Project

General

Profile

Download (8.88 KB) Statistics
| Branch: | Tag: | Revision:
1
<?php
2
// $Id: shib_auth_admin.inc,v 1.1.2.5 2008/09/26 11:58:24 niif Exp $
3

    
4
/**
5
 * @file
6
 * Generate the administration form of the Shibboleth authentication module
7
 *
8
 * @returns HTML text of the administration form
9
 */
10
function shib_auth_admin() {
11
  $form = array();
12

    
13
  $form['shib_handler_settings'] = array(
14
    '#type'        => 'fieldset',
15
    '#title'       => t('Shibboleth handler settings'),
16
    '#weight'      => 0,
17
    '#collapsible' => FALSE,
18
  );
19

    
20
  $form['shib_attribute_settings'] = array(
21
    '#type'        => 'fieldset',
22
    '#title'       => t('Attribute settings'),
23
    '#weight'      => 0,
24
    '#collapsible' => FALSE,
25
  );
26

    
27
  $form['shib_handler_settings']['shib_auth_handler_url'] = array(
28
    '#type'          => 'textfield',
29
    '#title'         => t('Shibboleth handler URL'),
30
    '#default_value' => variable_get('shib_auth_handler_url', '/Shibboleth.sso'),
31
    '#description'   => t('The URL can be absolute or relative to the server base url: http://www.example.com/Shibboleth.sso; /Shibboleth.sso'),
32
  );
33

    
34
  $form['shib_handler_settings']['shib_auth_handler_protocol'] = array(
35
    '#type'          => 'select',
36
    '#title'         => t('Shibboleth handler protocol'),
37
    '#default_value' => variable_get('shib_auth_handler_protocol', 'https'),
38
    '#options'       => array(
39
      'http'  => t('HTTP'),
40
      'https' => t('HTTPS'),
41
    ),
42
    '#description'   => t('This option will be effective only if the handler URL is a relative path.'),
43
  );
44

    
45
  $form['shib_handler_settings']['shib_auth_wayf_uri'] = array(
46
    '#type'          => 'textfield',
47
    '#title'         => t('WAYF location'),
48
    '#default_value' => variable_get('shib_auth_wayf_uri', '/WAYF/HREF'),
49
  );
50
  
51
  $form['shib_handler_settings']['login_target_protocol'] = array(
52
    '#type'          => 'select',
53
    '#title'         => t('Shibboleth login target protocol'),
54
    '#default_value' => variable_get('login_target_protocol', 'https'),
55
    '#options'       => array(
56
      'http'  => t('HTTP'),
57
      'https' => t('HTTPS'),
58
    ),
59
    '#description'   => t('The protocol to use as target protocol after successful login.'),
60
  );
61

    
62
  global $base_url;
63
  $form['shib_handler_settings']['logout_return_url'] = array(
64
    '#type'          => 'textfield',
65
    '#title'         => t('Shibboleth logout return URL'),
66
    '#default_value' => variable_get('logout_return_url', $base_url),
67
    '#description'   => t('The URL to return to after logout. Must be an absolute URL.'),
68
  );
69

    
70
  $form['shib_attribute_settings']['shib_auth_username_variable'] = array(
71
    '#type'          => 'textfield',
72
    '#title'         => t('Server variable for username'),
73
    '#default_value' => variable_get('shib_auth_username_variable', 'REMOTE_USER'),
74
  );
75

    
76
  $form['shib_attribute_settings']['shib_auth_username_email'] = array(
77
    '#type'          => 'textfield',
78
    '#title'         => t('Server variable for e-mail address'),
79
    '#default_value' => variable_get('shib_auth_username_email', 'HTTP_SHIB_MAIL'),
80
  );
81

    
82
  $form['shib_attribute_debug']['shib_auth_debug_state'] = array(
83
    '#type'          => 'checkbox',
84
    '#title'         => t('Enable DEBUG mode.'),
85
    '#default_value' => variable_get('shib_auth_debug_state', FALSE),
86
  );
87
  
