Merge pull request #109 from BaranekD/facility_capabilities

vyskocilpavel · web-flow · commit b1b9e8a84945 · 2020-04-30T13:31:47.000+02:00
Added facility capabilities
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,8 @@
 All notable changes to this project will be documented in this file.
  
 ## [Unreleased]
+#### Added
+- Added facility capabilities to PerunEntitlement
 
 ## [v3.8.0]
 #### Changed
diff --git a/lib/Adapter.php b/lib/Adapter.php
@@ -190,6 +190,12 @@ abstract public function getMemberStatusByUserAndVo($user, $vo);
      */
     abstract public function getResourceCapabilities($entityId, $userGroups);
 
+    /**
+     * @param $entityId int entityId
+     * @return array of facility capabilities
+     */
+    abstract public function getFacilityCapabilities($entityId);
+
     /**
      * @param HasId[] $entities
      * @return HasId[] without duplicates
diff --git a/lib/AdapterLdap.php b/lib/AdapterLdap.php
@@ -418,4 +418,19 @@ public function getResourceCapabilities($entityId, $userGroups)
 
         return $resourceCapabilities;
     }
+
+    public function getFacilityCapabilities($entityId)
+    {
+        $facilityCapabilities = $this->connector->searchForEntity(
+            $this->ldapBase,
+            '(&(objectClass=perunFacility)(entityID=' . $entityId . '))',
+            [self::CAPABILITIES]
+        );
+
+        if (empty($facilityCapabilities)) {
+            return [];
+        }
+
+        return $facilityCapabilities['capabilities'];
+    }
 }
diff --git a/lib/AdapterRpc.php b/lib/AdapterRpc.php
@@ -544,4 +544,20 @@ public function getResourceCapabilities($entityId, $userGroups)
 
         return $capabilities;
     }
+
+    public function getFacilityCapabilities($entityId)
+    {
+        $facility = $this->getFacilityByEntityId($entityId);
+
+        if ($facility === null) {
+            return [];
+        }
+
+        $facilityCapabilities = $this->connector->get('attributesManager', 'getAttribute', [
+            'facility' => $facility->getId(),
+            'attributeName' => 'urn:perun:facility:attribute-def:def:capabilities'
+        ])['value'];
+
+        return $facilityCapabilities;
+    }
 }
diff --git a/lib/Auth/Process/PerunEntitlement.php b/lib/Auth/Process/PerunEntitlement.php
@@ -11,7 +11,8 @@
 /**
  * Class PerunEntitlement
  *
- * This filter joins eduPersonEntitlement, forwardedEduPersonEntitlement and resource capabilities
+ * This filter joins eduPersonEntitlement, forwardedEduPersonEntitlement, resource capabilities
+ * and facility capabilities
  *
  * @author Dominik Baránek <baranek@ics.muni.cz>
  * @author Pavel Vyskočil <Pavel.Vyskocil@cesnet.cz>
@@ -88,12 +89,12 @@ public function process(&$request)
         if ($this->releaseForwardedEntitlement) {
             $forwardedEduPersonEntitlement = $this->getForwardedEduPersonEntitlement($request);
         }
-        $resourceCapabilities = $this->getResourceCapabilities($request);
+        $capabilities = $this->getCapabilities($request);
 
         $request['Attributes'][$this->eduPersonEntitlement] = array_unique(array_merge(
             $eduPersonEntitlement,
             $forwardedEduPersonEntitlement,
-            $resourceCapabilities
+            $capabilities
         ));
     }
 
@@ -154,21 +155,18 @@ private function getForwardedEduPersonEntitlement(&$request)
         return $forwardedEduPersonEntitlement;
     }
 
-    private function getResourceCapabilities(&$request)
+    private function getCapabilities(&$request)
     {
-        if (isset($request['SPMetadata']['entityid'])) {
-            $spEntityId = $request['SPMetadata']['entityid'];
-        } else {
-            throw new Exception('perun:PerunEntitlement: Cannot find entityID of remote SP. ' .
-                'hint: Do you have this filter in IdP context?');
-        }
+        $spEntityId = $this->getSpEntityId($request);
+        $resourceCapabilities = $this->adapter->getResourceCapabilities($spEntityId, $request['perun']['groups']);
+        $facilityCapabilities = $this->adapter->getFacilityCapabilities($spEntityId);
 
-        $capabilities = $this->adapter->getResourceCapabilities($spEntityId, $request['perun']['groups']);
+        $capabilities = array_unique(array_merge($resourceCapabilities, $facilityCapabilities));
         $capabilitiesResult = [];
 
         foreach ($capabilities as $capability) {
-            $resourceCapability = $this->capabilitiesWrapper($capability);
-            array_push($capabilitiesResult, $resourceCapability);
+            $wrappedCapability = $this->capabilitiesWrapper($capability);
+            array_push($capabilitiesResult, $wrappedCapability);
         }
 
         return $capabilitiesResult;
@@ -243,4 +241,14 @@ private function encodeName($name)
 
         return $name;
     }
+
+    private function getSpEntityId(&$request)
+    {
+        if (isset($request['SPMetadata']['entityid'])) {
+            return $request['SPMetadata']['entityid'];
+        } else {
+            throw new Exception('perun:PerunEntitlement: Cannot find entityID of remote SP. ' .
+                'hint: Do you have this filter in IdP context?');
+        }
+    }
 }
