Assign SSO roles based on title attribute(temporarily)

parent 56dfab87
......@@ -91,9 +91,9 @@ class CASLogin extends ControllerBase
$this->allowed2 = $CASOSTConfig->allowed2->value;
$this->allowed2Value = $CASOSTConfig->allowed2value->value;
}
// phpCAS::setDebug("/home/haris/devel/eepal/drupal/modules/casost/phpcas.log");
phpCAS::setDebug("/home/haris/devel/eepal/drupal/modules/casost/phpcas.log");
// Enable verbose error messages. Disable in production!
// phpCAS::setVerbose(true);
phpCAS::setVerbose(true);
phpCAS::client($this->serverVersion,
$this->serverHostname,
......@@ -124,6 +124,10 @@ class CASLogin extends ControllerBase
return $response;
}
$attributes = phpCAS::getAttributes();
foreach ($attributes as $attr_key => $attr_value) {
$this->logger->warning($attr_key);
$this->logger->warning(phpCAS::getAttribute($attr_key));
}
/* $isAllowed = true;
$att1 = $attributes[$this->allowed1];
......@@ -166,21 +170,37 @@ class CASLogin extends ControllerBase
$filterAttribute = function ($attribute) use ($attributes) {
if (!isset($attributes[$attribute])) {
return;
}
if (is_array($attributes[$attribute])) {
return $attributes[$attribute];
return false;
}
return $attributes[$attribute];
};
$exposedRole = 'director';
$internalRole = 'epal';
$CASTitle = preg_replace('/\s+/', '', $filterAttribute('title'));
if ($CASTitle === 'ΠΕΡΙΦΕΡΕΙΑΚΗΔΙΕΥΘΥΝΣΗΕΚΠΑΙΔΕΥΣΗΣ-ΠΔΕ') {
$exposedRole = 'pde';
$internalRole = 'regioneduadmin';
} else if ($CASTitle === 'ΔΙΕΥΘΥΝΣΗΔΕ-ΔIΔΕ') {
$exposedRole = 'dide';
$internalRole = 'eduadmin';
} else if ($CASTitle === 'ΕΠΑΛ') {
$exposedRole = 'director';
$internalRole = 'epal';
} else {
$response = new Response();
$this->logger->warning(t('Access is allowed only to official school accounts or administration'));
$response->setContent(t('Access is allowed only to official school accounts or administration'));
$response->setStatusCode(Response::HTTP_FORBIDDEN);
$response->headers->set('Content-Type', 'application/json;charset=UTF-8');
return $response;
}
// $this->logger->warning('cn=' . $filterAttribute('cn'));
$epalToken = $this->authenticatePhase2($request, $CASUser, $filterAttribute('cn'));
$epalToken = $this->authenticatePhase2($request, $CASUser, $internalRole, $filterAttribute('cn'));
if ($epalToken) {
$cookie = new Cookie('auth_token', $epalToken, 0, '/', null, false, false);
$cookie2 = new Cookie('auth_role', 'director', 0, '/', null, false, false);
$cookie2 = new Cookie('auth_role', $exposedRole, 0, '/', null, false, false);
return new RedirectResponseWithCookie($this->redirectUrl, 302, array ($cookie, $cookie2));
// $headers = array("auth_token" => $epalToken, "auth_role" => "director");
......@@ -203,7 +223,7 @@ class CASLogin extends ControllerBase
}
}
public function authenticatePhase2($request, $CASUser, $cn)
public function authenticatePhase2($request, $CASUser, $internalRole, $cn)
{
$trx = $this->connection->startTransaction();
try {
......@@ -241,7 +261,7 @@ class CASLogin extends ControllerBase
$user->set('preferred_admin_langcode', $language_interface->getId());
//Adding default user role
$user->addRole('epal');
$user->addRole($internalRole);
$user->save();
}
......
