Skip to content
This repository was archived by the owner on Sep 19, 2022. It is now read-only.

Commit 73b47b6

Browse files
vyskocilpavelvyskocilpavel
committed
Releasing forwardedEduPersonEntitlement is now optional
1 parent 4da1102 commit 73b47b6

File tree

2 files changed

+13
-1
lines changed

2 files changed

+13
-1
lines changed

CHANGELOG.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,8 @@
22
All notable changes to this project will be documented in this file.
33

44
## [Unreleased]
5+
#### Changed
6+
- Releasing forwardedEduPersonEntitlement is now optional (forwardedEduPersonEntitlement are released by default)
57

68
## [v3.7.4]
79
#### Added

lib/Auth/Process/PerunEntitlement.php

Lines changed: 11 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,18 +14,21 @@
1414
* This filter joins eduPersonEntitlement, forwardedEduPersonEntitlement and resource capabilities
1515
*
1616
* @author Dominik Baránek <[email protected]>
17+
* @author Pavel Vyskočil <[email protected]>
1718
*/
1819
class PerunEntitlement extends ProcessingFilter
1920
{
2021
const CONFIG_FILE_NAME = 'module_perun.php';
2122
const EDU_PERSON_ENTITLEMENT = 'eduPersonEntitlement';
23+
const RELEASE_FORWARDED_ENTITLEMENT = 'releaseForwardedEntitlement';
2224
const FORWARDED_EDU_PERSON_ENTITLEMENT = 'forwardedEduPersonEntitlement';
2325
const ENTITLEMENTPREFIX_ATTR = 'entitlementPrefix';
2426
const ENTITLEMENTAUTHORITY_ATTR = 'entitlementAuthority';
2527
const GROUPNAMEAARC_ATTR = 'groupNameAARC';
2628
const INTERFACE_PROPNAME = 'interface';
2729

2830
private $eduPersonEntitlement;
31+
private $releaseForwardedEntitlement;
2932
private $forwardedEduPersonEntitlement;
3033
private $entitlementPrefix;
3134
private $entitlementAuthority;
@@ -45,8 +48,12 @@ public function __construct($config, $reserved)
4548
self::EDU_PERSON_ENTITLEMENT . '.'
4649
);
4750
}
51+
$configuration = Configuration::loadFromArray($config);
52+
4853
$this->eduPersonEntitlement = $config[self::EDU_PERSON_ENTITLEMENT];
4954

55+
$this->releaseForwardedEntitlement = $configuration->getBoolean(self::RELEASE_FORWARDED_ENTITLEMENT, true);
56+
5057
if (!isset($config[self::FORWARDED_EDU_PERSON_ENTITLEMENT])) {
5158
throw new Exception(
5259
'perun:PerunEntitlement: missing mandatory configuration option ' .
@@ -77,7 +84,10 @@ public function __construct($config, $reserved)
7784
public function process(&$request)
7885
{
7986
$eduPersonEntitlement = $this->getEduPersonEntitlement($request);
80-
$forwardedEduPersonEntitlement = $this->getForwardedEduPersonEntitlement($request);
87+
$forwardedEduPersonEntitlement = [];
88+
if ($this->releaseForwardedEntitlement) {
89+
$forwardedEduPersonEntitlement = $this->getForwardedEduPersonEntitlement($request);
90+
}
8191
$resourceCapabilities = $this->getResourceCapabilities($request);
8292

8393
$request['Attributes'][$this->eduPersonEntitlement] = array_unique(array_merge(

0 commit comments

Comments
 (0)