getByLogin($_SESSION['CAS']['login']); /* (3) If found -> store useful information */ if( is_array($by_login) && isset($by_login['idProfesseur']) && isset($by_login['admin']) ){ $_SESSION['CAS']['admin'] = (bool) $by_login['admin']; $_SESSION['CAS']['id'] = (int) $by_login['idProfesseur']; /* (4) If no login found -> remove CAS auth */ }else $_SESSION['CAS'] = []; } /* (3) Process AUTH ---------------------------------------------------------*/ /* (1) cas_admin | cas_user */ if( isset($_SESSION['CAS']['admin']) && is_bool($_SESSION['CAS']['admin']) ){ // by default: cas_user $_SESSION['AUTH'] = ['cas_user']; // if admin: cas_admin if( $_SESSION['CAS']['admin'] === true ) $_SESSION['AUTH'][] = 'cas_admin'; } /* (2) Other permissions */ // TODO } /* VERIFICATION DES ACCES EN FONCTION DE PERMISSIONS ATTENDUES * * @expected Liste des permissions attendues * * @return error Erreur associée à la permission (Success/PermissionError/TokenError/etc) * */ public static function permission($expected){ /* (1) Check format -> if not array of array(s) -> ERROR ---------------------------------------------------------*/ /* (1) If not array -> ERROR */ if( !is_array($expected) ) return new Error(Err::FormatError); /* (2) If not array of array(s) -> ERROR */ foreach($expected as $permission_group) if( !is_array($permission_group) ) return new Error(Err::FormatError); /* (2) For each OR group ---------------------------------------------------------*/ foreach($expected as $OR_group){ /* (1) By default suppose the group is valid */ // -> an empty group will grant permission to all $valid_group = true; /* (2) Check for each AND permission in the group */ foreach($OR_group as $AND_perm){ /* (3) If not in session.auth -> invalidate the permission group */ if( !in_array($AND_perm, $_SESSION['AUTH']) ){ $valid_group = false; break; } } /* (4) If valid group -> Success */ if( $valid_group ) return new Error(Err::Success); } /* (5) If no valid group -> permission error */ return new Error(Err::PermissionError); } } ?>