Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
What's new
10
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Open sidebar
Χάρης Παπαδόπουλος
e-epal
Commits
bc440d27
Commit
bc440d27
authored
Apr 27, 2017
by
Χάρης Παπαδόπουλος
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Assign SSO roles based on title attribute(temporarily)
parent
56dfab87
Changes
7
Hide whitespace changes
Inline
Side-by-side
Showing
7 changed files
with
123 additions
and
14 deletions
+123
-14
drupal/modules/casost/src/Controller/CASLogin.php
drupal/modules/casost/src/Controller/CASLogin.php
+32
-12
drupal/modules/casost/src/Controller/CASLogout.php
drupal/modules/casost/src/Controller/CASLogout.php
+1
-0
drupal/modules/epaldeploysystem/config/optional/user.role.eduadmin.yml
...s/epaldeploysystem/config/optional/user.role.eduadmin.yml
+42
-0
drupal/modules/epaldeploysystem/config/optional/user.role.regioneduadmin.yml
...deploysystem/config/optional/user.role.regioneduadmin.yml
+42
-0
source/components/home.ts
source/components/home.ts
+2
-1
source/constants.ts
source/constants.ts
+3
-0
source/services/auth.service.ts
source/services/auth.service.ts
+1
-1
No files found.
drupal/modules/casost/src/Controller/CASLogin.php
View file @
bc440d27
...
...
@@ -91,9 +91,9 @@ class CASLogin extends ControllerBase
$this
->
allowed2
=
$CASOSTConfig
->
allowed2
->
value
;
$this
->
allowed2Value
=
$CASOSTConfig
->
allowed2value
->
value
;
}
//
phpCAS::setDebug("/home/haris/devel/eepal/drupal/modules/casost/phpcas.log");
phpCAS
::
setDebug
(
"/home/haris/devel/eepal/drupal/modules/casost/phpcas.log"
);
// Enable verbose error messages. Disable in production!
//
phpCAS::setVerbose(true);
phpCAS
::
setVerbose
(
true
);
phpCAS
::
client
(
$this
->
serverVersion
,
$this
->
serverHostname
,
...
...
@@ -124,6 +124,10 @@ class CASLogin extends ControllerBase
return
$response
;
}
$attributes
=
phpCAS
::
getAttributes
();
foreach
(
$attributes
as
$attr_key
=>
$attr_value
)
{
$this
->
logger
->
warning
(
$attr_key
);
$this
->
logger
->
warning
(
phpCAS
::
getAttribute
(
$attr_key
));
}
/* $isAllowed = true;
$att1 = $attributes[$this->allowed1];
...
...
@@ -166,21 +170,37 @@ class CASLogin extends ControllerBase
$filterAttribute
=
function
(
$attribute
)
use
(
$attributes
)
{
if
(
!
isset
(
$attributes
[
$attribute
]))
{
return
;
}
if
(
is_array
(
$attributes
[
$attribute
]))
{
return
$attributes
[
$attribute
];
return
false
;
}
return
$attributes
[
$attribute
];
};
$exposedRole
=
'director'
;
$internalRole
=
'epal'
;
$CASTitle
=
preg_replace
(
'/\s+/'
,
''
,
$filterAttribute
(
'title'
));
if
(
$CASTitle
===
'ΠΕΡΙΦΕΡΕΙΑΚΗΔΙΕΥΘΥΝΣΗΕΚΠΑΙΔΕΥΣΗΣ-ΠΔΕ'
)
{
$exposedRole
=
'pde'
;
$internalRole
=
'regioneduadmin'
;
}
else
if
(
$CASTitle
===
'ΔΙΕΥΘΥΝΣΗΔΕ-ΔIΔΕ'
)
{
$exposedRole
=
'dide'
;
$internalRole
=
'eduadmin'
;
}
else
if
(
$CASTitle
===
'ΕΠΑΛ'
)
{
$exposedRole
=
'director'
;
$internalRole
=
'epal'
;
}
else
{
$response
=
new
Response
();
$this
->
logger
->
warning
(
t
(
'Access is allowed only to official school accounts or administration'
));
$response
->
setContent
(
t
(
'Access is allowed only to official school accounts or administration'
));
$response
->
setStatusCode
(
Response
::
HTTP_FORBIDDEN
);
$response
->
headers
->
set
(
'Content-Type'
,
'application/json;charset=UTF-8'
);
return
$response
;
}
// $this->logger->warning('cn=' . $filterAttribute('cn'));
$epalToken
=
$this
->
authenticatePhase2
(
$request
,
$CASUser
,
$filterAttribute
(
'cn'
));
$epalToken
=
$this
->
authenticatePhase2
(
$request
,
$CASUser
,
$internalRole
,
$filterAttribute
(
'cn'
));
if
(
$epalToken
)
{
$cookie
=
new
Cookie
(
'auth_token'
,
$epalToken
,
0
,
'/'
,
null
,
false
,
false
);
$cookie2
=
new
Cookie
(
'auth_role'
,
'director'
,
0
,
'/'
,
null
,
false
,
false
);
$cookie2
=
new
Cookie
(
'auth_role'
,
$exposedRole
,
0
,
'/'
,
null
,
false
,
false
);
return
new
RedirectResponseWithCookie
(
$this
->
redirectUrl
,
302
,
array
(
$cookie
,
$cookie2
));
// $headers = array("auth_token" => $epalToken, "auth_role" => "director");
...
