Révision 32700c57
Ajouté par Assos Assos il y a environ 5 ans
drupal7/sites/all/modules/ldap/ldap_authorization/ldap_authorization.inc | ||
---|---|---|
5 | 5 |
* Bulk of authorization code executed to determine a users authorizations. |
6 | 6 |
*/ |
7 | 7 |
|
8 |
// Remove after testing. |
|
9 | 8 |
/** |
10 |
* |
|
9 |
* Unclear.
|
|
11 | 10 |
*/ |
12 |
|
|
13 | 11 |
function ldap_authorization_help_watchdog() { |
14 | 12 |
|
15 | 13 |
$path = drupal_get_path("module", "ldap_help"); |
16 | 14 |
$_content = ""; |
17 | 15 |
if (module_exists('dblog')) { |
18 | 16 |
include_once drupal_get_path('module', 'dblog') . '/dblog.admin.inc'; |
19 |
$_SESSION['dblog_overview_filter']['type'] = array('ldap' => 'ldap');
|
|
17 |
$_SESSION['dblog_overview_filter']['type'] = ['ldap' => 'ldap'];
|
|
20 | 18 |
$_content .= "<h3>" . t('LDAP Watchdog Errors and Notifications') . "</h3>"; |
21 | 19 |
$overview = dblog_overview(); |
22 | 20 |
$_content .= render($overview); |
... | ... | |
63 | 61 |
function _ldap_authorizations_user_authorizations(&$user, $op, $consumer_type, $context) { |
64 | 62 |
$debug = FALSE; |
65 | 63 |
$detailed_watchdog_log = variable_get('ldap_help_watchdog_detail', 0); |
66 |
$authorizations = array();
|
|
67 |
$notifications = array();
|
|
68 |
$watchdog_tokens = array('%username' => $user->name);
|
|
64 |
$authorizations = [];
|
|
65 |
$notifications = [];
|
|
66 |
$watchdog_tokens = ['%username' => $user->name];
|
|
69 | 67 |
$consumers = ldap_authorization_get_consumers($consumer_type, TRUE, FALSE); |
70 | 68 |
|
71 | 69 |
$servers = ldap_servers_get_servers(NULL, 'enabled', TRUE); |
... | ... | |
79 | 77 |
} |
80 | 78 |
$notifications['all'] = LDAP_AUTHORIZATION_NOT_APPLY_USER_1; |
81 | 79 |
foreach ($consumers as $consumer_type => $consumer) { |
82 |
$authorizations[$consumer_type] = array();
|
|
80 |
$authorizations[$consumer_type] = [];
|
|
83 | 81 |
} |
84 |
return array($authorizations, $notifications);
|
|
82 |
return [$authorizations, $notifications];
|
|
85 | 83 |
} |
86 | 84 |
|
87 | 85 |
/** |
... | ... | |
97 | 95 |
$watchdog_tokens['%ldap_authenticated'] = ($ldap_authenticated) ? 'yes' : 'no'; |
98 | 96 |
|
99 | 97 |
foreach ($consumers as $consumer_type => $consumer) { |
100 |
$authorizations[$consumer_type] = array();
|
|
98 |
$authorizations[$consumer_type] = [];
|
|
101 | 99 |
/** |
102 | 100 |
* each consumer type has only one consumer conf and each consumer conf has only one ldap server id (sid) |
103 | 101 |
* so there is a one-to-one-to-one relationship between: |
... | ... | |
111 | 109 |
if (!$consumer->consumerConf->status) { |
112 | 110 |
continue; |
113 | 111 |
} |
114 |
$proposed_ldap_authorizations = array();
|
|
112 |
$proposed_ldap_authorizations = [];
|
|
115 | 113 |
$watchdog_tokens['%consumer_type'] = $consumer_type; |
116 | 114 |
$watchdog_tokens['%sid'] = $consumer->consumerConf->sid; |
117 | 115 |
|
... | ... | |
189 | 187 |
foreach ($proposed_ldap_authorizations as $key => $authorization_id) { |
190 | 188 |
if ($consumer->consumerConf->useFirstAttrAsGroupId) { |
191 | 189 |
$attr_parts = ldap_explode_dn($authorization_id, 0); |
192 |
if (count($attr_parts) > 0) { |
|
190 |
if (!empty($attr_parts) && count($attr_parts) > 0) {
|
|
193 | 191 |
$first_part = explode('=', $attr_parts[0]); |
194 | 192 |
if (count($first_part) > 1) { |
195 | 193 |
$authorization_id = ldap_pear_unescape_dn_value(trim($first_part[1])); |
... | ... | |
211 | 209 |
} |
212 | 210 |
|
213 | 211 |
if ($detailed_watchdog_log || $debug) { |
214 |
$_proposed_ldap_authorizations = is_array($proposed_ldap_authorizations) ? $proposed_ldap_authorizations : array();
|
|
212 |
$_proposed_ldap_authorizations = is_array($proposed_ldap_authorizations) ? $proposed_ldap_authorizations : [];
|
|
215 | 213 |
$watchdog_tokens['%proposed_authorizations'] = join(', ', $_proposed_ldap_authorizations); |
216 | 214 |
} |
217 | 215 |
if ($detailed_watchdog_log) { |
... | ... | |
