Skip to content
Snippets Groups Projects
Verified Commit 12d46edb authored by Jiří Prokop's avatar Jiří Prokop
Browse files

feat: method for getting resource attributes

parent ff4e91c2
Branches
Tags
1 merge request!314feat: method for getting the MFAEnfored resource attribute
Pipeline #325874 passed
Stage: .pre
Stage: test
Hide whitespace changes
Inline Side-by-side
config-templates/perun_attributes.php
+ 5
0
View file @ 12d46edb
...@@ -252,6 +252,11 @@ $config = [ ...@@ -252,6 +252,11 @@ $config = [
'ldap' => 'capabilities', 'ldap' => 'capabilities',
'type' => 'array', 'type' => 'array',
], ],
'perunResourceAttribute_MFAEnforced' => [
'rpc' => 'urn:perun:resource:attribute-def:def:proxyMFAEnforced',
'ldap' => 'proxyMFAEnforced',
'type' => 'bool',
],
/* /*
* ENTITYLESS ATTRIBUTES * ENTITYLESS ATTRIBUTES
......
lib/AdapterLdap.php
+ 83
0
View file @ 12d46edb
...@@ -743,4 +743,87 @@ class AdapterLdap extends Adapter ...@@ -743,4 +743,87 @@ class AdapterLdap extends Adapter
return array_values(array_unique($facilityCapabilities[self::CAPABILITIES])); return array_values(array_unique($facilityCapabilities[self::CAPABILITIES]));
} }
public function getResourceAttributeValues(
string $spEntityId,
string $entityIdAttr,
int $userId,
array $attributeNames
): array {
if (empty($spEntityId)) {
Logger::warning(
self::DEBUG_PREFIX .
'getResourceAttributeValues - empty spEntityId provided, returning empty array.'
);
return [];
}
$facility = $this->getFacilityByEntityId($spEntityId, $entityIdAttr);
if ($facility === null || $facility->getId() === null) {
Logger::warning(
self::DEBUG_PREFIX . sprintf(
'getResourceAttributeValues - no facility (or facility with null ID) found for EntityID \'%s\','
. 'returning empty array.',
$spEntityId
)
);
return [];
}
$resources = $this->connector->searchForEntities(
$this->ldapBase,
'(&(objectClass=perunResource)(perunFacilityDn=perunFacilityId=' . $facility->getId() . ','
. $this->ldapBase . '))',
['perunResourceId', self::ASSIGNED_GROUP_ID] + $attributeNames
);
if (empty($resources)) {
Logger::debug(
self::DEBUG_PREFIX . sprintf(
'getResourceAttributeValues - no resources found for SP with EntityID \'%s\','
. ' returning empty array.',
$spEntityId
)
);
return [];
}
$userGroups = $this->getUsersGroupsOnFacility($spEntityId, $userId, $entityIdAttr);
$userGroupsIds = [];
foreach ($userGroups as $userGroup) {
if ($userGroup === null || $userGroup->getId() === null) {
Logger::debug(
self::DEBUG_PREFIX .
'getResourceAttributeValues - skipping user group due to null group or null group ID.'
);
continue;
}
$userGroupsIds[] = $userGroup->getId();
}
$result = [];
foreach ($resources as $resource) {
if (($resource[self::ASSIGNED_GROUP_ID] ?? null) === null) {
Logger::debug(
self::DEBUG_PREFIX .
'getResourceAttributeValues - skipping resource due to null resource or null assigned group ID.'
);
continue;
}
foreach ($resource[self::ASSIGNED_GROUP_ID] as $groupId) {
if (in_array($groupId, $userGroupsIds, true)) {
$result[$resource['perunResourceId'][0]] = [];
foreach ($attributeNames as $attributeName) {
if (!empty($resource[$attributeName])) {
$result[$resource['perunResourceId'][0]][$attributeName] = array_merge(
$result[$resource['perunResourceId'][0]][$attributeName] ?? [],
$resource[$attributeName]
);
}
}
break;
}
}
}
return $result;
}
} }
lib/AdapterRpc.php
+ 65
0
View file @ 12d46edb
...@@ -901,6 +901,71 @@ class AdapterRpc extends Adapter ...@@ -901,6 +901,71 @@ class AdapterRpc extends Adapter
); );
} }
public function getResourceAttributeValues(
string $spEntityId,
string $entityIdAttr,
int $userId,
array $attributeNames
): array {
$facility = $this->getFacilityByEntityId($spEntityId, $entityIdAttr);
if ($facility === null || $facility->getId() === null) {
Logger::warning(
self::DEBUG_PREFIX . sprintf(
'getResourceAttributeValues - no facility (or facility with null ID) found for EntityID \'%s\','
. ' returning empty array.',
$spEntityId
)
);
return [];
}
$userResources = $this->connector->get(
'UsersManager',
'getAllowedResources',
['user' => $userId, 'facility' => $facility->getId()]
);
if (empty($userResources)) {
Logger::debug(
self::DEBUG_PREFIX . sprintf(
'getResourceAttributeValues - no resources with user access found for SP with EntityID \'%s\','
. ' returning empty array.',
$spEntityId
)
);
return [];
}
$result = [];
foreach ($userResources as $resource) {
if ($resource === null || $resource->getId() === null) {
Logger::debug(
self::DEBUG_PREFIX .
'getResourceAttributeValues - skipping resource due to null resource or null resource ID.'
);
continue;
}
$resourceId = $resource->getId();
$resourceAttributes = $this->connector->get('attributesManager', 'getAttributes', [
'resource' => $resourceId,
'attrNames' => $attributeNames
]);
foreach ($resourceAttributes as $resourceAttribute) {
$attributeName = $resourceAttribute['friendlyName'];
if (empty($resourceAttribute['value'])) {
Logger::debug(
self::DEBUG_PREFIX . 'getResourceAttributeValues - skipping attribute' .
$attributeName . 'due to empty(or false) value.'
);
continue;
}
$result[$resourceId][$attributeName][] = $resourceAttribute['value'];
}
}
return $result;
}
private function getAttributes($perunAttrs, $attrNamesMap) private function getAttributes($perunAttrs, $attrNamesMap)
{ {
$attributes = []; $attributes = [];
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment