Index: auth.php
===================================================================
RCS file: /cvsroot/moodle/contrib/plugins/auth/saml/auth.php,v
retrieving revision 1.4
diff -u -r1.4 auth.php
--- auth.php	21 Jan 2010 16:47:45 -0000	1.4
+++ auth.php	26 Jan 2010 14:28:08 -0000
@@ -185,7 +185,10 @@
         if (!isset ($config->attrcreators)) {
             $config->attrcreators = '';
         }
-        
+        if (!isset ($config->unassigncreators)) {
+            $config->unassigncreators = '';
+        }
+
         // save settings
         set_config('username',        $config->username,        'auth/saml');
         set_config('dologout',        $config->dologout,        'auth/saml');
@@ -193,6 +196,7 @@
         set_config('duallogin',       $config->duallogin,       'auth/saml');
         set_config('memberattribute', $config->memberattribute, 'auth/saml');
         set_config('attrcreators',    $config->attrcreators,    'auth/saml');
+        set_config('unassigncreators',$config->unassigncreators,'auth/saml');
         
         return true;
     }
@@ -228,7 +232,9 @@
             	role_assign($creatorrole->id, $user->id, 0, $systemcontext->id, 0, 0, 0, 'saml');
             }
             else {
-            	role_unassign($creatorrole->id, $user->id, 0, $systemcontext->id, 'saml');
+                if($this->config->unassigncreators){
+                    role_unassign($creatorrole->id, $user->id, 0, $systemcontext->id, 'saml');
+                }
             }
         }
     }
@@ -241,16 +247,18 @@
     */
     function iscreator($login_attributes) {
         if (isset($this->config->memberattribute) && isset($login_attributes[$this->config->memberattribute])) {
-        	$memberof = $login_attributes[$this->config->memberattribute];
-        	$creatorid = $this->config->attrcreators;
-        	foreach ($memberof as $m) {
-        		if($m === $creatorid) {
-        			return true;
-        		}
-        	}
+            $memberof = $login_attributes[$this->config->memberattribute];
+            $attrs = explode(";", $this->config->attrcreators);
+            foreach ($attrs as $attr) {
+                foreach ($memberof as $m) {
+                    if($m === $attr) {
+                        return true;
+                    }
+                }
+            }
         }
         return false;
     }
 }
 
-?>
\ No newline at end of file
+?>
Index: config.html
===================================================================
RCS file: /cvsroot/moodle/contrib/plugins/auth/saml/config.html,v
retrieving revision 1.4
diff -u -r1.4 config.html
--- config.html	21 Jan 2010 16:47:45 -0000	1.4
+++ config.html	26 Jan 2010 14:28:08 -0000
@@ -38,7 +38,9 @@
     if (!isset ($config->attrcreators)) {
         $config->attrcreators = '';
     }
-
+    if (!isset ($config->unassigncreators)) {
+        $config->unassigncreators = '';
+    }
 ?>
 <table cellspacing="0" cellpadding="5" border="0">
 <tr valign="top" class="required">
@@ -111,6 +113,13 @@
     </td>
 </tr>
 
+<tr valign="top">
+    <td align="right"><?php print_string("auth_saml_unassigncreators", "auth_saml"); ?>:</td>
+    <td>
+        <input name="unassigncreators" type="checkbox" <?php if($config->unassigncreators) echo "CHECKED"; ?>" />
+    </td>
+    <td><?php print_string("auth_saml_unassigncreators_description", "auth_saml"); ?></td>
+</tr>
 
 <?php
 
Index: config.php
===================================================================
RCS file: /cvsroot/moodle/contrib/plugins/auth/saml/config.php,v
retrieving revision 1.4
diff -u -r1.4 config.php
--- config.php	21 Jan 2010 16:47:45 -0000	1.4
+++ config.php	26 Jan 2010 14:28:08 -0000
@@ -16,8 +16,8 @@
  */
 
 
-$SIMPLESAMLPHP_LIB = '/home/piers/git/public/simplesamlphp';
-$SIMPLESAMLPHP_CONFIG = '/home/piers/git/public/simplesamlphp/config';
+$SIMPLESAMLPHP_LIB = '/var/simplesamlphp-trunk';
+$SIMPLESAMLPHP_CONFIG = '/var/simplesamlphp-trunk/config';
 $SIMPLESAMLPHP_SP = 'default-sp';
 
 // change this to something specific if you don't want users to be sent to
Index: lang/en_utf8/auth_saml.php
===================================================================
RCS file: /cvsroot/moodle/contrib/plugins/auth/saml/lang/en_utf8/auth_saml.php,v
retrieving revision 1.4
diff -u -r1.4 auth_saml.php
--- lang/en_utf8/auth_saml.php	21 Jan 2010 16:47:45 -0000	1.4
+++ lang/en_utf8/auth_saml.php	26 Jan 2010 14:28:08 -0000
@@ -22,7 +22,9 @@
 $string['auth_saml_memberattribute'] = 'Member attribute';
 $string['auth_saml_memberattribute_description'] = 'Optional: Overrides user member attribute, when user belongs to a group. Usually \'member\'';
 $string['auth_saml_attrcreators'] = 'Attribute creators';
-$string['auth_saml_attrcreators_description'] = 'List of groups or contexts whose members are allowed to create attributes.';
+$string['auth_saml_attrcreators_description'] = 'List of groups or contexts whose members are allowed to create attributes. Separate multiple groups with \';\'. Usually something like \'cn=teachers,ou=staff,o=myorg\'';
+$string['auth_saml_unassigncreators'] = 'Unassign creators';
+$string['auth_saml_unassigncreators_description'] = 'Unassign creators role if unmatch specified condition.';
 
 $string['retriesexceeded'] = 'Maximum number of retries exceeded ($a) - there must be a problem with the Identity Service';
 $string['pluginauthfailed'] = 'The SAML authentication plugin failed - user $a disallowed or dual login disabled';
Index: lang/ja_utf8/auth_saml.php
===================================================================
RCS file: /cvsroot/moodle/contrib/plugins/auth/saml/lang/ja_utf8/auth_saml.php,v
retrieving revision 1.1
diff -u -r1.1 auth_saml.php
--- lang/ja_utf8/auth_saml.php	21 Jan 2010 16:50:47 -0000	1.1
+++ lang/ja_utf8/auth_saml.php	26 Jan 2010 14:28:08 -0000
@@ -23,7 +23,9 @@
 $string['auth_saml_memberattribute_description'] = '任意: ユーザーが属するグループ属性を上書きします. 通常 \'member\' です';
 
 $string['auth_saml_attrcreators'] = '属性作成者';
-$string['auth_saml_attrcreators_description'] = 'メンバーがグループの作成を許可されているグループまたはコンテクストの一覧です。';
+$string['auth_saml_attrcreators_description'] = 'メンバーがグループの作成を許可されているグループまたはコンテクストのリストです。複数のグループを指定する時は \';\'(セミコロン)で区切ります。';
+$string['auth_saml_unassigncreators'] = 'コース作成者権限の剥奪';
+$string['auth_saml_unassigncreators_description'] = '設定した条件にマッチしない場合にコース作成者権限を剥奪します。';
 
 $string['retriesexceeded'] = '最大リトライ回数に達しました ($a) - アイデンティティサービスに問題がある可能性があります。';
 $string['pluginauthfailed'] = 'SAML 認証プラグインは失敗しました - ユーザー $a は無効かデュアルログインが無効です。';