......@@ -110,6 +110,7 @@ class CASLogout extends ControllerBase
if (!$user) {
$this->logger->warning("user not found");
$response = new Response();
$response->setContent('forbidden');
$response->setStatusCode(Response::HTTP_FORBIDDEN);
......
langcode: el
status: true
dependencies: { }
id: eduadmin
label: eduadmin
weight: 5
is_admin: null
permissions:
- 'view published epal student class entities'
- 'view published epal student entities'
- 'view published epal class limits entities'
- 'view published epal criteria entities'
- 'view published epal student course field entities'
- 'view published epal student epal chosen entities'
- 'view published epal student moria entities'
- 'view published epal student sector field entities'
- 'view published epal users entities'
- 'view unpublished epal student class entities'
- 'view unpublished epal student entities'
- 'view unpublished epal class limits entities'
- 'view unpublished epal criteria entities'
- 'view unpublished epal student course field entities'
- 'view unpublished epal student epal chosen entities'
- 'view unpublished epal student moria entities'
- 'view unpublished epal student sector field entities'
- 'view unpublished epal users entities'
- 'view published eepal admin area entities'
- 'view published eepal prefecture entities'
- 'view published eepal region entities'
- 'view published eepal school entities'
- 'view published eepal sectors entities'
- 'view published eepal sectors in epal entities'
- 'view published eepal specialties in epal entities'
- 'view published eepal specialty entities'
- 'view unpublished eepal admin area entities'
- 'view unpublished eepal prefecture entities'
- 'view unpublished eepal region entities'
- 'view unpublished eepal school entities'
- 'view unpublished eepal sectors entities'
- 'view unpublished eepal sectors in epal entities'
- 'view unpublished eepal specialties in epal entities'
- 'view unpublished eepal specialty entities'
langcode: el
status: true
dependencies: { }
id: regioneduadmin
label: regioneduadmin
weight: 6
is_admin: null
permissions:
- 'view published epal student class entities'
- 'view published epal student entities'
- 'view published epal class limits entities'
- 'view published epal criteria entities'
- 'view published epal student course field entities'
- 'view published epal student epal chosen entities'
- 'view published epal student moria entities'
- 'view published epal student sector field entities'
- 'view published epal users entities'
- 'view unpublished epal student class entities'
- 'view unpublished epal student entities'
- 'view unpublished epal class limits entities'
- 'view unpublished epal criteria entities'
- 'view unpublished epal student course field entities'
- 'view unpublished epal student epal chosen entities'
- 'view unpublished epal student moria entities'
- 'view unpublished epal student sector field entities'
- 'view unpublished epal users entities'
- 'view published eepal admin area entities'
- 'view published eepal prefecture entities'
- 'view published eepal region entities'
- 'view published eepal school entities'
- 'view published eepal sectors entities'
- 'view published eepal sectors in epal entities'
- 'view published eepal specialties in epal entities'
- 'view published eepal specialty entities'
- 'view unpublished eepal admin area entities'
- 'view unpublished eepal prefecture entities'
- 'view unpublished eepal region entities'
- 'view unpublished eepal school entities'
- 'view unpublished eepal sectors entities'
- 'view unpublished eepal sectors in epal entities'
- 'view unpublished eepal specialties in epal entities'
- 'view unpublished eepal specialty entities'
......@@ -7,6 +7,7 @@ import { Observable } from 'rxjs/Rx';
import { IAppState } from '../store/store';
import { HelperDataService } from '../services/helper-data-service';
import { CookieService } from 'ngx-cookie';
import { STUDENT_ROLE } from '../constants';
import {
FormBuilder,
FormGroup,
......@@ -74,7 +75,7 @@ export default class Home implements OnInit {
state.loginInfo.reduce(({}, loginInfoToken) => {
this.authToken = loginInfoToken.auth_token;
this.authRole = loginInfoToken.auth_role;
if (this.authToken && this.authToken.length > 0 && this.authRole && this.authRole === 'student')
if (this.authToken && this.authToken.length > 0 && this.authRole && this.authRole === STUDENT_ROLE)
this.router.navigate(['/parent-form']);
return loginInfoToken;
}, {});
......
......@@ -50,3 +50,6 @@ export const VALID_DATE_PATTERN = '([1-9]|0[1-9]|[12][0-9]|3[01])[- /.]([1-9]|0[
export const SCHOOL_ROLE = 'director';
export const STUDENT_ROLE = 'student';
export const PDE_ROLE = 'pde';
export const DIDE_ROLE = 'dide';
export const MINISTRY_ROLE = 'minister';
......@@ -34,7 +34,7 @@ export class AuthService {
resolve(false);
},
error => {
console.log("Error Sending Verification Code");
console.log("Error Getting Auth Data");
reject("Error Getting Auth Data");
},
() => console.log("Getting Auth Data"));
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment