public function setUser(User $user) { if ($user instanceOf GoogleAppsUser) { $this->user = $user; $this->authority = $user->getAuthenticationAuthority(); return true; } }
/** * Sees if the given user matches the rule * @param User $user a valid user object * @return mixed, the action if the user matches the rule or false if the rule did not match */ public function evaluateForUser(User $user) { switch ($this->ruleType) { case self::RULE_TYPE_AUTHORITY: /* if the value is all then see if the userID and authority are set and it's a MATCH this will NOT match an anonymous user */ if ($this->ruleValue==self::RULE_VALUE_ALL) { if ($user->getUserID() && $user->getAuthenticationAuthority()) { return $this->ruleAction; } /* Otherwise see if the userID is set and the authority matches the rule value */ } elseif ($user->getUserID() && $user->getAuthenticationAuthorityIndex()==$this->ruleValue) { return $this->ruleAction; } break; case self::RULE_TYPE_USER: /* if the value is all then see if the userID is set this will NOT match an anonymous user */ if ($this->ruleValue==self::RULE_VALUE_ALL) { if ($user->getUserID()) { return $this->ruleAction; } } else { /* user values are specified as AUTHORITY|userID */ $values = explode("|", $this->ruleValue); switch (count($values)) { case 1: $authority = AuthenticationAuthority::getDefaultAuthenticationAuthorityIndex(); $userID = $values[0]; break; case 2: $authority = $values[0]; $userID = $values[1]; break; } /* see if the userID/email and authority match */ if ($user->getAuthenticationAuthorityIndex()==$authority) { /* can match either userID or email */ if ($userID==self::RULE_VALUE_ALL) { if ($user->getUserID()) { return $this->ruleAction; } } else if ($user->getUserID()==$userID || (Validator::isValidEmail($userID) && $user->getEmail()==$userID)) { return $this->ruleAction; } } } break; case self::RULE_TYPE_GROUP: /* Note: a group value of ALL is not valid */ /* group values are specified as AUTHORITY|group */ $values = explode("|", $this->ruleValue); switch (count($values)) { case 1: $authority = AuthenticationAuthority::getDefaultAuthenticationAuthorityIndex(); $group = $values[0]; break; case 2: $authority = $values[0]; $group = $values[1]; break; } /* attempt to load the authority, then get the group */ if ($authority = AuthenticationAuthority::getAuthenticationAuthority($authority)) { if ($group = $authority->getGroup($group)) { /* see if the user is a member of the group */ if ($group->userIsMember($user)) { return $this->ruleAction; } } } break; case self::RULE_TYPE_EVERYONE: /* always matches */ return $this->ruleAction; break; } return false; }