Merge pull request #161 from CESNET/melanger-callable-entityID

allow callable for entityID configuration option in PerunEntitlement(Extended)

Author: Dominik František Bučík

CHANGELOG.md

@@ -2,6 +2,7 @@
 All notable changes to this project will be documented in this file.
 
 ## [Unreleased]
+- Added possibility to use a callable for entityID parameter in PerunEntitlement(Extended)
 
 ## [v5.1.1]
 #### Fixed

config-templates/processFilterConfigurations-example.md

@@ -54,6 +54,7 @@ Example how to enable/configure filter PerunEntitlement:
     # forwarded entitlement are released by default
     #'releaseForwardedEntitlement' => false, OPTIONAL
     'forwardedEduPersonEntitlement' => 'eduPersonEntitlement',
+    #'entityID' => function($request){return empty($request["saml:RequesterID"]) ? $request["SPMetadata"]["entityid"] : $request["saml:RequesterID"][0];},
 ),
 ```
 
@@ -69,6 +70,7 @@ Example how to enable/configure filter PerunEntitlement:
     # forwarded entitlement are released by default
     #'releaseForwardedEntitlement' => false, OPTIONAL
     'forwardedEduPersonEntitlement' => 'eduPersonEntitlement',
+    #'entityID' => function($request){return empty($request["saml:RequesterID"]) ? $request["SPMetadata"]["entityid"] : $request["saml:RequesterID"][0];},
 ),
 ```
 

lib/Auth/Process/PerunEntitlement.php

@@ -64,7 +64,7 @@ public function __construct($config, $reserved)
             $this->groupNameAARC ? Configuration::REQUIRED_OPTION : ''
         );
 
-        $this->entityId = $configuration->getString(self::ENTITY_ID, null);
+        $this->entityId = $configuration->getValue(self::ENTITY_ID, null);
 
         $interface = $configuration->getValueValidate(
             self::INTERFACE_PROPNAME,
@@ -82,6 +82,13 @@ public function process(&$request)
 
         if ($this->entityId === null) {
             $this->entityId = EntitlementUtils::getSpEntityId($request);
+        } elseif (is_callable($this->entityId)) {
+            $this->entityId = call_user_func($this->entityId, $request);
+        } elseif (!is_string($this->entityId)) {
+            throw new Exception(
+                'perun:PerunEntitlement: invalid configuration option entityID. ' .
+                'It must be a string or a callable.'
+            );
         }
 
         if (isset($request['perun']['groups'])) {

lib/Auth/Process/PerunEntitlementExtended.php

@@ -64,7 +64,7 @@ public function __construct($config, $reserved)
             $this->groupNameAARC ? Configuration::REQUIRED_OPTION : ''
         );
 
-        $this->entityId = $configuration->getString(self::ENTITY_ID, null);
+        $this->entityId = $configuration->getValue(self::ENTITY_ID, null);
 
         $interface = $configuration->getValueValidate(
             self::INTERFACE_PROPNAME,
@@ -82,6 +82,13 @@ public function process(&$request)
 
         if ($this->entityId === null) {
             $this->entityId = EntitlementUtils::getSpEntityId($request);
+        } elseif (is_callable($this->entityId)) {
+            $this->entityId = call_user_func($this->entityId, $request);
+        } elseif (!is_string($this->entityId)) {
+            throw new Exception(
+                'perun:PerunEntitlement: invalid configuration option entityID. ' .
+                'It must be a string or a callable.'
+            );
         }
 
         if (isset($request['perun']['groups'])) {