Closed jrchamp closed 6 years ago
@michaelryanmcneill If you have any questions, please ask. I feel pretty good about the code, but I'd like a critical second opinion.
I want to make sure that we still support the constants. Can you add that support in? I'll get it merged once that happens.
Ok, I've added the check for SHIBBOLETH_DEFAULT_ROLE. It looks like the readme and admin-options already have this constant in place.
Do you want me to modify this sentence?
Leave this constant empty
''
to make the default no allowed access.
It might be fine as is, but I get the feeling that "no role" is more accurate than "no access".
Sorry for the delay, I've just been swamped. Trying to get eyes on this to get a release moving.
shibboleth_get_user_role()
is currently used for three things:The third use is not valid.
shibboleth_create_new_user()
already checks whether accounts can be created.shibboleth_authenticate_user()
already checks to make sure an account exists. And most importantly, if the user account exists and is already tied to Shibboleth, our job as an authentication mechanism is to map the user to the user's account. Authorization should be done by WordPress based on roles that have been assigned to the user.With this change in place, a couple things start working:
shibboleth_create_accounts
is disabled andshibboleth_update_roles
is enabled, the default role is correctly set.shibboleth_create_accounts
is enabled andshibboleth_default_role
is blank, users can log in. (Fixes #36)