Source for file AttributeFilterAuthzEngine.php
Documentation is available at AttributeFilterAuthzEngine.php
* @copyright Copyright 2005-2010 RedIRIS, http://www.rediris.es/
* This file is part of phpPoA2.
* phpPoA2 is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
* phpPoA2 is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with phpPoA2. If not, see <http://www.gnu.org/licenses/>.
* @license http://www.gnu.org/licenses/gpl.html GNU General Public License
* @author Jaime Perez <jaime.perez@rediris.es>
* This hook is executed right after retrieving the arrays of allowed and denied attributes that
* will be checked inmediately.
* It can be used to configure the filters on runtime and modify the user's attributes.
* The hook receives the attributes, and the allowed and denied attribute arrays.
* Functions for this hook must be defined like this:
* function attributeBeforeFilterHook(&$attrs, &$allowed, &$denied);
* Please bear in mind that hooks must return TRUE or they'll keep other hooks from executing.
define("ATTRIBUTE_BEFORE_FILTERS", "ATTRIBUTE_BEFORE_FILTERS");
* Authorization engine that works by checking the attributes of the user. The first match of an
* attribute against one of the filters will trigger the authorization result, no matter if it's
* @subpackage AttributeFilterAuthorizationEngine
$default = $this->cfg->getDefaultBehaviour();
$allowed = $this->cfg->getAllowedAttributes();
$denied = $this->cfg->getDeniedAttributes();
// run hook before checking patterns
$args = array($attrs, $allowed, $denied);
$allowed_match = $this->matches($attrs, $allowed);
$denied_match = $this->matches($attrs, $denied);
// check matches giving priority to the default setting
$order = array($default, !$default);
foreach ($order as $option) {
if ($option) { // check allowed attributes
trigger_error(msg('allowed-attr-match', array($allowed_match)), E_USER_WARNING);
} else { // check denied attributes
return $this->cfg->getAllowedAttributes();
public function authorize($user, $attrs, $ref, $expires = 0) {
public function revoke($mail) {
* Returns the attribute (or attributes) that matched a list of patterns.
* @param attrs An associative array of attributes to check.
* @param patterns An associative array of attributes and their patterns.
* @return The names of the attributes matched, comma separated if more than one.
private function matches($attrs, $patterns) {
foreach ($patterns as $key => $value) {
foreach ($value as $name => $pattern) {
if (!isset ($attrs[$name])) { // attribute not set, skip this option
// convert to array for easy handling
$attr = array($attrs[$name]);
// check if any of the possible values match
$some_val_matches = false;
foreach ($attr as $item) {
// attribute matches, continue
$some_val_matches = true;
if (!$some_val_matches) {
} else { // match just one attribute
if (!isset ($attrs[$key])) // attribute not set, skip this option
// convert to array for easy handling
$attr = array($attrs[$key]);
// check if any of the possible values match
$some_val_matches = false;
foreach ($attr as $item) {
// attribute matches, stop searching
|