Assign SSO roles based on title attribute(temporarily)

parent 56dfab87
...@@ -91,9 +91,9 @@ class CASLogin extends ControllerBase ...@@ -91,9 +91,9 @@ class CASLogin extends ControllerBase
$this->allowed2 = $CASOSTConfig->allowed2->value; $this->allowed2 = $CASOSTConfig->allowed2->value;
$this->allowed2Value = $CASOSTConfig->allowed2value->value; $this->allowed2Value = $CASOSTConfig->allowed2value->value;
} }
// phpCAS::setDebug("/home/haris/devel/eepal/drupal/modules/casost/phpcas.log"); phpCAS::setDebug("/home/haris/devel/eepal/drupal/modules/casost/phpcas.log");
// Enable verbose error messages. Disable in production! // Enable verbose error messages. Disable in production!
// phpCAS::setVerbose(true); phpCAS::setVerbose(true);
phpCAS::client($this->serverVersion, phpCAS::client($this->serverVersion,
$this->serverHostname, $this->serverHostname,
...@@ -124,6 +124,10 @@ class CASLogin extends ControllerBase ...@@ -124,6 +124,10 @@ class CASLogin extends ControllerBase
return $response; return $response;
} }
$attributes = phpCAS::getAttributes(); $attributes = phpCAS::getAttributes();
foreach ($attributes as $attr_key => $attr_value) {
$this->logger->warning($attr_key);
$this->logger->warning(phpCAS::getAttribute($attr_key));
}
/* $isAllowed = true; /* $isAllowed = true;
$att1 = $attributes[$this->allowed1]; $att1 = $attributes[$this->allowed1];
...@@ -166,21 +170,37 @@ class CASLogin extends ControllerBase ...@@ -166,21 +170,37 @@ class CASLogin extends ControllerBase
$filterAttribute = function ($attribute) use ($attributes) { $filterAttribute = function ($attribute) use ($attributes) {
if (!isset($attributes[$attribute])) { if (!isset($attributes[$attribute])) {
return; return false;
}
if (is_array($attributes[$attribute])) {
return $attributes[$attribute];
} }
return $attributes[$attribute]; return $attributes[$attribute];
}; };
$exposedRole = 'director';
$internalRole = 'epal';
$CASTitle = preg_replace('/\s+/', '', $filterAttribute('title'));
if ($CASTitle === 'ΠΕΡΙΦΕΡΕΙΑΚΗΔΙΕΥΘΥΝΣΗΕΚΠΑΙΔΕΥΣΗΣ-ΠΔΕ') {
$exposedRole = 'pde';
$internalRole = 'regioneduadmin';
} else if ($CASTitle === 'ΔΙΕΥΘΥΝΣΗΔΕ-ΔIΔΕ') {
$exposedRole = 'dide';
$internalRole = 'eduadmin';
} else if ($CASTitle === 'ΕΠΑΛ') {
$exposedRole = 'director';
$internalRole = 'epal';
} else {
$response = new Response();
$this->logger->warning(t('Access is allowed only to official school accounts or administration'));
$response->setContent(t('Access is allowed only to official school accounts or administration'));
$response->setStatusCode(Response::HTTP_FORBIDDEN);
$response->headers->set('Content-Type', 'application/json;charset=UTF-8');
return $response;
}
// $this->logger->warning('cn=' . $filterAttribute('cn')); // $this->logger->warning('cn=' . $filterAttribute('cn'));
$epalToken = $this->authenticatePhase2($request, $CASUser, $filterAttribute('cn')); $epalToken = $this->authenticatePhase2($request, $CASUser, $internalRole, $filterAttribute('cn'));
if ($epalToken) { if ($epalToken) {
$cookie = new Cookie('auth_token', $epalToken, 0, '/', null, false, false); $cookie = new Cookie('auth_token', $epalToken, 0, '/', null, false, false);
$cookie2 = new Cookie('auth_role', 'director', 0, '/', null, false, false); $cookie2 = new Cookie('auth_role', $exposedRole, 0, '/', null, false, false);
return new RedirectResponseWithCookie($this->redirectUrl, 302, array ($cookie, $cookie2)); return new RedirectResponseWithCookie($this->redirectUrl, 302, array ($cookie, $cookie2));
// $headers = array("auth_token" => $epalToken, "auth_role" => "director"); // $headers = array("auth_token" => $epalToken, "auth_role" => "director");
...@@ -203,7 +223,7 @@ class CASLogin extends ControllerBase ...@@ -203,7 +223,7 @@ class CASLogin extends ControllerBase
} }
} }
public function authenticatePhase2($request, $CASUser, $cn) public function authenticatePhase2($request, $CASUser, $internalRole, $cn)
{ {
$trx = $this->connection->startTransaction(); $trx = $this->connection->startTransaction();
try { try {
...@@ -241,7 +261,7 @@ class CASLogin extends ControllerBase ...@@ -241,7 +261,7 @@ class CASLogin extends ControllerBase
$user->set('preferred_admin_langcode', $language_interface->getId()); $user->set('preferred_admin_langcode', $language_interface->getId());
//Adding default user role //Adding default user role
$user->addRole('epal'); $user->addRole($internalRole);
$user->save(); $user->save();
} }
......
