Merge pull request #257 from epam/38315_sing-in

Make roles list configurable.
epam · Feb 6, 2025 · 4fdefaf · 4fdefaf
2 parents 04b46a2 + b09d2a3
commit 4fdefaf
Showing 1 changed file with 24 additions and 12 deletions.
diff --git a/modules/quanthub_core/src/EventSubscriber/OidcEventsSubscriber.php b/modules/quanthub_core/src/EventSubscriber/OidcEventsSubscriber.php
@@ -14,16 +14,9 @@
 class OidcEventsSubscriber implements EventSubscriberInterface {
 
   /**
-   * Roles mapping.
-   *
-   * @todo make configurable.
+   * Extra roles mapping.
    */
-  const ROLES = [
-    'Quanthub.DataPlatformBasic' => '',
-    'Quanthub.DataPlatformEnhanced' => '',
-    'Quanthub.DataPlatformMedia' => 'media',
-    'Quanthub.AiAssistant' => 'ai',
-  ];
+  const DEFAULT_ROLES = [];
 
   /**
    * The OpenID Connect session service.
@@ -32,6 +25,13 @@ class OidcEventsSubscriber implements EventSubscriberInterface {
    */
   protected $session;
 
+  /**
+   * The roles cache.
+   *
+   * @var array|null
+   */
+  private static $roles;
+
   /**
    * {@inheritdoc}
    */
@@ -60,6 +60,7 @@ public function onLogin(ExternalAuthLoginEvent $event) {
     $plugin_id = $this->session->getRealmPluginId();
     $provider = 'oidc:' . $this->session->getRealmPluginId();
     $roles_claim = $this->session->getJsonWebTokens()->getClaim('roles');
+    $roles_map = self::getRolesMap();
 
     // The provider must match the realm and provide the claim.
     if (!$plugin_id || $provider !== $event->getProvider() || $roles_claim === NULL) {
@@ -69,14 +70,14 @@ public function onLogin(ExternalAuthLoginEvent $event) {
     $account = $event->getAccount();
     $user_roles = $account->getRoles(TRUE);
     // Keep roles we don't track with SSO provider.
-    $oidc_roles = array_diff($user_roles, array_filter(self::ROLES));
+    $oidc_roles = array_diff($user_roles, array_filter($roles_map));
 
     if (is_array($roles_claim)) {
       foreach ($roles_claim as $role) {
-        if (empty(self::ROLES[$role])) {
+        if (empty($roles_map[$role])) {
           continue;
         }
-        $oidc_roles[] = self::ROLES[$role];
+        $oidc_roles[] = $roles_map[$role];
       }
     }
 
@@ -92,4 +93,15 @@ public function onLogin(ExternalAuthLoginEvent $event) {
     }
   }
 
+  /**
+   * Helper to get roles.
+   */
+  protected static function getRolesMap() {
+    if (!isset(self::$roles)) {
+      $roles = \Drupal::moduleHandler()->invokeAll('quanthub_core_roles');
+      self::$roles = $roles + self::DEFAULT_ROLES;
+    }
+    return self::$roles;
+  }
+
 }