51 lines
1.4 KiB
PHP
51 lines
1.4 KiB
PHP
|
<?php
|
||
|
namespace nur\b\authnz;
|
||
|
|
||
|
use nur\A;
|
||
|
use nur\str;
|
||
|
|
||
|
/**
|
||
|
* Class CasUserManager: un utilisateur CAS v3
|
||
|
*/
|
||
|
class CasUserManager extends SimpleUserManager {
|
||
|
function __construct(?string $appcode=null) {
|
||
|
$this->appcode = $appcode;
|
||
|
}
|
||
|
|
||
|
protected $appcode;
|
||
|
|
||
|
function _getUser(string $username): ?array {
|
||
|
return ["username" => $username];
|
||
|
}
|
||
|
|
||
|
function getUser(string $username, ?array $overrides, ?bool &$found=null): array {
|
||
|
$user = parent::getUser($username, $overrides, $found);
|
||
|
# support des attributs CAS
|
||
|
$cas_attrs = A::get($overrides, "cas_attrs");
|
||
|
if ($cas_attrs !== null) {
|
||
|
$authzs = A::get($cas_attrs, "rununivauthorization");
|
||
|
if ($authzs !== null) {
|
||
|
$authzs = explode(",", $authzs);
|
||
|
$appcode = $this->appcode;
|
||
|
$groups = [];
|
||
|
$role = null;
|
||
|
$perms = [];
|
||
|
foreach ($authzs as $authz) {
|
||
|
if ($authz == "*:*") {
|
||
|
$perms[] = "*";
|
||
|
} elseif (str::del_prefix($authz, "$appcode:")) {
|
||
|
if ($authz == "*") $perms[] = "*";
|
||
|
elseif (str::del_prefix($authz, "@")) $groups[] = $authz;
|
||
|
elseif (str::del_prefix($authz, "*")) $role = $authz;
|
||
|
else $perms[] = $authz;
|
||
|
}
|
||
|
}
|
||
|
A::merge($user["groups"], $groups);
|
||
|
if ($role !== null) $user["role"] = $role;
|
||
|
A::merge($user["perms"], $perms);
|
||
|
}
|
||
|
}
|
||
|
return $user;
|
||
|
}
|
||
|
}
|