Révision 32700c57
Ajouté par Assos Assos il y a environ 5 ans
drupal7/sites/all/modules/ldap/ldap_authorization/LdapAuthorizationConsumerAbstract.class.php | ||
---|---|---|
66 | 66 |
*/ |
67 | 67 |
public $editLink; |
68 | 68 |
|
69 |
public $emptyConsumer = array(
|
|
69 |
public $emptyConsumer = [
|
|
70 | 70 |
'exists' => TRUE, |
71 | 71 |
'value' => NULL, |
72 | 72 |
'name' => NULL, |
73 | 73 |
'map_to_string' => NULL, |
74 |
);
|
|
74 |
];
|
|
75 | 75 |
|
76 | 76 |
/** |
77 | 77 |
* @property boolean $allowConsumerObjectCreation |
... | ... | |
95 | 95 |
* @property array $defaultConsumerConfProperties |
96 | 96 |
* default properties for consumer admin UI form |
97 | 97 |
*/ |
98 |
public $defaultConsumerConfProperties = array(
|
|
98 |
public $defaultConsumerConfProperties = [
|
|
99 | 99 |
'onlyApplyToLdapAuthenticated' => TRUE, |
100 | 100 |
'useMappingsAsFilter' => TRUE, |
101 | 101 |
'synchOnLogon' => TRUE, |
102 | 102 |
'revokeLdapProvisioned' => TRUE, |
103 | 103 |
'regrantLdapProvisioned' => TRUE, |
104 | 104 |
'createConsumers' => TRUE, |
105 |
);
|
|
105 |
];
|
|
106 | 106 |
|
107 | 107 |
/** |
108 | 108 |
* Constructor Method. |
... | ... | |
127 | 127 |
} |
128 | 128 |
|
129 | 129 |
/** |
130 |
* Function to normalize mappings |
|
131 |
* should be overridden when mappings are not stored as map|authorization_id format |
|
130 |
* Function to normalize mappings. |
|
131 |
* |
|
132 |
* Should be overridden when mappings are not stored as map|authorization_id format |
|
132 | 133 |
* where authorization_id is the format returned by |
133 |
* LdapAuthorizationConsumerAbstract::usersAuthorizations()
|
|
134 |
* LdapAuthorizationConsumerAbstract::usersAuthorizations() |
|
134 | 135 |
* |
135 | 136 |
* For example ldap_authorization_og may store mapping target as: |
136 |
* Campus Accounts|group-name=knitters,role-name=administrator member. |
|
137 |
* Campus Accounts|group-name=knitters,role-name=administrator member |
|
138 |
* normalized mappings are of form such as for organic groups: |
|
139 |
* [ |
|
140 |
* [ |
|
141 |
* 'from' => 'students', |
|
142 |
* 'normalized' => 'node:21:1', |
|
143 |
* 'simplified' => 'node:students:member', |
|
144 |
* 'user_entered' => 'students' |
|
145 |
* 'valid' => TRUE, |
|
146 |
* 'error_message' => '', |
|
147 |
* ], |
|
148 |
* ... |
|
149 |
* ] |
|
137 | 150 |
* |
138 |
* normalized mappings are of form such as for organic groups: |
|
151 |
* Or for Drupal role where rid 3 is moderator and rid 2 is admin: |
|
152 |
* [ |
|
153 |
* [ |
|
154 |
* 'from' => 'students', |
|
155 |
* 'normalized' => '2', |
|
156 |
* 'simplified' => 'admin', |
|
157 |
* 'user_entered' => 'admin', |
|
158 |
* 'valid' => TRUE, |
|
159 |
* 'error_message' => '', |
|
160 |
* ], |
|
161 |
* ... |
|
162 |
* ] |
|
139 | 163 |
* |
140 |
* array( |
|
141 |
array( |
|
142 |
'from' => 'students', |
|
143 |
'normalized' => 'node:21:1', |
|
144 |
'simplified' => 'node:students:member', |
|
145 |
'user_entered' => 'students' |
|
146 |
'valid' => TRUE, |
|
147 |
'error_message' => '', |
|
148 |
), |
|
149 |
|
|
150 |
... |
|
151 |
) |
|
152 |
|
|
153 |
* or for drupal role where rid 3 is moderator and rid 2 is admin: |
|
154 |
* array( |
|
155 |
array( |
|
156 |
'from' => 'students', |
|
157 |
'normalized' => '2', |
|
158 |
'simplified' => 'admin', |
|
159 |
'user_entered' => 'admin', |
|
160 |
