public function setUser(User $user) {
if ($user instanceOf GoogleAppsUser) {
$this->user = $user;
$this->authority = $user->getAuthenticationAuthority();
return true;
}
}
/**
* Sees if the given user matches the rule
* @param User $user a valid user object
* @return mixed, the action if the user matches the rule or false if the rule did not match
*/
public function evaluateForUser(User $user)
{
switch ($this->ruleType)
{
case self::RULE_TYPE_AUTHORITY:
/* if the value is all then see if the userID and authority are set and it's a MATCH
this will NOT match an anonymous user
*/
if ($this->ruleValue==self::RULE_VALUE_ALL) {
if ($user->getUserID() && $user->getAuthenticationAuthority()) {
return $this->ruleAction;
}
/* Otherwise see if the userID is set and the authority matches the rule value */
} elseif ($user->getUserID() && $user->getAuthenticationAuthorityIndex()==$this->ruleValue) {
return $this->ruleAction;
}
break;
case self::RULE_TYPE_USER:
/* if the value is all then see if the userID is set
this will NOT match an anonymous user
*/
if ($this->ruleValue==self::RULE_VALUE_ALL) {
if ($user->getUserID()) {
return $this->ruleAction;
}
} else {
/* user values are specified as AUTHORITY|userID */
$values = explode("|", $this->ruleValue);
switch (count($values)) {
case 1:
$authority = AuthenticationAuthority::getDefaultAuthenticationAuthorityIndex();
$userID = $values[0];
break;
case 2:
$authority = $values[0];
$userID = $values[1];
break;
}
/* see if the userID/email and authority match */
if ($user->getAuthenticationAuthorityIndex()==$authority) {
/* can match either userID or email */
if ($userID==self::RULE_VALUE_ALL) {
if ($user->getUserID()) {
return $this->ruleAction;
}
} else if ($user->getUserID()==$userID ||
(Validator::isValidEmail($userID) && $user->getEmail()==$userID)) {
return $this->ruleAction;
}
}
}
break;
case self::RULE_TYPE_GROUP:
/* Note: a group value of ALL is not valid */
/* group values are specified as AUTHORITY|group */
$values = explode("|", $this->ruleValue);
switch (count($values)) {
case 1:
$authority = AuthenticationAuthority::getDefaultAuthenticationAuthorityIndex();
$group = $values[0];
break;
case 2:
$authority = $values[0];
$group = $values[1];
break;
}
/* attempt to load the authority, then get the group */
if ($authority = AuthenticationAuthority::getAuthenticationAuthority($authority)) {
if ($group = $authority->getGroup($group)) {
/* see if the user is a member of the group */
if ($group->userIsMember($user)) {
return $this->ruleAction;
}
}
}
break;
case self::RULE_TYPE_EVERYONE:
/* always matches */
return $this->ruleAction;
break;
}
return false;
}
