/** * This function is an extension of the default SiteTree canView(), and allows viewing permissions for a SiteTree * object which has allowed a page to be presented to logged in users. With RealMe a logged in user is a user * which has authenticated with the identity provider, and we have stored a FLT in session. * * Return true, if the CanViewType is LoggedInUsers, and we have a valid RealMe Session authenticated. * * @param Member|int $member * * @return bool True if the current user can view this page */ public function canView($member) { switch ($this->owner->CanViewType) { case 'Anyone': return true; case 'Inherit': if ($this->owner->ParentID) { return $this->owner->Parent()->canView($member); } return $this->owner->getSiteConfig()->canViewPages($member); case 'LoggedInUsers': // check for any logged-in RealMe Sessions $data = $this->service->getUserData(); if (!is_null($data)) { return true; } if ($member && is_numeric($member)) { return true; } return false; case 'OnlyTheseUsers': if ($member && is_numeric($member)) { $member = DataObject::get_by_id('Member', $member); /** @var Member $member */ if ($member && $member->inGroups($this->owner->ViewerGroups())) { return true; } } } return false; }
/** * After a user is authenticated with realme, we attempt to verify the session. * * @return SS_HTTPResponse */ private function realMeACS() { $loggedIn = $this->service->enforceLogin(); if (true === $loggedIn) { return $this->owner->redirect($this->service->getBackURL()); } return Security::permissionFailure($this->owner, _t('RealMeSecurityExtension.LOGINFAILURE', 'Unfortunately we\'re not able to log you in through RealMe right now.')); }
/** * Ensure the consumerAssertionUrl is correct for this environment * * @param $forEnv */ private function validateConsumerAssertionURL($forEnv) { // Ensure the assertion consumer service location exists $consumerAssertionUrl = $this->service->getAssertionConsumerServiceUrlForEnvironment($forEnv); if (null === $consumerAssertionUrl) { $this->errors[] = _t('RealMeSetupTask.ERR_CONFIG_ASSERTION_SERVICE_URL', '', '', array('env' => $forEnv)); // no point in validating an invalid/missing url. return; } $urlParts = parse_url($consumerAssertionUrl); if ('localhost' === $urlParts['host'] || 'http' === $urlParts['scheme']) { $this->errors[] = _t('RealMeSetupTask.ERR_CONFIG_ASSERTION_SERVICE_URL', '', '', array('env' => $forEnv)); } }
/** * */ public function RealMeSessionData() { return $this->service->getUserData(); }