...@@ -110,6 +110,7 @@ class CASLogout extends ControllerBase ...@@ -110,6 +110,7 @@ class CASLogout extends ControllerBase
if (!$user) { if (!$user) {
$this->logger->warning("user not found"); $this->logger->warning("user not found");
$response = new Response(); $response = new Response();
$response->setContent('forbidden'); $response->setContent('forbidden');
$response->setStatusCode(Response::HTTP_FORBIDDEN); $response->setStatusCode(Response::HTTP_FORBIDDEN);
......
langcode: el
status: true
dependencies: { }
id: eduadmin
label: eduadmin
weight: 5
is_admin: null
permissions:
- 'view published epal student class entities'
- 'view published epal student entities'
- 'view published epal class limits entities'
- 'view published epal criteria entities'
- 'view published epal student course field entities'
- 'view published epal student epal chosen entities'
- 'view published epal student moria entities'
- 'view published epal student sector field entities'
- 'view published epal users entities'
- 'view unpublished epal student class entities'
- 'view unpublished epal student entities'
- 'view unpublished epal class limits entities'
- 'view unpublished epal criteria entities'
- 'view unpublished epal student course field entities'
- 'view unpublished epal student epal chosen entities'
- 'view unpublished epal student moria entities'
- 'view unpublished epal student sector field entities'
- 'view unpublished epal users entities'
- 'view published eepal admin area entities'
- 'view published eepal prefecture entities'
- 'view published eepal region entities'
- 'view published eepal school entities'
- 'view published eepal sectors entities'
- 'view published eepal sectors in epal entities'
- 'view published eepal specialties in epal entities'
- 'view published eepal specialty entities'
- 'view unpublished eepal admin area entities'
- 'view unpublished eepal prefecture entities'
- 'view unpublished eepal region entities'
- 'view unpublished eepal school entities'
- 'view unpublished eepal sectors entities'
- 'view unpublished eepal sectors in epal entities'
- 'view unpublished eepal specialties in epal entities'
- 'view unpublished eepal specialty entities'
langcode: el
status: true
dependencies: { }
id: regioneduadmin
label: regioneduadmin
weight: 6
is_admin: null
permissions:
- 'view published epal student class entities'
- 'view published epal student entities'
- 'view published epal class limits entities'
- 'view published epal criteria entities'
- 'view published epal student course field entities'
- 'view published epal student epal chosen entities'
- 'view published epal student moria entities'
- 'view published epal student sector field entities'
- 'view published epal users entities'
- 'view unpublished epal student class entities'
- 'view unpublished epal student entities'
- 'view unpublished epal class limits entities'
- 'view unpublished epal criteria entities'
- 'view unpublished epal student course field entities'
- 'view unpublished epal student epal chosen entities'
- 'view unpublished epal student moria entities'
- 'view unpublished epal student sector field entities'
- 'view unpublished epal users entities'
- 'view published eepal admin area entities'
- 'view published eepal prefecture entities'
- 'view published eepal region entities'
- 'view published eepal school entities'
- 'view published eepal sectors entities'
- 'view published eepal sectors in epal entities'
- 'view published eepal specialties in epal entities'
- 'view published eepal specialty entities'
- 'view unpublished eepal admin area entities'
- 'view unpublished eepal prefecture entities'
- 'view unpublished eepal region entities'
- 'view unpublished eepal school entities'
- 'view unpublished eepal sectors entities'
- 'view unpublished eepal sectors in epal entities'
- 'view unpublished eepal specialties in epal entities'
- 'view unpublished eepal specialty entities'
...@@ -7,6 +7,7 @@ import { Observable } from 'rxjs/Rx'; ...@@ -7,6 +7,7 @@ import { Observable } from 'rxjs/Rx';
import { IAppState } from '../store/store'; import { IAppState } from '../store/store';
import { HelperDataService } from '../services/helper-data-service'; import { HelperDataService } from '../services/helper-data-service';
import { CookieService } from 'ngx-cookie'; import { CookieService } from 'ngx-cookie';
import { STUDENT_ROLE } from '../constants';
import { import {
FormBuilder, FormBuilder,
FormGroup, FormGroup,
...@@ -74,7 +75,7 @@ export default class Home implements OnInit { ...@@ -74,7 +75,7 @@ export default class Home implements OnInit {
state.loginInfo.reduce(({}, loginInfoToken) => { state.loginInfo.reduce(({}, loginInfoToken) => {
this.authToken = loginInfoToken.auth_token; this.authToken = loginInfoToken.auth_token;
this.authRole = loginInfoToken.auth_role; this.authRole = loginInfoToken.auth_role;
if (this.authToken && this.authToken.length > 0 && this.authRole && this.authRole === 'student') if (this.authToken && this.authToken.length > 0 && this.authRole && this.authRole === STUDENT_ROLE)
this.router.navigate(['/parent-form']); this.router.navigate(['/parent-form']);
return loginInfoToken; return loginInfoToken;
}, {}); }, {});
......
...@@ -50,3 +50,6 @@ export const VALID_DATE_PATTERN = '([1-9]|0[1-9]|[12][0-9]|3[01])[- /.]([1-9]|0[ ...@@ -50,3 +50,6 @@ export const VALID_DATE_PATTERN = '([1-9]|0[1-9]|[12][0-9]|3[01])[- /.]([1-9]|0[
export const SCHOOL_ROLE = 'director'; export const SCHOOL_ROLE = 'director';
export const STUDENT_ROLE = 'student'; export const STUDENT_ROLE = 'student';
export const PDE_ROLE = 'pde';
export const DIDE_ROLE = 'dide';
export const MINISTRY_ROLE = 'minister';
...@@ -34,7 +34,7 @@ export class AuthService { ...@@ -34,7 +34,7 @@ export class AuthService {
resolve(false); resolve(false);
}, },
error => { error => {
console.log("Error Sending Verification Code"); console.log("Error Getting Auth Data");
reject("Error Getting Auth Data"); reject("Error Getting Auth Data");
}, },
() => console.log("Getting Auth Data")); () => console.log("Getting Auth Data"));
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment