Loading classes/GrouperClient.php +59 −0 Original line number Diff line number Diff line Loading @@ -85,6 +85,65 @@ class GrouperClient { } } public function getSubjectPrivileges($subjectId) { $params = $this->getBaseRequestParams(); $params['subjectId'] = $subjectId; $params['subjectSourceId'] = 'RAP'; $response = $this->client->getGrouperPrivilegesLite($params); $privilegesMap = []; if ($this->isSuccess($response)) { if ($response->return->privilegeResults !== null) { foreach ($response->return->privilegeResults as $item) { $groupName = $item->wsGroup->name; $privilege = $item->privilegeName; if (!array_key_exists($groupName, $privilegesMap)) { $groupPrivileges = []; } else { $groupPrivileges = $privilegesMap[$groupName]; } $groupPrivileges[] = $privilege; $privilegesMap[$groupName] = $groupPrivileges; } } } return $privilegesMap; } private function getBasePrivilegeRequestParams($subjectId, $groupName, $privilegeNames) { $params = $this->getBaseRequestParams(); $params['wsSubjectLookups'] = array( 'subjectId' => $subjectId, 'subjectSourceId' => 'RAP' ); $params['wsGroupLookup'] = array( 'groupName' => $groupName ); $params['privilegeNames'] = $privilegeNames; return $params; } public function assignPrivileges($subjectId, $groupName, $privilegeNames) { $params = $this->getBasePrivilegeRequestParams($subjectId, $groupName, $privilegeNames); $params['allowed'] = 'T'; // true return $this->client->assignGrouperPrivileges($params); } public function removePrivileges($subjectId, $groupName, $privilegeNames) { $params = $this->getBasePrivilegeRequestParams($subjectId, $groupName, $privilegeNames); $params['allowed'] = 'F'; // false return $this->client->assignGrouperPrivileges($params); } public function addMemberships($subjectId, $groups) { foreach ($groups as $group) { Loading classes/MySQLDAO.php +5 −4 Original line number Diff line number Diff line Loading @@ -303,8 +303,9 @@ class MySQLDAO implements DAO { $stmt1->execute(); // Deleting user2 join requests $stmt3 = $dbh->prepare("DELETE FROM `join_request` WHERE `target_user_id` = :id2"); $stmt3->bindParam(':id2', $userId2); $stmt3 = $dbh->prepare("DELETE FROM `join_request` WHERE `target_user_id` = :tid2 OR `applicant_user_id` = :aid2"); $stmt3->bindParam(':tid2', $userId2); $stmt3->bindParam(':aid2', $userId2); $stmt3->execute(); // Deleting user2 Loading classes/UserHandler.php +19 −3 Original line number Diff line number Diff line Loading @@ -65,9 +65,25 @@ class UserHandler { if ($this->grouperConfig !== null) { $gc = new GrouperClient($this->grouperConfig); $groupsToMove = $gc->getSubjectGroups('RAP:' . $userId2); $gc->addMemberships('RAP:' . $userId1, $groupsToMove); $gc->removeMemberships('RAP:' . $userId2, $groupsToMove); $grouperUser1 = 'RAP:' . $userId1; $grouperUser2 = 'RAP:' . $userId2; $groupsToMove = $gc->getSubjectGroups($grouperUser2); $privilegesMap = $gc->getSubjectPrivileges($grouperUser2); // Adding memberships $gc->addMemberships($grouperUser1, $groupsToMove); // Adding privileges foreach ($privilegesMap as $groupName => $privileges) { $gc->assignPrivileges($grouperUser1, $groupName, $privileges); } // Removing privileges foreach ($privilegesMap as $groupName => $privileges) { $gc->removePrivileges($grouperUser2, $groupName, $privileges); } // Removing memberships $gc->removeMemberships($grouperUser2, $groupsToMove); } $this->dao->joinUsers($userId1, $userId2); Loading config.php +6 −0 Original line number Diff line number Diff line Loading @@ -64,6 +64,12 @@ $AUTHENTICATION_METHODS = array( 'callback' => $BASE_PATH . '/auth/oauth2/linkedin_token.php' ), 'X.509' => array(), 'DirectIdP' => array( 'url' => 'https://sso.ia2.inaf.it/Shibboleth.sso/Login?entityID=https://sso.ia2.inaf.it/idp/shibboleth&target=https://sso.ia2.inaf.it/rap-ia2/auth/saml2/aai.php', 'logo' => 'img/ia2-logo-60x60.png', 'logo_alt' => 'IA2 logo', 'description' => 'Use the IA2 Logo to Login if you have an account provided by IA2 or self registered' ) ); $GROUPER = array( Loading img/ia2-logo-60x60.png 0 → 100644 +1.79 KiB Loading image diff... Loading
