CESNET
diff --git a/‎config-templates/processFilterConfigurations-example.md‎
Lines changed: 24 additions & 1 deletion b/‎config-templates/processFilterConfigurations-example.md‎
Lines changed: 24 additions & 1 deletion
diff --git a/‎lib/Adapter.php‎
Lines changed: 17 additions & 1 deletion b/‎lib/Adapter.php‎
Lines changed: 17 additions & 1 deletion
diff --git a/‎lib/AdapterLdap.php‎
Lines changed: 45 additions & 6 deletions b/‎lib/AdapterLdap.php‎
Lines changed: 45 additions & 6 deletions
diff --git a/‎lib/AdapterRpc.php‎
Lines changed: 58 additions & 11 deletions b/‎lib/AdapterRpc.php‎
Lines changed: 58 additions & 11 deletions
diff --git a/‎lib/Auth/Process/ForceAup.php‎
Lines changed: 6 additions & 0 deletions b/‎lib/Auth/Process/ForceAup.php‎
Lines changed: 6 additions & 0 deletions
@@ -297,15 +297,38 @@ Configuration options:
 * `vo_short_names_attr`: mapping to the attribute containing shortnames of the VOs for which the service has resources (gives access to the groups).
 * `registration_link_attr`: mapping to the attribute containing custom service registration link. Filter adds the callback URL, to which to redirect user after the registration, as query string in form of 'callback=URL'.
 * `allow_registration_attr`: mapping to the attribute containing flag, if registration in case of denied access is enabled
+* `handle_unsatisfied_membership`: whether handle unsatisfied membership
 
 ```php
 25 => [
     'class' => 'perun:SpAuthorization',
-    'interface' => 'LDAP',
+    'interface' => 'ldap',
     'registrar_url' => 'https://signup.perun.cesnet.cz/fed/registrar/',
     'check_group_membership_attr' => 'check_group_membership',
     'vo_short_names_attr' => 'vo_short_names',
     'registration_link_attr' => 'registration_link',
     'allow_registration_attr' => 'allow_registration',
+    'handle_unsatisfied_membership' => true,
+],
+```
+
+## EnsureVOMember
+
+Checks whether the user is in the given VO (group). If not, redirects him/her to the registration.
+
+Configuration options:
+* `registrationUrl`: URL to the registration
+* `voShortName`: VO shortname to check the user's membership
+* `groupName`: OPTIONAL, checks that user is in given group
+* `callbackParameterName`: name of the parameter wich will hold callback URL, where the user should be redirected after the AUP approval on URL configured in the `approval_url` property,
+* `interface`: specifies what interface of Perun should be used to fetch data. See class `SimpleSAML\Module\perun\PerunAdapter` for more details.
+```php
+25 => [
+    'class' => 'perun:PerunEnsureMember',
+    'registerUrl' => 'https://signup.perun.cesnet.cz/fed/registrar/',
+    'voShortName' => 'cesnet',
+    'groupName' => 'cesnet_group_name', // optional
+    'callbackParameterName' => 'targetnew',
+    'interface' => 'ldap',
 ],
 ```
@@ -84,6 +84,14 @@ abstract public function getVoById($id);
      */
     abstract public function getMemberGroups($user, $vo);
 
+    /**
+     * @param User $user perun user
+     * @param Vo   $vo   vo we are working with
+     *
+     * @return Group[] groups from vo where user is valid
+     */
+    abstract public function getGroupsWhereMemberIsActive($user, $vo);
+
     /**
      * @param string $spEntityId entity id of the sp
      *
@@ -170,7 +178,15 @@ abstract public function getFacilityByClientId($clientId, $clientIdAttr);
      *
      * @return Group[] from vo which are assigned to all facilities with spEntityId for this userId
      */
-    abstract public function getUsersGroupsOnFacility($spEntityId, $userId);
+    abstract public function getUsersGroupsOnSp($spEntityId, $userId);
+
+    /**
+     * @param Facility $facility entity id of the sp
+     * @param int      $userId
+     *
+     * @return Group[] from vo which are assigned to all facilities with spEntityId for this userId
+     */
+    abstract public function getUsersGroupsOnFacility($facility, $userId);
 
     /**
      * @param <String, String> map $attribute
 
@@ -152,6 +152,43 @@ public function getMemberGroups($user, $vo)
         return $groups;
     }
 
+    public function getGroupsWhereMemberIsActive($user, $vo)
+    {
+        $userId = $user->getId();
+        $userWithMembership = $this->connector->searchForEntity(
+            'perunUserId=' . $userId . ',ou=People,' . $this->ldapBase,
+            '(objectClass=perunUser)',
+            ['perunUserId', 'memberOf']
+        );
+
+        $groups = [];
+        foreach ($userWithMembership['memberOf'] as $groupDn) {
+            $voId = explode('=', explode(',', $groupDn)[1], 2)[1];
+            if ($voId !== $vo->getId()) {
+                continue;
+            }
+
+            $group = $this->connector->searchForEntity(
+                $groupDn,
+                '(objectClass=perunGroup)',
+                ['perunGroupId', 'cn', 'perunUniqueGroupName', 'perunVoId', 'uuid', 'description']
+            );
+            array_push(
+                $groups,
+                new Group(
+                    $group['perunGroupId'][0],
+                    $group['perunVoId'][0],
+                    $group['uuid'][0],
+                    $group['cn'][0],
+                    $group['perunUniqueGroupName'][0],
+                    $group['description'][0] ?? ''
+                )
+            );
+        }
+
+        return $groups;
+    }
+
     public function getSpGroups(string $spEntityId): array
     {
         $facility = $this->getFacilityByEntityId($spEntityId);
@@ -424,14 +461,18 @@ public function setUserExtSourceAttributes($userExtSourceId, $attributes)
         $this->fallbackAdapter->setUserExtSourceAttributes($userExtSourceId, $attributes);
     }
 
