should also add something about roles to the project page now that rc1 is out.

CommentFileSizeAuthor
#2 rolemapping.jpg89.48 KBkatrialesser
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

Olarin’s picture

Olarin CreditAttribution: Olarin commented
Status: Active » Needs review

I added the following description to Role Mappings. Would appreciate some community input on whether this description actually makes any sense / is helpful.

Specify the roles you want to assign from attributes, and the CAS attributes that will assign them. Whenever a user's CAS attributes are fetched, they will gain any of the managed roles which are listed in one of the specified attributes. The user will also lose any managed role which is not listed in the specified attributes, even if they had it previously. This behaviour is not affected by the "Overwrite existing values" setting above.
The CAS attributes must specify roles by their name (not their ID, since that is site-specific).

katrialesser’s picture

katrialesser CreditAttribution: katrialesser commented
FileSize
rolemapping.jpg89.48 KB

Alright, I'm responding based on your comment here.

"The name of the attribute is not what's important, it's what's inside it (in PHP array parlance, what we care about here is the value, not the key). So if the name of your attribute-managed role is "activeparttimeinstructor", for instance, then whether a user gets that role is dependent upon whether one of the attributes you specified has a value of "activeparttimeinstructor" for that user. (So if you specified a Role Mapping attribute named status (or department, or activeparttimeinstructor, or purplemonkeydishwasher, or anything really) and it has a value of "activeparttimeinstructor", the role will be given; but if you specified an attribute named activeparttimeinstructor and it simply has a value of TRUE, or 1, or "yes", or anything other than "activeparttimeinstructor", the role will not be given.) Attributes can be multivalued - so you can specify multiple roles for a user in one attribute - but you can also use multiple attributes, and the role will be given if it is present in any of them."

Hmmm. I'm just dealing with one role, one attribute.
So, my attribute names & attribute values are not the same, i have values of 'true's and 'falses' in most cases. So, if my attribute is called "activeparttimeinstructor" and i want the role to be assigned if it has a value of true, what syntax do I use in the field for attributes?

i.e.
activeparttimeinstructor:true
activeparttimeinstructor-true
activeparttimeinstructor,true

katrialesser’s picture

katrialesser CreditAttribution: katrialesser commented

I'm assuming it is possible to use attributes that have values not equal to the name of the attribute, so I think the help text should have an example for how you specify the value of the attribute as well.

Thanks so much! :)

katrialesser’s picture

katrialesser CreditAttribution: katrialesser commented

Alright, I think i misread your comment. So, my role is 'faculty' so in order for it to work, i would need to enter my attribute (activeparttimeinstructor) in the attribute field & then the value would need to be 'faculty'. Is that correct?

Is there a way to specify 3 different things - an attribute NAME, an attribute VALUE, and a role Name - all different from each other..? Sorry for so many comments.

Olarin’s picture

Olarin CreditAttribution: Olarin commented

#4-1: yes, I think you have it now.

#4-2: no, it is not currently possible to do that. I suppose we could change the way the mapping works to accommodate that, but I have some reservations about it:

  • it would be a significant rewrite
  • it would make the interface more complicated
  • it would get especially complicated when figuring out how to flexibly accommodate multivalued attributes
  • the current system works very effectively with the roles attribute that the server sub-module of the Drupal CAS module provides

That being said, I'm willing to consider any patches that anyone wants to contribute, but for now I'm more interested in finding a good way to document the functionality we already have.

katrialesser’s picture

katrialesser CreditAttribution: katrialesser commented

Yeah, I think it sounds like nice capability but a lot of work, and more complicated...

