Assign SSO roles based on title attribute(temporarily)

drupal/modules/casost/src/Controller/CASLogin.php

@@ -91,9 +91,9 @@ class CASLogin extends ControllerBase
                 $this->allowed2 = $CASOSTConfig->allowed2->value;
                 $this->allowed2Value = $CASOSTConfig->allowed2value->value;
             }
-//            phpCAS::setDebug("/home/haris/devel/eepal/drupal/modules/casost/phpcas.log");
+            phpCAS::setDebug("/home/haris/devel/eepal/drupal/modules/casost/phpcas.log");
             // Enable verbose error messages. Disable in production!
-           // phpCAS::setVerbose(true);
+            phpCAS::setVerbose(true);
 
             phpCAS::client($this->serverVersion,
                 $this->serverHostname,
@@ -124,6 +124,10 @@ class CASLogin extends ControllerBase
                 return $response;
             }
             $attributes = phpCAS::getAttributes();
+            foreach ($attributes as $attr_key => $attr_value) {
+                $this->logger->warning($attr_key);
+                $this->logger->warning(phpCAS::getAttribute($attr_key));
+            }
 
 /*            $isAllowed = true;
             $att1 = $attributes[$this->allowed1];
@@ -166,21 +170,37 @@ class CASLogin extends ControllerBase
 
             $filterAttribute = function ($attribute) use ($attributes) {
                 if (!isset($attributes[$attribute])) {
-                    return;
-                }
-
-                if (is_array($attributes[$attribute])) {
-                    return $attributes[$attribute];
+                    return false;
                 }
-
                 return $attributes[$attribute];
             };
 
+            $exposedRole = 'director';
+            $internalRole = 'epal';
+            $CASTitle = preg_replace('/\s+/', '', $filterAttribute('title'));
+            if ($CASTitle === 'ΠΕΡΙΦΕΡΕΙΑΚΗΔΙΕΥΘΥΝΣΗΕΚΠΑΙΔΕΥΣΗΣ-ΠΔΕ') {
+                $exposedRole = 'pde';
+                $internalRole = 'regioneduadmin';
+            } else if ($CASTitle === 'ΔΙΕΥΘΥΝΣΗΔΕ-ΔIΔΕ') {
+                $exposedRole = 'dide';
+                $internalRole = 'eduadmin';
+            } else if ($CASTitle === 'ΕΠΑΛ') {
+                $exposedRole = 'director';
+                $internalRole = 'epal';
+            } else {
+                $response = new Response();
+                $this->logger->warning(t('Access is allowed only to official school accounts or administration'));
+                $response->setContent(t('Access is allowed only to official school accounts or administration'));
+                $response->setStatusCode(Response::HTTP_FORBIDDEN);
+                $response->headers->set('Content-Type', 'application/json;charset=UTF-8');
+                return $response;
+            }
+
 // $this->logger->warning('cn=' . $filterAttribute('cn'));
-            $epalToken = $this->authenticatePhase2($request, $CASUser, $filterAttribute('cn'));
+            $epalToken = $this->authenticatePhase2($request, $CASUser, $internalRole, $filterAttribute('cn'));
             if ($epalToken) {
                 $cookie = new Cookie('auth_token', $epalToken, 0, '/', null, false, false);
-                $cookie2 = new Cookie('auth_role', 'director', 0, '/', null, false, false);
+                $cookie2 = new Cookie('auth_role', $exposedRole, 0, '/', null, false, false);
 
                 return new RedirectResponseWithCookie($this->redirectUrl, 302, array ($cookie, $cookie2));
 //                $headers = array("auth_token" => $epalToken, "auth_role" => "director");
@@ -203,7 +223,7 @@ class CASLogin extends ControllerBase
         }
     }
 
-    public function authenticatePhase2($request, $CASUser, $cn)
+    public function authenticatePhase2($request, $CASUser, $internalRole, $cn)
     {
     $trx = $this->connection->startTransaction();
     try {
@@ -241,7 +261,7 @@ class CASLogin extends ControllerBase
             $user->set('preferred_admin_langcode', $language_interface->getId());
 
             //Adding default user role
-            $user->addRole('epal');
+            $user->addRole($internalRole);
             $user->save();
         }
 

drupal/modules/casost/src/Controller/CASLogout.php

@@ -110,6 +110,7 @@ class CASLogout extends ControllerBase
 
             if (!$user) {
                 $this->logger->warning("user not found");
+
                 $response = new Response();
                 $response->setContent('forbidden');
                 $response->setStatusCode(Response::HTTP_FORBIDDEN);

