From a1b78cf83d2dd7fee83a3252fe91ae13a4460b55 Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Tue, 13 Mar 2012 09:40:13 +0000
Subject: [PATCH] consent: Allow disabling of consent for all SPs on a given
 IdP.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@3043 44740490-163a-0410-bde0-09ae8108e29a
---
 modules/consent/docs/consent.txt             |  8 +++++++-
 modules/consent/lib/Auth/Process/Consent.php | 17 ++++++++++++++++-
 2 files changed, 23 insertions(+), 2 deletions(-)

diff --git a/modules/consent/docs/consent.txt b/modules/consent/docs/consent.txt
index f156a10e4..2c5757409 100644
--- a/modules/consent/docs/consent.txt
+++ b/modules/consent/docs/consent.txt
@@ -188,7 +188,7 @@ Disabling consent
 -----------------
 
 It is possible to disable consent for a given service. You can add an option
-in the matadata on the IdP, that will disable consent for det given service.
+in the metadata on the IdP, that will disable consent for the given service.
 Add 'consent.disable' array option and enter the entityids of the services,
 that you do not want consent for.
 
@@ -200,6 +200,12 @@ Example:
         ...
     ),
 
+It is also possible to disable consent for all SPs for a given IdP by setting
+the 'consent.disable' option to TRUE:
+
+    'consent.disable' => TRUE,
+
+
    
 Attribute presentation
 ----------------------
diff --git a/modules/consent/lib/Auth/Process/Consent.php b/modules/consent/lib/Auth/Process/Consent.php
index 17b102725..d343506bd 100644
--- a/modules/consent/lib/Auth/Process/Consent.php
+++ b/modules/consent/lib/Auth/Process/Consent.php
@@ -127,6 +127,21 @@ class sspmod_consent_Auth_Process_Consent extends SimpleSAML_Auth_ProcessingFilt
         } 
     }
 
+    /**
+     * Helper function to check whether consent is disabled.
+     *
+     * @param mixed $option  The consent.disable option. Either an array or a boolean.
+     * @param string $entityIdD  The entityID of the SP/IdP.
+     * @return boolean  TRUE if disabled, FALSE if not.
+     */
+    private static function checkDisable($option, $entityId) {
+        if (is_array($option)) {
+            return in_array($entityId, $option, TRUE);
+        } else {
+            return (boolean)$option;
+        }
+    }
+
     /**
      * Process a authentication response
      *
@@ -167,7 +182,7 @@ class sspmod_consent_Auth_Process_Consent extends SimpleSAML_Auth_ProcessingFilt
         }
 
         // Do not use consent if disabled on source entity
-        if ( isset($state['Source']['consent.disable']) && in_array($spEntityId, $state['Source']['consent.disable'])) {
+        if (isset($state['Source']['consent.disable']) && self::checkDisable($state['Source']['consent.disable'], $spEntityId)) {
             SimpleSAML_Logger::debug('Consent: Consent disabled for entity ' . $spEntityId);
             return;
         }
-- 
GitLab