229 | 227 |
* an array of filtered and mapped authorization ids |
230 | 228 |
*/ |
231 | 229 |
|
232 |
$filtered_ldap_authorizations = array();
|
|
230 |
$filtered_ldap_authorizations = [];
|
|
233 | 231 |
// Filter + map. |
234 | 232 |
if ($consumer->consumerConf->useMappingsAsFilter) { |
235 | 233 |
foreach ($consumer->consumerConf->mappings as $mapping_filter) { |
236 | 234 |
$map_from = $mapping_filter['from']; |
237 | 235 |
$map_to = $mapping_filter['normalized']; |
238 | 236 |
if (isset($proposed_ldap_authorizations[drupal_strtolower($map_from)])) { |
239 |
$filtered_ldap_authorizations[drupal_strtolower($map_to)] = array('map_to_string' => $map_to, 'exists' => NULL);
|
|
237 |
$filtered_ldap_authorizations[drupal_strtolower($map_to)] = ['map_to_string' => $map_to, 'exists' => NULL];
|
|
240 | 238 |
} |
241 | 239 |
} |
242 | 240 |
} |
... | ... | |
250 | 248 |
$map_from_key = array_search(drupal_strtolower($map_from), array_keys($proposed_ldap_authorizations)); |
251 | 249 |
if ($map_from_key !== FALSE) { |
252 | 250 |
// Remove non mapped authorization. |
253 |
$_authorizations = array_diff($_authorizations, array($map_from));
|
|
254 |
$_authorizations = array_diff($_authorizations, array(drupal_strtolower($map_from)));
|
|
251 |
$_authorizations = array_diff($_authorizations, [$map_from]);
|
|
252 |
$_authorizations = array_diff($_authorizations, [drupal_strtolower($map_from)]);
|
|
255 | 253 |
// Add mapped authorization. |
256 | 254 |
$_authorizations[] = $map_to; |
257 |
// Remove map from;. |
|
258 | 255 |
} |
259 | 256 |
} |
260 | 257 |
} |
261 | 258 |
foreach ($_authorizations as $i => $authorization_id) { |
262 |
$filtered_ldap_authorizations[drupal_strtolower($authorization_id)] = array(
|
|
259 |
$filtered_ldap_authorizations[drupal_strtolower($authorization_id)] = [
|
|
263 | 260 |
'map_to_string' => $authorization_id, |
264 | 261 |
'exists' => NULL, |
265 | 262 |
'value' => $authorization_id, |
266 |
);
|
|
263 |
];
|
|
267 | 264 |
} |
268 | 265 |
} |
269 | 266 |
|
... | ... | |
274 | 271 |
* |
275 | 272 |
* @see ldap_authorization.api.php hook_ldap_authorization_authorizations_alter() notes |
276 | 273 |
*/ |
277 |
$params = array(
|
|
274 |
$params = [
|
|
278 | 275 |
'user' => $user, |
279 | 276 |
'ldap_user' => $ldap_user, |
280 | 277 |
'ldap_server' => $ldap_server, |
281 | 278 |
'consumer' => $consumer, |
282 |
);
|
|
279 |
];
|
|
283 | 280 |
|
284 | 281 |
drupal_alter('ldap_authorization_authorizations', $filtered_ldap_authorizations, $params); |
285 | 282 |
|
... | ... | |
294 | 291 |
} |
295 | 292 |
|
296 | 293 |
if ($op == 'test_query' || $op == 'test_query_set') { |
297 |
$display_authorizations = array();
|
|
294 |
$display_authorizations = [];
|
|
298 | 295 |
foreach ($filtered_ldap_authorizations as $consumer_id => $_consumer) { |
299 | 296 |
$display_authorizations[] = $_consumer['map_to_string']; |
300 | 297 |
} |
... | ... | |
324 | 321 |
$authorizations[$consumer_type] = $filtered_ldap_authorizations; |
325 | 322 |
} // end foreach $consumers |
326 | 323 |
|
327 |
return array($authorizations, $notifications);
|
|
324 |
return [$authorizations, $notifications];
|
|
328 | 325 |
|
329 | 326 |
} |
330 | 327 |
|
... | ... | |
334 | 331 |
* @param object $consumer |
335 | 332 |
* is instance of an authorization consumer class |
336 | 333 |
* such as LdapAuthorizationConsumerDrupalRole. |
337 |
* @param associative array of lower case authorization ids as keys and
|
|
334 |
* @param array of lower case authorization ids as keys and |
|
338 | 335 |
* mixed case strings as values $filtered_ldap_authorizations |
339 | 336 |
* all authorization ids a user is granted via ldap authorization configuration |
340 | 337 |
* @param object $ldap_entry |
... | ... | |
358 | 355 |
$initial_existing_ldap_authorizations = array_keys($user_auth_data); |
359 | 356 |
} |
360 | 357 |
else { |
361 |
$user_auth_data = array();
|
|
362 |
