Révision 32700c57
Ajouté par Assos Assos il y a environ 5 ans
| drupal7/sites/all/modules/ldap/ldap_authorization/LdapAuthorizationConsumerAbstract.class.php | ||
|---|---|---|
| 66 | 66 |
*/ |
| 67 | 67 |
public $editLink; |
| 68 | 68 |
|
| 69 |
public $emptyConsumer = array(
|
|
| 69 |
public $emptyConsumer = [
|
|
| 70 | 70 |
'exists' => TRUE, |
| 71 | 71 |
'value' => NULL, |
| 72 | 72 |
'name' => NULL, |
| 73 | 73 |
'map_to_string' => NULL, |
| 74 |
);
|
|
| 74 |
];
|
|
| 75 | 75 |
|
| 76 | 76 |
/** |
| 77 | 77 |
* @property boolean $allowConsumerObjectCreation |
| ... | ... | |
| 95 | 95 |
* @property array $defaultConsumerConfProperties |
| 96 | 96 |
* default properties for consumer admin UI form |
| 97 | 97 |
*/ |
| 98 |
public $defaultConsumerConfProperties = array(
|
|
| 98 |
public $defaultConsumerConfProperties = [
|
|
| 99 | 99 |
'onlyApplyToLdapAuthenticated' => TRUE, |
| 100 | 100 |
'useMappingsAsFilter' => TRUE, |
| 101 | 101 |
'synchOnLogon' => TRUE, |
| 102 | 102 |
'revokeLdapProvisioned' => TRUE, |
| 103 | 103 |
'regrantLdapProvisioned' => TRUE, |
| 104 | 104 |
'createConsumers' => TRUE, |
| 105 |
);
|
|
| 105 |
];
|
|
| 106 | 106 |
|
| 107 | 107 |
/** |
| 108 | 108 |
* Constructor Method. |
| ... | ... | |
| 127 | 127 |
} |
| 128 | 128 |
|
| 129 | 129 |
/** |
| 130 |
* Function to normalize mappings |
|
| 131 |
* should be overridden when mappings are not stored as map|authorization_id format |
|
| 130 |
* Function to normalize mappings. |
|
| 131 |
* |
|
| 132 |
* Should be overridden when mappings are not stored as map|authorization_id format |
|
| 132 | 133 |
* where authorization_id is the format returned by |
| 133 |
* LdapAuthorizationConsumerAbstract::usersAuthorizations()
|
|
| 134 |
* LdapAuthorizationConsumerAbstract::usersAuthorizations() |
|
| 134 | 135 |
* |
| 135 | 136 |
* For example ldap_authorization_og may store mapping target as: |
| 136 |
* Campus Accounts|group-name=knitters,role-name=administrator member. |
|
| 137 |
* Campus Accounts|group-name=knitters,role-name=administrator member |
|
| 138 |
* normalized mappings are of form such as for organic groups: |
|
| 139 |
* [ |
|
| 140 |
* [ |
|
| 141 |
* 'from' => 'students', |
|
| 142 |
* 'normalized' => 'node:21:1', |
|
| 143 |
* 'simplified' => 'node:students:member', |
|
| 144 |
* 'user_entered' => 'students' |
|
| 145 |
* 'valid' => TRUE, |
|
| 146 |
* 'error_message' => '', |
|
| 147 |
* ], |
|
| 148 |
* ... |
|
| 149 |
* ] |
|
| 137 | 150 |
* |
| 138 |
* normalized mappings are of form such as for organic groups: |
|
| 151 |
* Or for Drupal role where rid 3 is moderator and rid 2 is admin: |
|
| 152 |
* [ |
|
| 153 |
* [ |
|
| 154 |
* 'from' => 'students', |
|
| 155 |
* 'normalized' => '2', |
|
| 156 |
* 'simplified' => 'admin', |
|
| 157 |
* 'user_entered' => 'admin', |
|
| 158 |
* 'valid' => TRUE, |
|
| 159 |
* 'error_message' => '', |
|
| 160 |
* ], |
|
| 161 |
* ... |
|
| 162 |
* ] |
|
| 139 | 163 |
* |
| 140 |
* array( |
|
| 141 |
array( |
|
| 142 |
'from' => 'students', |
|
| 143 |
'normalized' => 'node:21:1', |
|
| 144 |
'simplified' => 'node:students:member', |
|
| 145 |
'user_entered' => 'students' |
|
| 146 |
'valid' => TRUE, |
|
| 147 |
'error_message' => '', |
|
| 148 |
), |
|
| 149 |
|
|
| 150 |
... |
|
| 151 |
) |
|
| 152 |
|
|
| 153 |
* or for drupal role where rid 3 is moderator and rid 2 is admin: |
|
| 154 |
* array( |
|
| 155 |
array( |
|
| 156 |
'from' => 'students', |
|
| 157 |
'normalized' => '2', |
|
| 158 |
'simplified' => 'admin', |
|
| 159 |