88
  return system_settings_form($form);
89
} // function shib_auth_admin()
90

    
91
/**
92
 * Clone an exists rule form based on new rule add form
93
 */
94
function shib_auth_clone_rule() {
95
  return shib_auth_edit_rule();
96
}//function shib_auth_clone_rule()
97

    
98
/**
99
 * Submit the cloned rule based on new rule add submit
100
 */
101
function shib_auth_clone_rule_submit($form_id, $form_values) {
102
  shib_auth_new_rule_form_submit($form_id, $form_values); 
103
}
104

    
105
/**
106
 * Delete a rule from the list.
107
 *
108
 * @param $rule_id Id of the rule what will be delete.
109
 */
110
function shib_auth_delete_rule($rule_id) {
111
  $result = db_query("DELETE FROM {shib_auth} WHERE id = %d", $rule_id);
112
  
113
  if ($result) {
114
    drupal_set_message('Rule <span style="font-weight: bold;">#'. $rule_id .'</span> has been deleted.', 'warning');
115
  }
116
  else {
117
    $message = 'Rule has not been deleted!';
118
    drupal_set_message(t($message), 'error');
119
    watchdog('shub_auth', $message, WATCHDOG_ERROR);
120
  }
121
  
122
  drupal_goto('admin/user/shib_auth/rules');
123
}//function shib_auth_delete_rule()
124

    
125
/**
126
 * List the added rule(s)
127
 *
128
 * @return Rule list in a HTML table
129
 */
130
function shib_auth_list_rules() {
131
  $header = array(
132
              array('data' => t('Attribute'), 'field' => 'field'),
133
              array('data' => t('RegExp'), 'field' => 'regexpression'),
134
              array('data' => t('Role(s)'), 'field' => 'role'),
135
              array('data' => t('Actions')),
136
            );
137
  $tablesort_sql = 'SELECT * FROM {shib_auth}'. tablesort_sql($header);
138
  $rules = db_query($tablesort_sql);
139

    
140
  if (!$rules) {
141
    return t('There is no rule in the database');
142
  }
143
  
144
  $row = array();
145
  while ($rule = db_fetch_array($rules)) {
146
    $user_roles = user_roles(TRUE);
147
    $roles = unserialize($rule['role']);
148
    $roles_list = '';
149
    if (!empty($roles)) $roles_list = implode(', ', $roles);
150
    
151
    $links = l(t('Clone') .' ', 'admin/user/shib_auth/rules/Clone/'. $rule['id']);
152
    $links .= l(t('Edit') .' ', 'admin/user/shib_auth/rules/Edit/'. $rule['id']);
153
    $links .= l(t('Delete') .' ', 'admin/user/shib_auth/rules/Delete/'. $rule['id']);
154
    
155
    $row[] = array($rule['field'], $rule['regexpression'], $roles_list, $links);
156
  }
157
  
158
  return theme_table($header, $row);
159
} // function shib_auth_list_rules()
160

    
161
/**
162
 * Rule edit form basedon new rule form
163
 *
164
 * @return array rule edit form array
165
 */
166
function shib_auth_edit_rule() {
167
  $rule_id = arg(5);
168
  
169
  $rule = db_query("SELECT * FROM {shib_auth} WHERE id = %d", array($rule_id));
170
  $exists_rule = db_fetch_array($rule);
171

    
172
  return shib_auth_new_rule_form($exists_rule);
173
}//function shib_auth_edit_rule()
174

    
175
/**
176
 * Submit the edited rule.
177
 * 
178
 * @param $form_id
179
 *  Id of the form.
180
 * @param $form_values
181
 *   Values of the POSTed form.
182
 */
183
function shib_auth_edit_rule_submit($form_id, $form_values) {
184
  $roles = _role_normalize($form_values['roles']);
185