'valid' => TRUE, |
|
161 |
'error_message' => '', |
|
162 |
), |
|
163 |
... |
|
164 |
) |
|
165 |
|
|
166 |
where 'normalized' is in id format and 'simplified' is user shorthand |
|
167 |
) |
|
164 |
* Where 'normalized' is in id format and 'simplified' is user shorthand. |
|
168 | 165 |
*/ |
169 | 166 |
public function normalizeMappings($mappings) { |
170 | 167 |
return $mappings; |
... | ... | |
321 | 318 |
protected function grantsAndRevokes($op, &$user, &$user_auth_data, $consumers, &$ldap_entry = NULL, $user_save = TRUE) { |
322 | 319 |
|
323 | 320 |
if (!is_array($user_auth_data)) { |
324 |
$user_auth_data = array();
|
|
321 |
$user_auth_data = [];
|
|
325 | 322 |
} |
326 | 323 |
|
327 | 324 |
$detailed_watchdog_log = variable_get('ldap_help_watchdog_detail', 0); |
328 | 325 |
$this->sortConsumerIds($op, $consumers); |
329 |
$results = array();
|
|
330 |
$watchdog_tokens = array();
|
|
326 |
$results = [];
|
|
327 |
$watchdog_tokens = [];
|
|
331 | 328 |
$watchdog_tokens['%username'] = $user->name; |
332 | 329 |
$watchdog_tokens['%action'] = $op; |
333 | 330 |
$watchdog_tokens['%user_save'] = $user_save; |
334 |
$consumer_ids_log = array();
|
|
331 |
$consumer_ids_log = [];
|
|
335 | 332 |
$users_authorization_ids = $this->usersAuthorizations($user); |
336 | 333 |
$watchdog_tokens['%users_authorization_ids'] = join(', ', $users_authorization_ids); |
337 | 334 |
if ($detailed_watchdog_log) { |
... | ... | |
351 | 348 |
if ($user_has_authorization && !$user_has_authorization_recorded) { |
352 | 349 |
// Grant case 1: authorization id already exists for user, but is not ldap provisioned. mark as ldap provisioned, but don't regrant. |
353 | 350 |
$results[$consumer_id] = TRUE; |
354 |
$user_auth_data[$consumer_id] = array(
|
|
351 |
$user_auth_data[$consumer_id] = [
|
|
355 | 352 |
'date_granted' => time(), |
356 | 353 |
'consumer_id_mixed_case' => $consumer_id, |
357 |
);
|
|
354 |
];
|
|
358 | 355 |
} |
359 | 356 |
elseif (!$user_has_authorization && $consumer['exists']) { |
360 | 357 |
// Grant case 2: consumer exists, but user is not member. grant authorization |
361 | 358 |
// allow consuming module to add additional data to $user_auth_data. |
362 | 359 |
$results[$consumer_id] = $this->grantSingleAuthorization($user, $consumer_id, $consumer, $user_auth_data, $user_save); |
363 |
$existing = empty($user_auth_data[$consumer_id]) ? array() : $user_auth_data[$consumer_id];
|
|
364 |
$user_auth_data[$consumer_id] = $existing + array(
|
|
360 |
$existing = empty($user_auth_data[$consumer_id]) ? [] : $user_auth_data[$consumer_id];
|
|
361 |
$user_auth_data[$consumer_id] = $existing + [
|
|
365 | 362 |
'date_granted' => time(), |
366 | 363 |
'consumer_id_mixed_case' => $consumer_id, |
367 |
);
|
|
364 |
];
|
|
368 | 365 |
} |
369 | 366 |
elseif ($consumer['exists'] !== TRUE) { |
370 | 367 |
// Grant case 3: something is wrong. consumers should have been created before calling grantsAndRevokes. |
... | ... | |
544 | 541 |
public function validateAuthorizationMappingTarget($mapping, $form_values = NULL, $clear_cache = FALSE) { |
545 | 542 |
$message_type = NULL; |
546 | 543 |
$message_text = NULL; |
547 |
return array($message_type, $message_text);
|
|
544 |
return [$message_type, $message_text];
|
|
548 | 545 |
} |
549 | 546 |
|
550 | 547 |
} |
Formats disponibles : Unified diff
Weekly update of contrib modules