Révision 32700c57
Ajouté par Assos Assos il y a environ 5 ans
drupal7/sites/all/modules/ldap/ldap_authorization/ldap_authorization_og/LdapAuthorizationConsumerOG.class.php | ||
---|---|---|
22 | 22 |
public $allowConsumerObjectCreation = FALSE; |
23 | 23 |
public $defaultMembershipRid; |
24 | 24 |
public $anonymousRid; |
25 |
public $defaultConsumerConfProperties = array(
|
|
25 |
public $defaultConsumerConfProperties = [
|
|
26 | 26 |
'onlyApplyToLdapAuthenticated' => TRUE, |
27 | 27 |
'useMappingsAsFilter' => TRUE, |
28 | 28 |
'synchOnLogon' => TRUE, |
29 | 29 |
'revokeLdapProvisioned' => TRUE, |
30 | 30 |
'regrantLdapProvisioned' => TRUE, |
31 | 31 |
'createConsumers' => TRUE, |
32 |
);
|
|
32 |
];
|
|
33 | 33 |
|
34 | 34 |
/** |
35 | 35 |
* |
36 | 36 |
*/ |
37 | 37 |
public function __construct($consumer_type) { |
38 | 38 |
|
39 |
// @todo these properties are not used in ldap og 2, but when they are their derivation needs to be examined and tested |
|
40 |
// as they may be per entity rids, not global. |
|
41 |
// ldap_authorization_og_rid_from_role_name(OG_AUTHENTICATED_ROLE); |
|
42 | 39 |
$this->defaultMembershipRid = NULL; |
43 |
// ldap_authorization_og_rid_from_role_name(OG_ANONYMOUS_ROLE); |
|
44 | 40 |
$this->anonymousRid = NULL; |
45 | 41 |
|
46 | 42 |
$params = ldap_authorization_og_ldap_authorization_consumer(); |
... | ... | |
52 | 48 |
*/ |
53 | 49 |
public function og2ConsumerIdParts($consumer_id) { |
54 | 50 |
if (!is_scalar($consumer_id)) { |
55 |
return array(NULL, NULL, NULL);
|
|
51 |
return [NULL, NULL, NULL];
|
|
56 | 52 |
} |
57 | 53 |
$parts = explode(':', $consumer_id); |
58 |
return (count($parts) != 3) ? array(NULL, NULL, NULL) : $parts;
|
|
54 |
return (count($parts) != 3) ? [NULL, NULL, NULL] : $parts;
|
|
59 | 55 |
} |
60 | 56 |
|
61 | 57 |
/** |
... | ... | |
73 | 69 |
* @see LdapAuthorizationConsumerAbstract::normalizeMappings |
74 | 70 |
*/ |
75 | 71 |
public function normalizeMappings($mappings) { |
76 |
$new_mappings = array();
|
|
72 |
$new_mappings = [];
|
|
77 | 73 |
$group_entity_types = og_get_all_group_bundle(); |
78 | 74 |
foreach ($mappings as $i => $mapping) { |
79 | 75 |
$from = $mapping[0]; |
80 | 76 |
$to = $mapping[1]; |
81 | 77 |
$to_parts = explode('(raw: ', $to); |
82 | 78 |
$user_entered = $to_parts[0]; |
83 |
$new_mapping = array(
|
|
79 |
$new_mapping = [
|
|
84 | 80 |
'from' => $from, |
85 | 81 |
'user_entered' => $user_entered, |
86 | 82 |
'valid' => TRUE, |
87 | 83 |
'error_message' => '', |
88 |
);
|
|
84 |
];
|
|
89 | 85 |
|
90 | 86 |
// Has simplified and normalized part in (). update normalized part as validation. |
91 | 87 |
if (count($to_parts) == 2) { |
... | ... | |
104 | 100 |
$role = (count($to_simplified_parts) < 3) ? OG_AUTHENTICATED_ROLE : $to_simplified_parts[2]; |
105 | 101 |
$group_name = (count($to_simplified_parts) == 1) ? $to_simplified_parts[0] : $to_simplified_parts[1]; |
106 | 102 |
list($group_entity, $group_entity_id) = ldap_authorization_og2_get_group_from_name($entity_type, $group_name); |
107 |
$to_simplified = join(':', array($entity_type, $group_name));
|
|
103 |
$to_simplified = join(':', [$entity_type, $group_name]);
|
|
108 | 104 |
} |
109 | 105 |
// May be simplified or normalized, but not both. |
110 | 106 |
else { |
... | ... | |
122 | 118 |
list($group_entity, $group_entity_id) = ldap_authorization_og2_get_group_from_name($entity_type, $group_name_or_entity_id); |
123 | 119 |
// If load by name works, $group_name_or_entity_id is group title. |
124 | 120 |
if ($group_entity) { |
125 |
$to_simplified = join(':', array($entity_type, $group_name_or_entity_id));
|
|
121 |
$to_simplified = join(':', [$entity_type, $group_name_or_entity_id]);
|
|
126 | 122 |
} |
127 | 123 |
else { |
128 | 124 |
$to_simplified = FALSE; |
... | ... | |
136 | 132 |
$new_mapping['normalized'] = FALSE; |
137 | 133 |
$new_mapping['simplified'] = FALSE; |
138 | 134 |
$new_mapping['valid'] = FALSE; |
139 |
$new_mapping['error_message'] = t("cannot find matching group: !to", array('!to' => $to));
|
|
135 |
$new_mapping['error_message'] = t("cannot find matching group: !to", ['!to' => $to]);
|
|
140 | 136 |
} |
141 | 137 |
else { |
142 | 138 |
$role_id = is_numeric($role) ? $role : ldap_authorization_og2_rid_from_role_name($entity_type, $group_entity->type, $group_entity_id, $role); |
143 | 139 |
$roles = og_roles($entity_type, isset($group_entity->type) ? $group_entity->type : NULL, 0, FALSE, TRUE); |
144 | 140 |
$role_name = is_numeric($role) ? $roles[$role] : $role; |
145 |
$to_normalized = join(':', array($entity_type, $group_entity_id, $role_id));
|
|
141 |
$to_normalized = join(':', [$entity_type, $group_entity_id, $role_id]);
|
|
146 | 142 |
$to_simplified = ($to_simplified) ? $to_simplified . ':' . $role_name : $to_normalized; |
147 | 143 |
$new_mapping['normalized'] = $to_normalized; |
148 | 144 |
$new_mapping['simplified'] = $to_simplified; |
... | ... | |
186 | 182 |
public function populateConsumersFromConsumerIds(&$consumers, $create_missing_consumers = FALSE) { |
187 | 183 |
|
188 | 184 |
// Generate a query for all og groups of interest. |
189 |
$gids = array();
|
|
185 |
$gids = [];
|
|
190 | 186 |
foreach ($consumers as $consumer_id => $consumer) { |
191 | 187 |
list($entity_type, $gid, $rid) = explode(':', $consumer_id); |
192 | 188 |
$gids[$entity_type][] = $gid; |
... | ... | |
239 | 235 |
og_membership_invalidate_cache(); |
240 | 236 |
|
241 | 237 |
if ($consumers) { |
242 |
$gids_to_clear_cache = array();
|
|
238 |
$gids_to_clear_cache = [];
|
|
243 | 239 |
foreach ($consumers as $i => $consumer_id) { |
244 | 240 |
list($entity_type, $gid, $rid) = $this->og2ConsumerIdParts($consumer_id); |
245 | 241 |
$gids_to_clear_cache[$gid] = $gid; |
... | ... | |
274 | 270 |
protected function grantsAndRevokes($op, &$user, &$user_auth_data, $consumers, &$ldap_entry = NULL, $user_save = TRUE) { |
275 | 271 |
|
276 | 272 |
if (!is_array($user_auth_data)) { |
277 |
$user_auth_data = array();
|
|
273 |
$user_auth_data = [];
|
|
278 | 274 |
} |
279 | 275 |
|
280 | 276 |
$detailed_watchdog_log = variable_get('ldap_help_watchdog_detail', 0); |
281 | 277 |
$this->sortConsumerIds($op, $consumers); |
282 | 278 |
|
283 |
$results = array();
|
|
284 |
$watchdog_tokens = array();
|
|
279 |
$results = [];
|
|
280 |
$watchdog_tokens = [];
|
|
285 | 281 |
$watchdog_tokens['%username'] = $user->name; |
286 | 282 |
$watchdog_tokens['%action'] = $op; |
287 | 283 |
$watchdog_tokens['%user_save'] = $user_save; |
... | ... | |
301 | 297 |
* step #1: generate $og_actions = array of form $og_actions['revokes'|'grants'][$gid] = $rid |
302 | 298 |
* based on all consumer ids granted and revokes |
303 | 299 |
*/ |
304 |
$og_actions = array('grants' => array(), 'revokes' => array());
|
|
300 |
$og_actions = ['grants' => [], 'revokes' => []];
|
|
305 | 301 |
$consumer_ids_log = ""; |
306 | 302 |
$log = ""; |
307 | 303 |
|
... | ... | |
323 | 319 |
if ($user_has_authorization && !$user_has_authorization_recorded) { |
324 | 320 |
// Grant case 1: authorization id already exists for user, but is not ldap provisioned. mark as ldap provisioned, but don't regrant. |
325 | 321 |
$results[$consumer_id] = TRUE; |
326 |
$user_auth_data[$consumer_id] = array(
|
|
322 |
$user_auth_data[$consumer_id] = [
|
|
327 | 323 |
'date_granted' => time(), |
328 | 324 |
'consumer_id_mixed_case' => $consumer_id, |
329 |
);
|
|
325 |
];
|
|
330 | 326 |
$log .= "grant case 1: authorization id already exists for user, but is not ldap provisioned. mark as ldap provisioned, but don't regrant"; |
331 | 327 |
$log .= $consumer_id; |
332 | 328 |
} |
... | ... | |
397 | 393 |
$this->og2Grants($og_actions, $user, $user_auth_data); |
398 | 394 |
$this->og2Revokes($og_actions, $user, $user_auth_data); |
399 | 395 |
|
400 |
$user_edit = array('data' => $user->data);
|
|
396 |
$user_edit = ['data' => $user->data];
|
|
401 | 397 |
$user_edit['data']['ldap_authorizations'][$this->consumerType] = $user_auth_data; |
402 | 398 |
// Force a reload of the user object, since changes made through the grant- |
403 | 399 |
// and revoke-functions above might have changed og-related field data. |
... | ... | |
434 | 430 |
$all_group_rids = array_keys($all_group_roles); |
435 | 431 |
// Users current rids w/authen or anon roles returned. |
436 | 432 |
$users_group_rids = array_keys(og_get_user_roles($group_entity_type, $gid, $user->uid, TRUE)); |
437 |
$users_group_rids = array_diff($users_group_rids, array($anonymous_rid));
|
|
433 |
$users_group_rids = array_diff($users_group_rids, [$anonymous_rid]);
|
|
438 | 434 |
// Rids to be added without anonymous rid. |
439 |
$new_rids = array_diff($granting_rids, $users_group_rids, array($anonymous_rid));
|
|
435 |
$new_rids = array_diff($granting_rids, $users_group_rids, [$anonymous_rid]);
|
|
440 | 436 |
|
441 | 437 |
// If adding OG_AUTHENTICATED_ROLE or any other role and does not currently have OG_AUTHENTICATED_ROLE, group. |
442 | 438 |
if (!in_array($authenticated_rid, $users_group_rids) && count($new_rids) > 0) { |
443 |
$values = array(
|
|
439 |
$values = [
|
|
444 | 440 |
'entity_type' => 'user', |
445 | 441 |
'entity' => $user->uid, |
446 | 442 |
'field_name' => FALSE, |
447 | 443 |
'state' => OG_STATE_ACTIVE, |
448 |
);
|
|
444 |
];
|
|
449 | 445 |
$og_membership = og_group($group_entity_type, $gid, $values); |
450 |
$consumer_id = join(':', array($group_entity_type, $gid, $authenticated_rid));
|
|
451 |
$user_auth_data[$consumer_id] = array(
|
|
446 |
$consumer_id = join(':', [$group_entity_type, $gid, $authenticated_rid]);
|
|
447 |
$user_auth_data[$consumer_id] = [
|
|
452 | 448 |
'date_granted' => time(), |
453 | 449 |
'consumer_id_mixed_case' => $consumer_id, |
454 |
);
|
|
450 |
];
|
|
455 | 451 |
// Granted on membership creation. |
456 |
$new_rids = array_diff($new_rids, array($authenticated_rid));
|
|
452 |
$new_rids = array_diff($new_rids, [$authenticated_rid]);
|
|
457 | 453 |
|
458 | 454 |
} |
459 | 455 |
foreach ($new_rids as $i => $rid) { |
... | ... | |
461 | 457 |
} |
462 | 458 |
foreach ($granting_rids as $i => $rid) { |
463 | 459 |
// Attribute to ldap regardless of if is being granted. |
464 |
$consumer_id = join(':', array($group_entity_type, $gid, $rid));
|
|
465 |
$user_auth_data[$consumer_id] = array(
|
|
460 |
$consumer_id = join(':', [$group_entity_type, $gid, $rid]);
|
|
461 |
$user_auth_data[$consumer_id] = [
|
|
466 | 462 |
'date_granted' => time(), |
467 | 463 |
'consumer_id_mixed_case' => $consumer_id, |
468 |
);
|
|
464 |
];
|
|
469 | 465 |