    
186
  $result = db_query("UPDATE {shib_auth} SET field = '%s', regexpression = '%s', role = '%s' WHERE id = %d", $form_values['field'], $form_values['regexpression'], serialize($roles), arg(5));
187
  
188
  if ($result) {
189
    drupal_set_message(t('Rule was save.'));
190
    drupal_goto('admin/user/shib_auth/rules');
191
  }
192
  else {
193
    $message = 'Rule was not save into database!';
194
    drupal_set_message(t($message));
195
    watchdog('shib_auth_error', $message, WATCHDOG_ERROR);
196
  }
197

    
198
}
199

    
200
/**
201
 * Add a new rule form.
202
 * 
203
 * @param $editing_rule
204
 *  If edit or clone a rule it has value otherwise it is an empty array.
205
 * @return
206
 *  form API compatible array
207
 */
208
function shib_auth_new_rule_form($editing_rule = array()) {
209
  $form = array();
210
  
211
  $form['field'] = array(
212
    '#title'          => t('Shibboleth attribute name'),
213
    '#type'           => 'textfield',
214
    '#default_value'  => !empty($editing_rule['field'])?$editing_rule['field']:'',
215
    '#require'        => TRUE,
216
    '#description'    => t('More properly: <b>$_SERVER</b> field name; enable DEBUG mode to list available fields. <br/>Note that it might differ from your users\' fields.'),
217
  );
218
  
219
  $form['regexpression'] = array(
220
    '#title'          => t('Value (regexp)'),
221
    '#type'           => 'textfield',
222
    '#default_value'  => !empty($editing_rule['regexpression'])?$editing_rule['regexpression']:'',
223
    '#require'        => TRUE,
224
  );
225

    
226
  $roles = user_roles(TRUE);
227
  
228
  $edit_role = unserialize($editing_rule['role']);
229
  $form['roles'] = array(
230
    '#type' => 'checkboxes',
231
    '#title' => t('Roles'),
232
    '#default_value' => is_array($edit_role)?array_keys($edit_role):'',
233
    '#options' => $roles,
234
  );
235

    
236
  $form['submit'] = array(
237
    '#type' => 'submit',
238
    '#value' => t('@Action rule', array('@Action' => arg(4))),
239
  );
240

    
241
  //$form['#submit'][] = 'shib_auth_new_rule';
242
  
243
  return $form;
244
}//function shib_auth_new_rule_form()
245

    
246
/** 
247
 * New rule add submit implementation
248
 * 
249
 * @param $form_id 
250
 *  Id of the form what you process.
251
 * @param $form_values 
252
 *  Form values.
253
 */
254
function shib_auth_new_rule_form_submit($form_id, $form_values) {
255
  $roles = _role_normalize($form_values['roles']);
256

    
257
  $result = db_query("INSERT INTO {shib_auth} ".
258
                     "VALUES (%d, '%s', '%s', '%s' )", 
259
                    db_next_id('{shib_auth}_id'), 
260
                    $form_values['field'], 
261
                    $form_values['regexpression'], 
262
                    serialize($roles));
263
  if ($result) {
264
    drupal_set_message(t('Rule was save.'));
265
    drupal_goto('admin/user/shib_auth/rules');
266
  }
267
  else {
268
    $message = 'Rule was not save into database!';
269
    drupal_set_message(t($message));
270
    watchdog('shib_auth_error', $message, WATCHDOG_ERROR);
271
  }
272
}// function shib_auth_new_rule_form_submit
273

    
274

    
275
function _role_normalize($role_id) {
276
  $user_role = user_roles(TRUE);
277
  $roles = array();
278
 
279
  foreach ($role_id AS $key => $role_key) {
280
    if ($role_key !== 0) {
281
      $roles[$role_key] = $user_role[$role_key];
282
    }
283
  }
284

    
285
  return $roles;
286
}
(7-7/7)