);
18  $authsource = $statconfig->getString('auth', null);
19  $allowedusers = $statconfig->getValue('allowedUsers', null);
20  $useridattr = $statconfig->getString('useridattr', 'eduPersonPrincipalName');
21 
22  $acl = $statconfig->getValue('acl', null);
23  if ($acl !== null && !is_string($acl) && !is_array($acl)) {
24  throw new SimpleSAML_Error_Exception('Invalid value for \'acl\'-option. Should be an array or a string.');
25  }
26 
27  if (!$protected) {
28  return;
29  }
30 
31  if (SimpleSAML\Utils\Auth::isAdmin()) {
32  // User logged in as admin. OK.
33  SimpleSAML\Logger::debug('Statistics auth - logged in as admin, access granted');
34  return;
35  }
36 
37  if (!isset($authsource)) {
38  // If authsource is not defined, init admin login.
39  SimpleSAML\Utils\Auth::requireAdmin();
40  }
41 
42  // We are using an authsource for login.
43 
44  $as = new \SimpleSAML\Auth\Simple($authsource);
45  $as->requireAuth();
46 
47  // User logged in with auth source.
48  SimpleSAML\Logger::debug('Statistics auth - valid login with auth source [' . $authsource . ']');
49 
50  // Retrieving attributes
51  $attributes = $as->getAttributes();
52 
53  if (!empty($allowedusers)) {
54  // Check if userid exists
55  if (!isset($attributes[$useridattr][0])) {
56  throw new Exception('User ID is missing');
57  }
58 
59  // Check if userid is allowed access..
60  if (in_array($attributes[$useridattr][0], $allowedusers, true)) {
61  SimpleSAML\Logger::debug('Statistics auth - User granted access by user ID [' . $attributes[$useridattr][0] . ']');
62  return;
63  }
64  SimpleSAML\Logger::debug('Statistics auth - User denied access by user ID [' . $attributes[$useridattr][0] . ']');
65  } else {
66  SimpleSAML\Logger::debug('Statistics auth - no allowedUsers list.');
67  }
68 
69  if (!is_null($acl)) {
70  $acl = new sspmod_core_ACL($acl);
71  if ($acl->allows($attributes)) {
72  SimpleSAML\Logger::debug('Statistics auth - allowed access by ACL.');
73  return;
74  }
75  SimpleSAML\Logger::debug('Statistics auth - denied access by ACL.');
76  } else {
77  SimpleSAML\Logger::debug('Statistics auth - no ACL configured.');
78  }
79  throw new SimpleSAML_Error_Exception('Access denied to the current user.');
80  }
81 }
SimpleSAML\Utils\Auth\requireAdmin
static requireAdmin()
Require admin access to the current page.
Definition: Auth.php:60
SimpleSAML\Logger\debug
static debug($string)
Definition: Logger.php:211
SimpleSAML_Error_Exception
Definition: Exception.php:12
$statconfig
$statconfig
Definition: showstats.php:4
SimpleSAML_Configuration\getValue
getValue($name, $default=null)
Retrieve a configuration option set in config.php.
Definition: Configuration.php:433
sspmod_statistics_AccessCheck\checkAccess
static checkAccess(SimpleSAML_Configuration $statconfig)
Check that the user has access to the statistics.
Definition: AccessCheck.php:15
$useridattr
$useridattr
Definition: registry.edit.php:11
sspmod_core_ACL
Definition: ACL.php:8
SimpleSAML
Attribute-related utility methods.
sspmod_statistics_AccessCheck
Definition: AccessCheck.php:8
SimpleSAML_Configuration
$as
$as
Definition: consentAdmin.php:86
SimpleSAML_Configuration\getBoolean
getBoolean($name, $default=self::REQUIRED_OPTION)
This function retrieves a boolean configuration option.
Definition: Configuration.php:664
$attributes
if(array_key_exists('yes', $_REQUEST)) $attributes
Definition: getconsent.php:85
$authsource
$authsource
Definition: registry.edit.php:10
SimpleSAML_Configuration\getString
getString($name, $default=self::REQUIRED_OPTION)
This function retrieves a string configuration option.
Definition: Configuration.php:702