Alright, so here's what I am thinking. I modify some code in the module:
Find the array and put in a If [token] = true, rewrite = 'activeparttimeinstructor' or 'faculty' and then the value will be the way I need it to be.

does that sound like a good option, or are there any problems with doing that?
thanks!

katrialesser’s picture

katrialesser CreditAttribution: katrialesser commented

I have created a role called 'true' and 'false' to test, until I can modify the attribute values. But it's not working for me, I just want to double check that I'm doing this correctly.
Role is 'true'
attribute i'm testing with is 'activeeligibletoregisterstudent' in the field box (the one with example 'departments' - NOT using token format)
value is 'true'

And that should be mapping the role to the user who has a value of true, correct? I can't see anything wrong with my setup right now. thanks for your time :)

katrialesser’s picture

katrialesser CreditAttribution: katrialesser commented

Alright, I found the issue. If you go into the module code and check what the attributes are, they were different than the ones returned on the list seen at ../admin/config/people/cas/attributes/cas
so I went there and made the couple slight changes (capitalization) and got it working.
I also edited the values so they weren't 'true' so I could have differently named roles.
hopefully that helps somebody else looking for this solution..

bircher’s picture

bircher
Location 🇨🇿
CreditAttribution: bircher commented

#4-2 that was exactly what I needed though.
Back when I was considering the options cas_attributes_roles was lacking the documentation and was going to be moved to cas_attributes. Now finally I understood the way it works.

So I made my own module (cas_roles) which is most probably less performant than this one but gives me the much needed flexibility.

The documentation is indeed the most difficult thing.

For me the following would be helpful for the behavior of cas_attributes:
List the name of the phpCAS attributes which may contain names of the managed drupal roles. List one attribute per line. if the role name is present in at least of the attributes the role is assigned, if it is in none the role is removed.

See you!

franckdg’s picture

franckdg CreditAttribution: franckdg commented

Hello,
I'm sorry to disturb your conversation but I don't really understood how the role mapping work.
You said : "they will gain any of the managed roles which are listed in one of the specified attributes"
so for example the attribut is "etablissement" and the value is "my_work", I had to create a role named "my_work" to automatically gain this role ?

The proposition of #2 is interesting "etablissement:my_work" will gain the role( whatever is name) and etablissement:your_work" will not gain the role.

Thanks

Olarin’s picture

Olarin CreditAttribution: Olarin commented

franckdg: it sounds like you are understanding the behaviour correctly. In order for a user to receive a managed role, the name of that role must be present as the *value* of one of the specified attributes.

I just made a 1.0-rc2 release where I tried to improve the description text for the Role Mapping settings, including making use of bircher's description above which I think was a bit clearer than mine. Again, any feedback appreciated.

katrialesser’s picture

katrialesser CreditAttribution: katrialesser commented

I don't know if it will help you guys trying to use this module, but with the issue of the values not being what your roles are called, this code might help:

 foreach ($attributes_to_check as $attribute) {
		$attribute = trim($attribute);
	//dpr(array_key_exists(trim($attribute),$user_attributes));
      if (isset($user_attributes[$attribute])) {
        if (is_array($user_attributes[$attribute])) {
          $cas_user_roles = array_merge($cas_user_roles, $user_attributes[$attribute]);
        }
        else {
			//dpr($attribute);
			switch (trim($attribute)) {

				case 'activeParttimeInstructor':
				//dpr('test1');
				if($user_attributes[$attribute] == 'true') {
					$cas_user_roles[] = 'adjunctfaculty';
				}
					break;
					
				case 'activeFulltimeInstructor':
								//dpr('test2');
				if($user_attributes[$attribute] == 'true') {
					$cas_user_roles[] = 'fulltimefaculty';
				}
					break;
				case 'inactiveParttimeInstructor':
								//dpr('test3');
					if($user_attributes[$attribute] == 'true') {
						$cas_user_roles[] = ' retiredptfaculty';
					}
					break;
				case 'inactiveFulltimeInstructor':
								//dpr('test3');
					if($user_attributes[$attribute] == 'true') {
						$cas_user_roles[] = ' retiredfullfaculty';
					}
					break;
				case 'activeEligibletoRegisterStudent':
								//dpr('test3');
					if($user_attributes[$attribute] == 'true') {
						$cas_user_roles[] = 'student';
					}
					break;
				default:
								//dpr('testdefault');
				if(array_key_exists($attribute,$user_attributes)){
						$cas_user_roles[] = $user_attributes[$attribute];						
				}
				

				
			}
          
        }
      }
    }

basically i just have changed values to the roles i need them to be. then i have several roles in use here

Olarin’s picture

Olarin CreditAttribution: Olarin commented
Status: Needs review » Fixed

If no one else has any more feedback on improving the help text then I think this issue has run its course.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.