ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
Authorize.php
Go to the documentation of this file.
1<?php
2
11
17 protected $deny = FALSE;
18
24 protected $regex = TRUE;
25
31 protected $valid_attribute_values = array();
32
33
41 public function __construct($config, $reserved) {
42 parent::__construct($config, $reserved);
43
44 assert(is_array($config));
45
46 // Check for the deny option, get it and remove it
47 // Must be bool specifically, if not, it might be for a attrib filter below
48 if (isset($config['deny']) && is_bool($config['deny'])) {
49 $this->deny = $config['deny'];
50 unset($config['deny']);
51 }
52
53 // Check for the regex option, get it and remove it
54 // Must be bool specifically, if not, it might be for a attrib filter below
55 if (isset($config['regex']) && is_bool($config['regex'])) {
56 $this->regex = $config['regex'];
57 unset($config['regex']);
58 }
59
60 foreach ($config as $attribute => $values) {
61 if (is_string($values))
62 $values = array($values);
63 if (!is_array($values))
64 throw new Exception('Filter Authorize: Attribute values is neither string nor array: ' . var_export($attribute, TRUE));
65 foreach ($values as $value){
66 if(!is_string($value)) {
67 throw new Exception('Filter Authorize: Each value should be a string for attribute: ' . var_export($attribute, TRUE) . ' value: ' . var_export($value, TRUE) . ' Config is: ' . var_export($config, TRUE));
68 }
69 }
70 $this->valid_attribute_values[$attribute] = $values;
71 }
72 }
73
74
80 public function process(&$request) {
81 $authorize = $this->deny;
82 assert(is_array($request));
83 assert(array_key_exists('Attributes', $request));
84
85 $attributes =& $request['Attributes'];
86
87 foreach ($this->valid_attribute_values as $name => $patterns) {
88 if(array_key_exists($name, $attributes)) {
89 foreach ($patterns as $pattern){
91 if (!is_array($values))
92 $values = array($values);
93 foreach ($values as $value){
94 if ($this->regex) {
95 $matched = preg_match($pattern, $value);
96 } else {
97 $matched = ($value == $pattern);
98 }
99 if ($matched) {
100 $authorize = ($this->deny ? FALSE : TRUE);
101 break 3;
102 }
103 }
104 }
105 }
106 }
107 if (!$authorize){
108 $this->unauthorized($request);
109 }
110 }
111
112
125 protected function unauthorized(&$request) {
126 // Save state and redirect to 403 page
128 'authorize:Authorize');
130 'authorize/authorize_403.php');
132 }
133}
foreach($paths as $path) $request
Definition: asyncclient.php:32
An exception for terminatinating execution or to throw for unit testing.
static getModuleURL($resource, array $parameters=array())
Get absolute URL to a specified module resource.
Definition: Module.php:220
static redirectTrustedURL($url, $parameters=array())
This function redirects to the specified URL without performing any security checks.
Definition: HTTP.php:959
static saveState(&$state, $stage, $rawId=false)
Save the state.
Definition: State.php:194
unauthorized(&$request)
When the process logic determines that the user is not authorized for this service,...
Definition: Authorize.php:125
__construct($config, $reserved)
Initialize this filter.
Definition: Authorize.php:41
$valid_attribute_values
Array of valid users.
Definition: Authorize.php:31
process(&$request)
Apply filter to validate attributes.
Definition: Authorize.php:80
if(!array_key_exists('StateId', $_REQUEST)) $id
if(array_key_exists('yes', $_REQUEST)) $attributes
Definition: getconsent.php:85
$config
Definition: bootstrap.php:15
$url
$values