...
@@ -203,7 +223,7 @@ class CASLogin extends ControllerBase
}
}
public
function
authenticatePhase2
(
$request
,
$CASUser
,
$cn
)
public
function
authenticatePhase2
(
$request
,
$CASUser
,
$internalRole
,
$cn
)
{
$trx
=
$this
->
connection
->
startTransaction
();
try
{
...
...
@@ -241,7 +261,7 @@ class CASLogin extends ControllerBase
$user
->
set
(
'preferred_admin_langcode'
,
$language_interface
->
getId
());
//Adding default user role
$user
->
addRole
(
'epal'
);
$user
->
addRole
(
$internalRole
);
$user
->
save
();
}
...
...
drupal/modules/casost/src/Controller/CASLogout.php
View file @
bc440d27
...
...
@@ -110,6 +110,7 @@ class CASLogout extends ControllerBase
if
(
!
$user
)
{
$this
->
logger
->
warning
(
"user not found"
);
$response
=
new
Response
();
$response
->
setContent
(
'forbidden'
);
$response
->
setStatusCode
(
Response
::
HTTP_FORBIDDEN
);
...
...
drupal/modules/epaldeploysystem/config/optional/user.role.eduadmin.yml
0 → 100644
View file @
bc440d27
langcode
:
el
status
:
true
dependencies
:
{
}
id
:
eduadmin
label
:
eduadmin
weight
:
5
is_admin
:
null
permissions
:
-
'
view
published
epal
student
class
entities'
-
'
view
published
epal
student
entities'
-
'
view
published
epal
class
limits
entities'
-
'
view
published
epal
criteria
entities'
-
'
view
published
epal
student
course
field
entities'
-
'
view
published
epal
student
epal
chosen
entities'
-
'
view
published
epal
student
moria
entities'
-
'
view
published
epal
student
sector
field
entities'
-
'
view
published
epal
users
entities'
-
'
view
unpublished
epal
student
class
entities'
-
'
view
unpublished
epal
student
entities'
-
'
view
unpublished
epal
class
limits
entities'
-
'
view
unpublished
epal
criteria
entities'
-
'
view
unpublished
epal
student
course
field
entities'
-
'
view
unpublished
epal
student
epal
chosen
entities'
-
'
view
unpublished
epal
student
moria
entities'
-
'
view
unpublished
epal
student
sector
field
entities'
-
'
view
unpublished
epal
users
entities'
-
'
view
published
eepal
admin
area
entities'
-
'
view
published
eepal
prefecture
entities'
-
'
view
published
eepal
region
entities'
-
'
view
published
eepal
school
entities'
-
'
view
published
eepal
sectors
entities'
-
'
view
published
eepal
sectors
in
epal
entities'
-
'
view
published
eepal
specialties
in
epal
entities'
-
'
view
published
eepal
specialty
entities'
-
'
view
unpublished
eepal
admin
area
entities'
-
'
view
unpublished
eepal
prefecture
entities'
-
'
view
unpublished
eepal
region
entities'
-
'
view
unpublished
eepal
school
entities'
-
'
view
unpublished
eepal
sectors
entities'
-
'
view
unpublished
eepal
sectors
in
epal
entities'
-
'
view
unpublished
eepal
specialties
in
epal
entities'
-
'
view
unpublished
eepal
specialty
entities'
drupal/modules/epaldeploysystem/config/optional/user.role.regioneduadmin.yml
0 → 100644
View file @
bc440d27
langcode
:
el
status
:
true
dependencies
:
{
}
id
:
regioneduadmin
label
:
regioneduadmin
weight
:
6
is_admin
:
null
permissions
:
-
'
view
published
epal
student
class
entities'
-
'
view
published
epal
student
entities'
-
'
view
published
epal
class
limits
entities'
-
'
view
