/** * @param IOpenIdUser $user * @param $realm * @param array $data * @return array|mixed * @throws \Exception */ public function getTrustedSites(IOpenIdUser $user, $realm, $data = array()) { $res = array(); try { if (!OpenIdUriHelper::isValidRealm($realm)) { throw new OpenIdInvalidRealmException(sprintf('realm %s is invalid', $realm)); } //get all possible sub-domains $sub_domains = $this->getSubDomains($realm); $sites = $this->repository->getMatchingOnesByUserId($user->getId(), $sub_domains, $data); //iterate over all retrieved sites and check the set policies by user foreach ($sites as $site) { $policy = $site->getAuthorizationPolicy(); //if denied then break if ($policy == IAuthService::AuthorizationResponse_DenyForever) { array_push($res, $site); break; } $trusted_data = $site->getData(); $diff = array_diff($data, $trusted_data); //if pre approved data is contained or equal than a former one if (count($diff) == 0) { array_push($res, $site); break; } } } catch (Exception $ex) { $this->log_service->error($ex); throw $ex; } return $res; }