$initial_existing_ldap_authorizations = array();
|
|
358 |
$user_auth_data = [];
|
|
359 |
$initial_existing_ldap_authorizations = [];
|
|
363 | 360 |
} |
364 | 361 |
|
365 | 362 |
if ($test) { |
... | ... | |
391 | 388 |
*/ |
392 | 389 |
|
393 | 390 |
// Keys are lcase, values are mixed case. |
394 |
$existing_grants = array();
|
|
391 |
$existing_grants = [];
|
|
395 | 392 |
foreach ($grants as $i => $grant) { |
396 | 393 |
if (!empty($filtered_ldap_authorizations[$grant]['exists'])) { |
397 | 394 |
$existing_grants[$grant] = $filtered_ldap_authorizations[$grant]; |
... | ... | |
415 | 412 |
$revokes_lcase = $consumer->authorizationDiff($initial_existing_ldap_authorizations, array_keys($filtered_ldap_authorizations)); |
416 | 413 |
if (count($revokes_lcase)) { |
417 | 414 |
// Keys are lcase, values are mixed case. |
418 |
$revokes = array();
|
|
415 |
$revokes = [];
|
|
419 | 416 |
foreach ($revokes_lcase as $i => $revoke_lcase) { |
420 |
$revokes[$revoke_lcase] = array(
|
|
417 |
$revokes[$revoke_lcase] = [
|
|
421 | 418 |
'value' => NULL, |
422 | 419 |
'map_to_string' => NULL, |
423 | 420 |
'exists' => TRUE, |
424 |
);
|
|
421 |
];
|
|
425 | 422 |
} |
426 | 423 |
if ($test) { |
427 | 424 |
$_SESSION['ldap_authorization_test_query']['setting_data']['Revokes'] = $revokes; |
... | ... | |
440 | 437 |
*/ |
441 | 438 |
|
442 | 439 |
$uid = $user->uid; |
443 |
$user_edit = array('data' => $user->data);
|
|
444 |
$user_edit['data']['ldap_authorizations'] = empty($user->data['ldap_authorizations']) ? array() : $user->data['ldap_authorizations'];
|
|
440 |
$user_edit = ['data' => $user->data];
|
|
441 |
$user_edit['data']['ldap_authorizations'] = empty($user->data['ldap_authorizations']) ? [] : $user->data['ldap_authorizations'];
|
|
445 | 442 |
// Keep in good display order. |
446 | 443 |
$consumer->sortConsumerIds('grant', $user_auth_data); |
447 | 444 |
$user_edit['data']['ldap_authorizations'][$consumer->consumerType] = $user_auth_data; |
... | ... | |
491 | 488 |
function _ldap_authorization_ldap_authorization_maps_alter(&$user, &$user_ldap_entry, &$ldap_server, &$consumer_conf, &$authz_ids, $op) { |
492 | 489 |
|
493 | 490 |
$detailed_watchdog_log = variable_get('ldap_help_watchdog_detail', 0); |
494 |
$watchdog_tokens = array();
|
|
491 |
$watchdog_tokens = [];
|
|
495 | 492 |
|
496 | 493 |
// Groups extracted from user's DN. such as ou=IT => group = "IT". |
497 |
$derive_from_dn_authorizations = array();
|
|
494 |
$derive_from_dn_authorizations = [];
|
|
498 | 495 |
if ($rdn_values = $consumer_conf->server->groupUserMembershipsFromDn($user)) { |
499 | 496 |
$derive_from_dn_authorizations = array_combine($rdn_values, $rdn_values); |
500 | 497 |
} |
501 | 498 |
else { |
502 |
$derive_from_dn_authorizations = array();
|
|
499 |
$derive_from_dn_authorizations = [];
|
|
503 | 500 |
} |
504 | 501 |
if ($op == 'test_query' || $op == 'test_query_set') { |
505 | 502 |
$_SESSION['ldap_authorization_test_query']['maps']['Derive from DN'] = ($rdn_values) ? $derive_from_dn_authorizations : t('disabled'); |
... | ... | |
508 | 505 |
// Traditional groups (dns) |
509 | 506 |
$group_dns = $consumer_conf->server->groupMembershipsFromUser($user, 'group_dns'); |
510 | 507 |
if (!$group_dns) { |
511 |
$group_dns = array();
|
|
508 |
$group_dns = [];
|
|
512 | 509 |
} |
513 | 510 |
elseif (count($group_dns)) { |
514 | 511 |
$group_dns = array_unique($group_dns); |
... | ... | |
519 | 516 |
|
520 | 517 |
$values = array_merge($derive_from_dn_authorizations, $group_dns); |
521 | 518 |
$values = array_unique($values); |
522 |
$authz_ids = (count($values)) ? array_combine($values, $values) : array();
|
|
519 |
$authz_ids = (count($values)) ? array_combine($values, $values) : [];
|
|
523 | 520 |
if ($detailed_watchdog_log) { |
524 | 521 |
$watchdog_tokens['%username'] = $user->name; |
525 | 522 |
$watchdog_tokens['%ldap_server'] = $ldap_server->sid; |
Formats disponibles : Unified diff
Weekly update of contrib modules