L_OK = 0
This class represents a known CAT User (i.e. an institution and/or federation adiministrator).
IdPs have properties of their own, and may have one or more Profiles. The profiles can override the institution-wide properties.
$attributes : mixed|string|int
This variable gets initialised with the known IdP attributes in the constructor. It never gets updated until the object is destroyed. So if attributes change in the database, and IdP attributes are to be queried afterwards, the object needs to be re-instantiated to have current values in this variable.
Class constructor. The required argument is a user's persistent identifier as was returned by the authentication source.
Logs the start of lifetime of the entity to the debug log on levels 3 and higher.
User Identifier as per authentication source
getAttributes( optionName = NULL) : mixed|string|int
This function retrieves the entity's attributes.
If called with the optional parameter, only attribute values for the attribute name in $optionName are retrieved; otherwise, all attributes are retrieved. The retrieval is in-memory from the internal attributes class member - no DB callback, so changes in the database during the class instance lifetime are not considered.
optionally, the name of the attribute that is to be retrieved
of arrays of attributes which were set for this IdP
getAttributeValue(mixed|string|int attributeArray, string|int index1, string|int index2) : \core\any
This is a helper fuction to retreave a value from two-dimmentional arrays The function tests if the value for the first indes is defined and then the same with the second and finally returns the value if something on the way is not defined, NULL is returned
value or NULL
addAttribute( attrName, attrLang, attrValue)
Adds an attribute for the entity instance into the database. Multiple instances of the same attribute are supported.
Name of the attribute. This must be a well-known value from the profile_option_dict table in the DB.
language of the attribute. Can be NULL.
Value of the attribute. Can be anything; will be stored in the DB as-is.
fetchRawDataByIndex( table, row) : string|bool
Retrieves data from the underlying tables, for situations where instantiating the IdP or Profile object is inappropriate
institution_option or profile_option
the data, or FALSE if something went wrong
isDataRestricted( table, row) :
Checks if a raw data pointer is public data (return value FALSE) or if yes who the authorised admins to view it are (return array of user IDs)
which database table is this about
row index of the table
FALSE if the data is public, an array of owners of the data if it is NOT public
createTemporaryDirectory( purpose = installer, failIsFatal = 1) : mixed|string|int
create a temporary directory and return the location
one of 'installer', 'logo', 'test' defined the purpose of the directory
decides if a creation failure should cause an error; defaults to true
the tuple of: base path, absolute path for directory, directory name
isFederationAdmin( federation) :
This function checks whether a user is a federation administrator. When called without argument, it only checks if the user is a federation administrator of *any* federation. When given a parameter (ISO shortname of federation), it checks if the user administers this particular federation.
optional: federation to be checked
TRUE if the user is federation admin, FALSE if not
findLoginIdPByEmail( mail) : bool|array
Some users apparently forget which eduGAIN/social ID they originally used to log into CAT. We can try to help them: if they tell us the email address by which they received the invitation token, then we can see if any CAT IdPs are associated to an account which originally came in via that email address. We then see which pretty-print auth provider name was used
the list of auth source IdPs we found for the mail, or FALSE if none found or invalid input
retrieveOptionsFromDatabase( query, level) : mixed|string|int
retrieve attributes from a database. Only does SELECT queries.
sub-classes set the query to execute to get to the options
the retrieved options get flagged with this "level" identifier
the attributes in one array