-    public function getUsersGroupsOnFacility($spEntityId, $userId)
+    public function getUsersGroupsOnSp($spEntityId, $userId)
     {
         $facility = $this->getFacilityByEntityId($spEntityId);
 
+        return self::getUsersGroupsOnFacility($facility, $userId);
+    }
+
+    public function getUsersGroupsOnFacility($facility, $userId)
+    {
         if (null === $facility) {
             return [];
         }
-
         $id = $facility->getId();
 
         $resources = $this->connector->searchForEntities(
@@ -442,7 +483,7 @@ public function getUsersGroupsOnFacility($spEntityId, $userId)
         Logger::debug('Resources - ' . json_encode($resources));
 
         if (null === $resources) {
-            throw new Exception('Service with spEntityId: ' . $spEntityId . ' hasn\'t assigned any resource.');
+            throw new Exception('Service with ID: ' . $id . ' hasn\'t assigned any resource.');
         }
         $resourcesString = '(|';
         foreach ($resources as $resource) {
@@ -470,10 +511,8 @@ public function getUsersGroupsOnFacility($spEntityId, $userId)
                 )
             );
         }
-        $resultGroups = $this->removeDuplicateEntities($resultGroups);
-        Logger::debug('Groups - ' . json_encode($resultGroups));
 
-        return $resultGroups;
+        return $this->removeDuplicateEntities($resultGroups);
     }
 
     public function getMemberStatusByUserAndVo($user, $vo)
 
@@ -154,6 +154,48 @@ public function getMemberGroups($user, $vo)
         return $convertedGroups;
     }
 
+    public function getGroupsWhereMemberIsActive($user, $vo)
+    {
+        try {
+            $member = $this->connector->get('membersManager', 'getMemberByUser', [
+                'vo' => $vo->getId(),
+                'user' => $user->getId(),
+            ]);
+
+            $memberGroups = $this->connector->get('groupsManager', 'getGroupsWhereMemberIsActive', [
+                'member' => $member['id'],
+            ]);
+        } catch (PerunException $e) {
+            return [];
+        }
+
+        $convertedGroups = [];
+        foreach ($memberGroups as $group) {
+            try {
+                $attr = $this->connector->get('attributesManager', 'getAttribute', [
+                    'group' => $group['id'],
+                    'attributeName' => 'urn:perun:group:attribute-def:virt:voShortName',
+                ]);
+                $uniqueName = $attr['value'] . ':' . $group['name'];
+                array_push(
+                    $convertedGroups,
+                    new Group(
+                        $group['id'],
+                        $group['voId'],
+                        $group['uuid'],
+                        $group['name'],
+                        $uniqueName,
+                        $group['description']
+                    )
+                );
+            } catch (PerunException $e) {
+                continue;
+            }
+        }
+
+        return $convertedGroups;
+    }
+
     public function getSpGroups(string $spEntityId): array
     {
         $facility = $this->getFacilityByEntityId($spEntityId);
@@ -338,13 +380,17 @@ public function getFacilityAttribute($facility, $attrName)
         return $perunAttr['value'];
     }
 
-    public function getUsersGroupsOnFacility($spEntityId, $userId)
+    public function getUsersGroupsOnSp($spEntityId, $userId)
     {
         $facility = $this->getFacilityByEntityId($spEntityId);
-        $groups = [];
 
+        return self::getUsersGroupsOnFacility($facility, $userId);
+    }
+
+    public function getUsersGroupsOnFacility($facility, $userId)
+    {
         if (null === $facility) {
-            return $groups;
+            return [];
         }
 
         $usersGroupsOnFacility = $this->connector->get(
@@ -357,6 +403,8 @@ public function getUsersGroupsOnFacility($spEntityId, $userId)
             ]
         );
 
+        $groups = [];
+
         foreach ($usersGroupsOnFacility as $usersGroupOnFacility) {
             if (isset($usersGroupOnFacility['attributes'][0]['friendlyName']) &&
                 'voShortName' === $usersGroupOnFacility['attributes'][0]['friendlyName']) {
@@ -685,14 +733,13 @@ private function getAttributes($perunAttrs, $attrNamesMap)
 
         foreach ($perunAttrs as $perunAttr) {
             $perunAttrName = $perunAttr['namespace'] . ':' . $perunAttr['friendlyName'];
-            $attributes[$attrNamesMap[$perunAttrName]] = [
-                'id' => $perunAttr['id'],
-                'name' => $attrNamesMap[$perunAttrName],
-                'displayName' => $perunAttr['displayName'],
-                'type' => $perunAttr['type'],
-                'value' => $perunAttr['value'],
-                'friendlyName' => $perunAttr['friendlyName'],
-            ];
+            $attribute = [];
+            foreach (array_keys($perunAttr) as $key) {
+                $attribute[$key] = $perunAttr[$key];
+            }
+
+            $attribute['name'] = $attrNamesMap[$perunAttrName];
+            $attributes[$attrNamesMap[$perunAttrName]] = $attribute;
         }
 
         return $attributes;
 
@@ -265,6 +265,12 @@ private function fillAupsToBeApproved($requestedAups, $aups, $userApprovedAups)
     {
         $aupsToBeApproved = [];
         foreach ($requestedAups as $requestedAup) {
+            if (!array_key_exists($requestedAup, $aups)) {
+                Logger::debug(
+                    'perun:ForceAup - Requested AUP \'' . $requestedAup . '\' is not in the list of VO AUPS, probably VO does not have AUP'
+                );
+                continue;
+            }
             $aupsInJson = $aups[$requestedAup];
             if (empty($aupsInJson)) {
                 continue;