classes/GrouperClient.php +59 −0 Original line number Diff line number Diff line Loading @@ -85,6 +85,65 @@ class GrouperClient { } } public function getSubjectPrivileges($subjectId) { $params = $this->getBaseRequestParams(); $params['subjectId'] = $subjectId; $params['subjectSourceId'] = 'RAP'; $response = $this->client->getGrouperPrivilegesLite($params); $privilegesMap = []; if ($this->isSuccess($response)) { if ($response->return->privilegeResults !== null) { foreach ($response->return->privilegeResults as $item) { $groupName = $item->wsGroup->name; $privilege = $item->privilegeName; if (!array_key_exists($groupName, $privilegesMap)) { $groupPrivileges = []; } else { $groupPrivileges = $privilegesMap[$groupName]; } $groupPrivileges[] = $privilege; $privilegesMap[$groupName] = $groupPrivileges; } } } return $privilegesMap; } private function getBasePrivilegeRequestParams($subjectId, $groupName, $privilegeNames) { $params = $this->getBaseRequestParams(); $params['wsSubjectLookups'] = array( 'subjectId' => $subjectId, 'subjectSourceId' => 'RAP' ); $params['wsGroupLookup'] = array( 'groupName' => $groupName ); $params['privilegeNames'] = $privilegeNames; return $params; } public function assignPrivileges($subjectId, $groupName, $privilegeNames) { $params = $this->getBasePrivilegeRequestParams($subjectId, $groupName, $privilegeNames); $params['allowed'] = 'T'; // true return $this->client->assignGrouperPrivileges($params); } public function removePrivileges($subjectId, $groupName, $privilegeNames) { $params = $this->getBasePrivilegeRequestParams($subjectId, $groupName, $privilegeNames); $params['allowed'] = 'F'; // false return $this->client->assignGrouperPrivileges($params); } public function addMemberships($subjectId, $groups) { foreach ($groups as $group) { Loading
classes/MySQLDAO.php +5 −4 Original line number Diff line number Diff line Loading @@ -303,8 +303,9 @@ class MySQLDAO implements DAO { $stmt1->execute(); // Deleting user2 join requests $stmt3 = $dbh->prepare("DELETE FROM `join_request` WHERE `target_user_id` = :id2"); $stmt3->bindParam(':id2', $userId2); $stmt3 = $dbh->prepare("DELETE FROM `join_request` WHERE `target_user_id` = :tid2 OR `applicant_user_id` = :aid2"); $stmt3->bindParam(':tid2', $userId2); $stmt3->bindParam(':aid2', $userId2); $stmt3->execute(); // Deleting user2 Loading
classes/UserHandler.php +19 −3 Original line number Diff line number Diff line Loading @@ -65,9 +65,25 @@ class UserHandler { if ($this->grouperConfig !== null) { $gc = new GrouperClient($this->grouperConfig); $groupsToMove = $gc->getSubjectGroups('RAP:' . $userId2); $gc->addMemberships('RAP:' . $userId1, $groupsToMove); $gc->removeMemberships('RAP:' . $userId2, $groupsToMove); $grouperUser1 = 'RAP:' . $userId1; $grouperUser2 = 'RAP:' . $userId2; $groupsToMove = $gc->getSubjectGroups($grouperUser2); $privilegesMap = $gc->getSubjectPrivileges($grouperUser2); // Adding memberships $gc->addMemberships($grouperUser1, $groupsToMove); // Adding privileges foreach ($privilegesMap as $groupName => $privileges) { $gc->assignPrivileges($grouperUser1, $groupName, $privileges); } // Removing privileges foreach ($privilegesMap as $groupName => $privileges) { $gc->removePrivileges($grouperUser2, $groupName, $privileges); } // Removing memberships $gc->removeMemberships($grouperUser2, $groupsToMove); } $this->dao->joinUsers($userId1, $userId2); Loading
config.php +6 −0 Original line number Diff line number Diff line Loading @@ -64,6 +64,12 @@ $AUTHENTICATION_METHODS = array( 'callback' => $BASE_PATH . '/auth/oauth2/linkedin_token.php' ), 'X.509' => array(), 'DirectIdP' => array( 'url' => 'https://sso.ia2.inaf.it/Shibboleth.sso/Login?entityID=https://sso.ia2.inaf.it/idp/shibboleth&target=https://sso.ia2.inaf.it/rap-ia2/auth/saml2/aai.php', 'logo' => 'img/ia2-logo-60x60.png', 'logo_alt' => 'IA2 logo', 'description' => 'Use the IA2 Logo to Login if you have an account provided by IA2 or self registered' ) ); $GROUPER = array( Loading
