phpPoA2
[ class tree: phpPoA2 ] [ index: phpPoA2 ] [ all elements ]

Class: PoA

Source Location: /PoA.php

Class Overview


Standard class that implements all the functionallity of the phpPoA.


Variables

Methods


Child classes:

AutoPoA
Class that automatically redirects to error pages if any error is detected.

Class Details

[line 46]
Standard class that implements all the functionallity of the phpPoA.



[ Top ]


Class Variables

$attributes =

[line 51]



Tags:

access:  protected

Type:   mixed


[ Top ]

$authn_engine =

[line 50]



Tags:

access:  protected

Type:   mixed


[ Top ]

$authz_engines =

[line 52]



Tags:

access:  protected

Type:   mixed


[ Top ]

$autoload =

[line 54]



Tags:

access:  protected

Type:   mixed


[ Top ]

$cfg =

[line 48]



Tags:

access:  protected

Type:   mixed


[ Top ]

$db_manager =

[line 53]



Tags:

access:  protected

Type:   mixed


[ Top ]

$handler =

[line 55]



Tags:

access:  protected

Type:   mixed


[ Top ]

$local_site =

[line 47]



Tags:

access:  protected

Type:   mixed


[ Top ]

$log =

[line 49]



Tags:

access:  protected

Type:   mixed


[ Top ]



Class Methods


constructor __construct [line 62]

PoA __construct( site $site, [file $file = null])

Main constructor. Configures the PoA and performs initialization.



Tags:

access:  public


Parameters:

site   $site   The identifier to determine which configuration to apply.
file   $file   The path to the configuration file.

[ Top ]

method addHook [line 127]

true addHook( name $name, hook $hook)

Attach a hook object to the appropriate entry point of the available authentication or authorization engines.



Tags:

return:  if the hook was successfully attached, false otherwise.
access:  public


Parameters:

name   $name   The name of the hook. Refer to each individual engine for a complete list of available hooks.
hook   $hook   A hook object with the function or method to attach.

[ Top ]

method authenticate [line 178]

AUTHN_SUCCESS authenticate( )

Perform a federated login for the user.



Tags:

return:  if authentication succeeds, AUTHN_FAILED in any other case.
access:  public


Overridden in child classes as:

AutoPoA::authenticate()

[ Top ]

method authorize [line 375]

AUTHZ_SUCCESS authorize( user $user, attrs $attrs, [reference $reference = null], [expires $expires = 0], [engine $engine = null])

Authorize a given subject with the data retrieved from federated login.

Multiple authorization engines are supported, so authorization will be done in all of them.




Tags:

return:  if any of the supported engines succeeds or if no authorization engine is configured. AUTHZ_FAILED if all the engines fail.
access:  public


Parameters:

user   $user   The subject of authorization.
attrs   $attrs   The attributes of the user.
reference   $reference   An internal reference that may be valuable for the engine, tipically referring to a previous invitation or similar.
expires   $expires   The time (POSIX) when authorization will expire. Use 0 if authorization should never expire. Defaults to 0.
engine   $engine   The authorization engine(s) to use. All engines are used if none specified. If more than one engine should be checked then this must be an array.

[ Top ]

method clean [line 113]

void clean( )



Tags:

access:  protected


[ Top ]

method getAttribute [line 265]

the getAttribute( name $name, namespace $namespace)

Get the value (or values) of an attribute, if present.



Tags:

return:  attribute value or an array containing all values. Null in any other case.
access:  public


Parameters:

name   $name   The name of the attribute.
namespace   $namespace   The namespace of the attribute, if any.

[ Top ]

method getAttributes [line 242]

an getAttributes( )

Retrieve the attributes provided by the user when logged in.



Tags:

return:  associative array containing all attributes.
access:  public


[ Top ]

method getAuthorizationEngines [line 456]

The getAuthorizationEngines( [engine $engine = null])

Returns the authorization engines configured for the current PoA, or the one specified.



Tags:

return:  authorization engine(s) requested if it was previously configured. If none was specified, all configured engines will be returned. An empty array will be returned if no authorization engines were found.
access:  public


Parameters:

engine   $engine   The name of the authorization engine to retrieve. If more than one engine should be returned then this must be an array.

[ Top ]

method getAuthorizationLevels [line 490]

An getAuthorizationLevels( user $user, attributes $attributes)

Get the authorization levels that match for the user specified, according to the configuration.

An array with the names of the levels matching the user is returned. An empty array is returned if no match is found.




Tags:

return:  array with the names of the levels matching the user, if any. An empty array will be returned if no match. Exception will be raised if no levels are defined for this PoA.
access:  public


Parameters:

user   $user   The user identifier.
attributes   $attributes   An array of attributes available for the user.

[ Top ]

method isAuthenticated [line 213]

AUTHN_SUCCESS isAuthenticated( )

Query the current status of the user in the federation.



Tags:

return:  if authentication succeeded, AUTHN_FAILED in any other case.
access:  public


[ Top ]

method isAuthorized [line 318]

AUTHZ_SUCCESS isAuthorized( user $user, attrs $attrs, [engine $engine = null])

Perform authorization for the a given subject.

Multiple authorization engines are supported, so authorization will succeed if any of these succeeds.




Tags:

return:  if any of the supported (or selected) engines succeeds or if no authorization engine is configured. AUTHZ_FAILED if all the engines fail.
access:  public


Overridden in child classes as:

AutoPoA::isAuthorized()

Parameters:

user   $user   The subject queried.
attrs   $attrs   The attributes of the user.
engine   $engine   The authorization engine(s) to use. All engines are used if none specified. If more than one engine should be checked then this must be an array.

[ Top ]

method logout [line 287]

true logout( slo $slo)

Remove the user's session and trigger a logout for the specified authentication protocol.



Tags:

return:  if success, false in any other case.
access:  public


Parameters:

slo   $slo   Whether to perform a Single Log Out or a local logout.

[ Top ]

method removeHook [line 152]

true removeHook( name $name, hook $hook)

Remove a hook from the specified entry point of the available authentication or authorization engines.



Tags:

return:  if the hook was successfully removed, false otherwise.
access:  public


Parameters:

name   $name   The name of the hook. Refer to each individual engine for a complete list of available hooks.
hook   $hook   The hook object which shall be removed.

[ Top ]

method revoke [line 415]

true revoke( mail $mail, [engine $engine = null])

Revoke authorization for a given subject identified by an e-mail.



Tags:

return:  if authorization is revoked correctly for all authorization engines, false in any other case.
access:  public


Parameters:

mail   $mail   The e-mail of the user.
engine   $engine   The authorization engine(s) to use. All engines are used if none specified. If more than one engine should be checked then this must be an array.

[ Top ]


Documentation generated on Tue, 25 Jan 2011 11:24:37 +0100 by phpDocumentor 1.4.3