From 94563df1659d9754e50426fc20d14019ce057c4e Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Mon, 1 Feb 2010 09:47:00 +0000
Subject: [PATCH] core: Add ScopeAttribute filter.
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2158 44740490-163a-0410-bde0-09ae8108e29a
---
modules/core/docs/authproc_scopeattribute.txt | 40 ++++++++
.../core/lib/Auth/Process/ScopeAttribute.php | 97 +++++++++++++++++++
2 files changed, 137 insertions(+)
create mode 100644 modules/core/docs/authproc_scopeattribute.txt
create mode 100644 modules/core/lib/Auth/Process/ScopeAttribute.php
diff --git a/modules/core/docs/authproc_scopeattribute.txt b/modules/core/docs/authproc_scopeattribute.txt
new file mode 100644
index 000000000..990e92694
--- /dev/null
+++ b/modules/core/docs/authproc_scopeattribute.txt
@@ -0,0 +1,40 @@
+`core:ScopeAttribute`
+=====================
+
+A filter which combines two attributes into a scoped attribute.
+
+Parameters
+----------
+
+`scopeAttribute`
+: The attribute that contains the scope.
+
+: If the attribute contains a '@', we will take the scope from the part following the '@'.
+ Otherwise, we will use the entire value.
+
+: If the attribute is multi-valued, we will add all the scopes to the target.
+
+
+`sourceAttribute`
+: The attribute that contains the values we shall add the scope to.
+
+: This attribute can be multi-valued, in which case we will add all the values.
+
+`targetAttribute`
+: The attribute we shall add the scoped attributes to.
+
+: If the attribute already exists, the new values will be merged into the existing attribute.
+
+
+Example
+-------
+
+Add eduPersonScopedAffiliation based on eduPersonAffiliation and eduPersonPrincipalName.
+
+ 10 => array(
+ 'class' => 'core:ScopeAttribute',
+ 'scopeAttribute' => 'eduPersonPrincipalName',
+ 'sourceAttribute' => 'eduPersonAffiliation',
+ 'targetAttribute' => 'eduPersonScopedAffiliation',
+ ),
+
diff --git a/modules/core/lib/Auth/Process/ScopeAttribute.php b/modules/core/lib/Auth/Process/ScopeAttribute.php
new file mode 100644
index 000000000..80cbdd4d0
--- /dev/null
+++ b/modules/core/lib/Auth/Process/ScopeAttribute.php
@@ -0,0 +1,97 @@
+<?php
+
+/**
+ * Add a scoped variant of an attribute.
+ *
+ * @package simpleSAMLphp
+ * @version $Id$
+ */
+class sspmod_core_Auth_Process_ScopeAttribute extends SimpleSAML_Auth_ProcessingFilter {
+
+ /**
+ * The attribute we extract the scope from.
+ *
+ * @var string
+ */
+ private $scopeAttribute;
+
+
+ /**
+ * The attribute we want to add scope to.
+ *
+ * @var string
+ */
+ private $sourceAttribute;
+
+
+ /**
+ * The attribute we want to add the scoped attributes to.
+ *
+ * @var string
+ */
+ private $targetAttribute;
+
+
+ /**
+ * Initialize this filter, parse configuration
+ *
+ * @param array $config Configuration information about this filter.
+ * @param mixed $reserved For future use.
+ */
+ public function __construct($config, $reserved) {
+ parent::__construct($config, $reserved);
+ assert('is_array($config)');
+
+ $config = SimpleSAML_Configuration::loadFromArray($config, 'ScopedAttributes');
+
+ $this->scopeAttribute = $config->getString('scopeAttribute');
+ $this->sourceAttribute = $config->getString('sourceAttribute');
+ $this->targetAttribute = $config->getString('targetAttribute');
+ }
+
+
+ /**
+ * Apply filter to rename attributes.
+ *
+ * @param array &$request The current request
+ */
+ public function process(&$request) {
+ assert('is_array($request)');
+ assert('array_key_exists("Attributes", $request)');
+
+ $attributes =& $request['Attributes'];
+
+ if (!isset($attributes[$this->scopeAttribute])) {
+ return;
+ }
+
+ if (!isset($attributes[$this->sourceAttribute])) {
+ return;
+ }
+
+ if (!isset($attributes[$this->targetAttribute])) {
+ $attributes[$this->targetAttribute] = array();
+ }
+
+ foreach ($attributes[$this->scopeAttribute] as $scope) {
+
+ if (strpos($scope, '@') !== FALSE) {
+ $scope = explode('@', $scope, 2);
+ $scope = $scope[1];
+ }
+
+ foreach ($attributes[$this->sourceAttribute] as $value) {
+ $value = $value . '@' . $scope;
+
+ if (in_array($value, $attributes[$this->targetAttribute], TRUE)) {
+ /* Already present. */
+ continue;
+ }
+
+ $attributes[$this->targetAttribute][] = $value;
+ }
+ }
+
+ }
+
+}
\ No newline at end of file
--
GitLab