published
epal
criteria
entities'
-
'
view
published
epal
student
course
field
entities'
-
'
view
published
epal
student
epal
chosen
entities'
-
'
view
published
epal
student
moria
entities'
-
'
view
published
epal
student
sector
field
entities'
-
'
view
published
epal
users
entities'
-
'
view
unpublished
epal
student
class
entities'
-
'
view
unpublished
epal
student
entities'
-
'
view
unpublished
epal
class
limits
entities'
-
'
view
unpublished
epal
criteria
entities'
-
'
view
unpublished
epal
student
course
field
entities'
-
'
view
unpublished
epal
student
epal
chosen
entities'
-
'
view
unpublished
epal
student
moria
entities'
-
'
view
unpublished
epal
student
sector
field
entities'
-
'
view
unpublished
epal
users
entities'
-
'
view
published
eepal
admin
area
entities'
-
'
view
published
eepal
prefecture
entities'
-
'
view
published
eepal
region
entities'
-
'
view
published
eepal
school
entities'
-
'
view
published
eepal
sectors
entities'
-
'
view
published
eepal
sectors
in
epal
entities'
-
'
view
published
eepal
specialties
in
epal
entities'
-
'
view
published
eepal
specialty
entities'
-
'
view
unpublished
eepal
admin
area
entities'
-
'
view
unpublished
eepal
prefecture
entities'
-
'
view
unpublished
eepal
region
entities'
-
'
view
unpublished
eepal
school
entities'
-
'
view
unpublished
eepal
sectors
entities'
-
'
view
unpublished
eepal
sectors
in
epal
entities'
-
'
view
unpublished
eepal
specialties
in
epal
entities'
-
'
view
unpublished
eepal
specialty
entities'
source/components/home.ts
View file @
bc440d27
...
...
@@ -7,6 +7,7 @@ import { Observable } from 'rxjs/Rx';
import
{
IAppState
}
from
'
../store/store
'
;
import
{
HelperDataService
}
from
'
../services/helper-data-service
'
;
import
{
CookieService
}
from
'
ngx-cookie
'
;
import
{
STUDENT_ROLE
}
from
'
../constants
'
;
import
{
FormBuilder
,
FormGroup
,
...
...
@@ -74,7 +75,7 @@ export default class Home implements OnInit {
state
.
loginInfo
.
reduce
(({},
loginInfoToken
)
=>
{
this
.
authToken
=
loginInfoToken
.
auth_token
;
this
.
authRole
=
loginInfoToken
.
auth_role
;
if
(
this
.
authToken
&&
this
.
authToken
.
length
>
0
&&
this
.
authRole
&&
this
.
authRole
===
'
student
'
)
if
(
this
.
authToken
&&
this
.
authToken
.
length
>
0
&&
this
.
authRole
&&
this
.
authRole
===
STUDENT_ROLE
)
this
.
router
.
navigate
([
'
/parent-form
'
]);
return
loginInfoToken
;
},
{});
...
...
source/constants.ts
View file @
bc440d27
...
...
@@ -50,3 +50,6 @@ export const VALID_DATE_PATTERN = '([1-9]|0[1-9]|[12][0-9]|3[01])[- /.]([1-9]|0[
export
const
SCHOOL_ROLE
=
'
director
'
;
export
const
STUDENT_ROLE
=
'
student
'
;
export
const
PDE_ROLE
=
'
pde
'
;
export
const
DIDE_ROLE
=
'
dide
'
;
export
const
MINISTRY_ROLE
=
'
minister
'
;
source/services/auth.service.ts
View file @
bc440d27
...
...
@@ -34,7 +34,7 @@ export class AuthService {
resolve
(
false
);
},
error
=>
{
console
.
log
(
"
Error
Sending Verification Code
"
);
console
.
log
(
"
Error
Getting Auth Data
"
);
reject
(
"
Error Getting Auth Data
"
);
},
()
=>
console
.
log
(
"
Getting Auth Data
"
));
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment