Added optional attribute groupNamePrefix.

tauceti2 · tauceti2 · commit bc2284270680 · 2017-09-01T15:27:42.000+02:00
It allows to set prefix and follow recommendations of AARC for group membership expression.
diff --git a/lib/Auth/Process/PerunGroups.php b/lib/Auth/Process/PerunGroups.php
@@ -3,16 +3,19 @@
 /**
  * Class sspmod_perun_Auth_Process_PerunGroups
  *
- * This filter extracts group names from cached groups from PerunIdentity filter and save them into attribute.
- * It means it strongly relays on it.
- * It also translates (renames) given name of group based on associative array 'groupMapping' in SP metadata.
+ * This filter extracts group names from cached groups from PerunIdentity filter and save them into attribute defined by attrName. 
+ * By default attribute value will be filled with the groupNamePrefix + groupName.
+ *
+ * It is also capable of translation of (renames) group names using 'groupMapping' attribute in SP metadata.
  *
  * @author Ondrej Velisek <ondrejvelisek@gmail.com>
+ * @author Michal Prochazka <michalp@ics.muni.cz>
  */
 class sspmod_perun_Auth_Process_PerunGroups extends SimpleSAML_Auth_ProcessingFilter
 {
 
 	private $attrName;
+	private $groupNamePrefix;
 
 	public function __construct($config, $reserved)
 	{
@@ -24,6 +27,13 @@ public function __construct($config, $reserved)
 			throw new SimpleSAML_Error_Exception("perun:PerunGroups: missing mandatory configuration option 'attrName'.");
 		}
 		$this->attrName = (string) $config['attrName'];
+
+		if (!isset($config['groupNamePrefix'])) {
+			SimpleSAML_Logger::warning("perun:PerunGroups: optional attribute 'groupNamePrefix' missing, assuming empty prefix");
+			$this->groupNamePrefix = '';
+                } else {
+                	$this->groupNamePrefix = (string) $config['groupNamePrefix'];
+		}
 	}
 
 
@@ -59,9 +69,9 @@ protected function mapGroupName($request, $groupName) {
 			SimpleSAML_Logger::debug("Mapping $groupName to " . $request["SPMetadata"]["groupMapping"][$groupName] . " for SP " . $request["SPMetadata"]["entityid"]);
 			return $request["SPMetadata"]["groupMapping"][$groupName];
 		} else {
-			# No mapping defined
+			# No mapping defined, so just put groupNamePrefix in front of the group
 			SimpleSAML_Logger::debug("No mapping found for group $groupName for SP " . $request["SPMetadata"]["entityid"]);
-			return $groupName;
+			return $this->groupNamePrefix . $groupName;
 		}
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -3,16 +3,19 @@`
`3`	`3`	`/**`
`4`	`4`	`* Class sspmod_perun_Auth_Process_PerunGroups`
`5`	`5`	`*`
`6`		`- * This filter extracts group names from cached groups from PerunIdentity filter and save them into attribute.`
`7`		`- * It means it strongly relays on it.`
`8`		`- * It also translates (renames) given name of group based on associative array 'groupMapping' in SP metadata.`
	`6`	`+ * This filter extracts group names from cached groups from PerunIdentity filter and save them into attribute defined by attrName.`
	`7`	`+ * By default attribute value will be filled with the groupNamePrefix + groupName.`
	`8`	`+ *`
	`9`	`+ * It is also capable of translation of (renames) group names using 'groupMapping' attribute in SP metadata.`
`9`	`10`	`*`
`10`	`11`	`* @author Ondrej Velisek <[email protected]>`
	`12`	`+ * @author Michal Prochazka <[email protected]>`
`11`	`13`	`*/`
`12`	`14`	`class sspmod_perun_Auth_Process_PerunGroups extends SimpleSAML_Auth_ProcessingFilter`
`13`	`15`	`{`
`14`	`16`
`15`	`17`	`private $attrName;`
	`18`	`+ private $groupNamePrefix;`
`16`	`19`
`17`	`20`	`public function __construct($config, $reserved)`
`18`	`21`	`{`
`@@ -24,6 +27,13 @@ public function __construct($config, $reserved)`
`24`	`27`	`throw new SimpleSAML_Error_Exception("perun:PerunGroups: missing mandatory configuration option 'attrName'.");`
`25`	`28`	`}`
`26`	`29`	`$this->attrName = (string) $config['attrName'];`
	`30`	`+`
	`31`	`+ if (!isset($config['groupNamePrefix'])) {`
	`32`	`+ SimpleSAML_Logger::warning("perun:PerunGroups: optional attribute 'groupNamePrefix' missing, assuming empty prefix");`
	`33`	`+ $this->groupNamePrefix = '';`
	`34`	`+ } else {`
	`35`	`+ $this->groupNamePrefix = (string) $config['groupNamePrefix'];`
	`36`	`+ }`
`27`	`37`	`}`
`28`	`38`
`29`	`39`
`@@ -59,9 +69,9 @@ protected function mapGroupName($request, $groupName) {`
`59`	`69`	`SimpleSAML_Logger::debug("Mapping $groupName to " . $request["SPMetadata"]["groupMapping"][$groupName] . " for SP " . $request["SPMetadata"]["entityid"]);`
`60`	`70`	`return $request["SPMetadata"]["groupMapping"][$groupName];`
`61`	`71`	`} else {`
`62`		`- # No mapping defined`
	`72`	`+ # No mapping defined, so just put groupNamePrefix in front of the group`
`63`	`73`	`SimpleSAML_Logger::debug("No mapping found for group $groupName for SP " . $request["SPMetadata"]["entityid"]);`
`64`		`- return $groupName;`
	`74`	`+ return $this->groupNamePrefix . $groupName;`
`65`	`75`	`}`
`66`	`76`	`}`
`67`	`77`