drupal/modules/epaldeploysystem/config/optional/user.role.eduadmin.yml

+langcode: el
+status: true
+dependencies: {  }
+id: eduadmin
+label: eduadmin
+weight: 5
+is_admin: null
+permissions:
+  - 'view published epal student class entities'
+  - 'view published epal student entities'
+  - 'view published epal class limits entities'
+  - 'view published epal criteria entities'
+  - 'view published epal student course field entities'
+  - 'view published epal student epal chosen entities'
+  - 'view published epal student moria entities'
+  - 'view published epal student sector field entities'
+  - 'view published epal users entities'
+  - 'view unpublished epal student class entities'
+  - 'view unpublished epal student entities'
+  - 'view unpublished epal class limits entities'
+  - 'view unpublished epal criteria entities'
+  - 'view unpublished epal student course field entities'
+  - 'view unpublished epal student epal chosen entities'
+  - 'view unpublished epal student moria entities'
+  - 'view unpublished epal student sector field entities'
+  - 'view unpublished epal users entities'
+  - 'view published eepal admin area entities'
+  - 'view published eepal prefecture entities'
+  - 'view published eepal region entities'
+  - 'view published eepal school entities'
+  - 'view published eepal sectors entities'
+  - 'view published eepal sectors in epal entities'
+  - 'view published eepal specialties in epal entities'
+  - 'view published eepal specialty entities'
+  - 'view unpublished eepal admin area entities'
+  - 'view unpublished eepal prefecture entities'
+  - 'view unpublished eepal region entities'
+  - 'view unpublished eepal school entities'
+  - 'view unpublished eepal sectors entities'
+  - 'view unpublished eepal sectors in epal entities'
+  - 'view unpublished eepal specialties in epal entities'
+  - 'view unpublished eepal specialty entities'

drupal/modules/epaldeploysystem/config/optional/user.role.regioneduadmin.yml

+langcode: el
+status: true
+dependencies: {  }
+id: regioneduadmin
+label: regioneduadmin
+weight: 6
+is_admin: null
+permissions:
+  - 'view published epal student class entities'
+  - 'view published epal student entities'
+  - 'view published epal class limits entities'
+  - 'view published epal criteria entities'
+  - 'view published epal student course field entities'
+  - 'view published epal student epal chosen entities'
+  - 'view published epal student moria entities'
+  - 'view published epal student sector field entities'
+  - 'view published epal users entities'
+  - 'view unpublished epal student class entities'
+  - 'view unpublished epal student entities'
+  - 'view unpublished epal class limits entities'
+  - 'view unpublished epal criteria entities'
+  - 'view unpublished epal student course field entities'
+  - 'view unpublished epal student epal chosen entities'
+  - 'view unpublished epal student moria entities'
+  - 'view unpublished epal student sector field entities'
+  - 'view unpublished epal users entities'
+  - 'view published eepal admin area entities'
+  - 'view published eepal prefecture entities'
+  - 'view published eepal region entities'
+  - 'view published eepal school entities'
+  - 'view published eepal sectors entities'
+  - 'view published eepal sectors in epal entities'
+  - 'view published eepal specialties in epal entities'
+  - 'view published eepal specialty entities'
+  - 'view unpublished eepal admin area entities'
+  - 'view unpublished eepal prefecture entities'
+  - 'view unpublished eepal region entities'
+  - 'view unpublished eepal school entities'
+  - 'view unpublished eepal sectors entities'
+  - 'view unpublished eepal sectors in epal entities'
+  - 'view unpublished eepal specialties in epal entities'
+  - 'view unpublished eepal specialty entities'

source/components/home.ts

@@ -7,6 +7,7 @@ import { Observable } from 'rxjs/Rx';
 import { IAppState } from '../store/store';
 import { HelperDataService } from '../services/helper-data-service';
 import { CookieService } from 'ngx-cookie';
+import { STUDENT_ROLE } from '../constants';
 import {
     FormBuilder,
     FormGroup,
@@ -74,7 +75,7 @@ export default class Home implements OnInit {
                 state.loginInfo.reduce(({}, loginInfoToken) => {
                     this.authToken = loginInfoToken.auth_token;
                     this.authRole = loginInfoToken.auth_role;
-                    if (this.authToken && this.authToken.length > 0 && this.authRole && this.authRole === 'student')
+                    if (this.authToken && this.authToken.length > 0 && this.authRole && this.authRole === STUDENT_ROLE)
                         this.router.navigate(['/parent-form']);
                     return loginInfoToken;
                 }, {});

source/constants.ts

@@ -50,3 +50,6 @@ export const VALID_DATE_PATTERN = '([1-9]|0[1-9]|[12][0-9]|3[01])[- /.]([1-9]|0[
 
 export const SCHOOL_ROLE = 'director';
 export const STUDENT_ROLE = 'student';
+export const PDE_ROLE = 'pde';
+export const DIDE_ROLE = 'dide';
+export const MINISTRY_ROLE = 'minister';

source/services/auth.service.ts

@@ -34,7 +34,7 @@ export class AuthService {
                     resolve(false);
             },
                 error => {
-                    console.log("Error Sending Verification Code");
+                    console.log("Error Getting Auth Data");
                     reject("Error Getting Auth Data");
                 },
                 () => console.log("Getting Auth Data"));