'user_entered' => 'admin', |
|
| 160 |
'valid' => TRUE, |
|
| 161 |
'error_message' => '', |
|
| 162 |
), |
|
| 163 |
... |
|
| 164 |
) |
|
| 165 |
|
|
| 166 |
where 'normalized' is in id format and 'simplified' is user shorthand |
|
| 167 |
) |
|
| 164 |
* Where 'normalized' is in id format and 'simplified' is user shorthand. |
|
| 168 | 165 |
*/ |
| 169 | 166 |
public function normalizeMappings($mappings) {
|
| 170 | 167 |
return $mappings; |
| ... | ... | |
| 321 | 318 |
protected function grantsAndRevokes($op, &$user, &$user_auth_data, $consumers, &$ldap_entry = NULL, $user_save = TRUE) {
|
| 322 | 319 |
|
| 323 | 320 |
if (!is_array($user_auth_data)) {
|
| 324 |
$user_auth_data = array();
|
|
| 321 |
$user_auth_data = [];
|
|
| 325 | 322 |
} |
| 326 | 323 |
|
| 327 | 324 |
$detailed_watchdog_log = variable_get('ldap_help_watchdog_detail', 0);
|
| 328 | 325 |
$this->sortConsumerIds($op, $consumers); |
| 329 |
$results = array();
|
|
| 330 |
$watchdog_tokens = array();
|
|
| 326 |
$results = [];
|
|
| 327 |
$watchdog_tokens = [];
|
|
| 331 | 328 |
$watchdog_tokens['%username'] = $user->name; |
| 332 | 329 |
$watchdog_tokens['%action'] = $op; |
| 333 | 330 |
$watchdog_tokens['%user_save'] = $user_save; |
| 334 |
$consumer_ids_log = array();
|
|
| 331 |
$consumer_ids_log = [];
|
|
| 335 | 332 |
$users_authorization_ids = $this->usersAuthorizations($user); |
| 336 | 333 |
$watchdog_tokens['%users_authorization_ids'] = join(', ', $users_authorization_ids);
|
| 337 | 334 |
if ($detailed_watchdog_log) {
|
| ... | ... | |
| 351 | 348 |
if ($user_has_authorization && !$user_has_authorization_recorded) {
|
| 352 | 349 |
// Grant case 1: authorization id already exists for user, but is not ldap provisioned. mark as ldap provisioned, but don't regrant. |
| 353 | 350 |
$results[$consumer_id] = TRUE; |
| 354 |
$user_auth_data[$consumer_id] = array(
|
|
| 351 |
$user_auth_data[$consumer_id] = [
|
|
| 355 | 352 |
'date_granted' => time(), |
| 356 | 353 |
'consumer_id_mixed_case' => $consumer_id, |
| 357 |
);
|
|
| 354 |
];
|
|
| 358 | 355 |
} |
| 359 | 356 |
elseif (!$user_has_authorization && $consumer['exists']) {
|
| 360 | 357 |
// Grant case 2: consumer exists, but user is not member. grant authorization |
| 361 | 358 |
// allow consuming module to add additional data to $user_auth_data. |
| 362 | 359 |
$results[$consumer_id] = $this->grantSingleAuthorization($user, $consumer_id, $consumer, $user_auth_data, $user_save); |
| 363 |
$existing = empty($user_auth_data[$consumer_id]) ? array() : $user_auth_data[$consumer_id];
|
|
| 364 |
$user_auth_data[$consumer_id] = $existing + array(
|
|
| 360 |
$existing = empty($user_auth_data[$consumer_id]) ? [] : $user_auth_data[$consumer_id];
|
|
| 361 |
$user_auth_data[$consumer_id] = $existing + [
|
|
| 365 | 362 |
'date_granted' => time(), |
| 366 | 363 |
'consumer_id_mixed_case' => $consumer_id, |
| 367 |
);
|
|
| 364 |
];
|
|
| 368 | 365 |
} |
| 369 | 366 |
elseif ($consumer['exists'] !== TRUE) {
|
| 370 | 367 |
// Grant case 3: something is wrong. consumers should have been created before calling grantsAndRevokes. |
| ... | ... | |
| 544 | 541 |
public function validateAuthorizationMappingTarget($mapping, $form_values = NULL, $clear_cache = FALSE) {
|
| 545 | 542 |
$message_type = NULL; |
| 546 | 543 |
$message_text = NULL; |
| 547 |
return array($message_type, $message_text);
|
|
| 544 |
return [$message_type, $message_text];
|
|
| 548 | 545 |
} |
| 549 | 546 |
|
| 550 | 547 |
} |
Formats disponibles : Unified diff
Weekly update of contrib modules