} |
470 | 466 |
} |
471 | 467 |
} |
... | ... | |
496 | 492 |
// Unattribute to ldap even if user does not currently have role. |
497 | 493 |
unset($user_auth_data[ldap_authorization_og_authorization_id($gid, $rid, $group_entity_type)]); |
498 | 494 |
} |
499 |
// define('OG_ANONYMOUS_ROLE', 'non-member'); define('OG_AUTHENTICATED_ROLE', 'member'); |
|
500 |
// ungroup if only authenticated and anonymous role left. |
|
495 |
// Ungroup if only authenticated and anonymous role left. |
|
501 | 496 |
if (in_array($authenticated_rid, $revoking_rids) || count($remaining_rids) == 0) { |
502 | 497 |
$entity = og_ungroup($group_entity_type, $gid, 'user', $user->uid); |
503 | 498 |
$result = (boolean) ($entity); |
... | ... | |
514 | 509 |
static $users; |
515 | 510 |
if (!is_array($users)) { |
516 | 511 |
// No cache exists, create static array. |
517 |
$users = array();
|
|
512 |
$users = [];
|
|
518 | 513 |
} |
519 | 514 |
elseif ($reset && isset($users[$user->uid])) { |
520 | 515 |
// Clear users cache. |
... | ... | |
529 | 524 |
return $users[$user->uid]; |
530 | 525 |
} |
531 | 526 |
|
532 |
$authorizations = array();
|
|
527 |
$authorizations = [];
|
|
533 | 528 |
|
534 |
$user_entities = entity_load('user', array($user->uid));
|
|
529 |
$user_entities = entity_load('user', [$user->uid]);
|
|
535 | 530 |
$memberships = og_get_entity_groups('user', $user_entities[$user->uid]); |
536 | 531 |
foreach ($memberships as $entity_type => $entity_memberships) { |
537 | 532 |
foreach ($entity_memberships as $og_membership_id => $gid) { |
... | ... | |
550 | 545 |
* @see ldapAuthorizationConsumerAbstract::convertToFriendlyAuthorizationIds |
551 | 546 |
*/ |
552 | 547 |
public function convertToFriendlyAuthorizationIds($authorizations) { |
553 |
$authorization_ids_friendly = array();
|
|
548 |
$authorization_ids_friendly = [];
|
|
554 | 549 |
foreach ($authorizations as $authorization_id => $authorization) { |
555 | 550 |
$authorization_ids_friendly[] = $authorization['name'] . ' (' . $authorization_id . ')'; |
556 | 551 |
} |
... | ... | |
572 | 567 |
* |
573 | 568 |
*/ |
574 | 569 |
if (!$pass) { |
575 |
$tokens = array(
|
|
570 |
$tokens = [
|
|
576 | 571 |
'!from' => $mapping['from'], |
577 | 572 |
'!user_entered' => $mapping['user_entered'], |
578 | 573 |
'!error' => $mapping['error_message'], |
579 |
);
|
|
574 |
];
|
|
580 | 575 |
$message_text = '<code>"' . t('!map_to|!user_entered', $tokens) . '"</code> ' . t('has the following error: !error.', $tokens); |
581 | 576 |
} |
582 |
return array($message_type, $message_text);
|
|
577 |
return [$message_type, $message_text];
|
|
583 | 578 |
} |
584 | 579 |
|
585 | 580 |
/** |
... | ... | |
612 | 607 |
*/ |
613 | 608 |
|
614 | 609 |
$og_fields = field_info_field(OG_GROUP_FIELD); |
615 |
$rows = array();
|
|
610 |
$rows = [];
|
|
616 | 611 |
$role_name = OG_AUTHENTICATED_ROLE; |
617 | 612 |
|
618 | 613 |
if (!empty($og_fields['bundles'])) { |
... | ... | |
644 | 639 |
} |
645 | 640 |
} |
646 | 641 |
|
647 |
$variables = array(
|
|
648 |
'header' => array('Group Entity - Group Title - OG Membership Type', 'example'),
|
|
642 |
$variables = [
|
|
643 |
'header' => ['Group Entity - Group Title - OG Membership Type', 'example'],
|
|
649 | 644 |
'rows' => $rows, |
650 |
'attributes' => array(),
|
|
651 |
);
|
|
645 |
'attributes' => [],
|
|
646 |
];
|
|
652 | 647 |
|
653 | 648 |
$table = theme('table', $variables); |
654 | 649 |
$link = l(t('admin/config/people/ldap/authorization/test/og_group'), 'admin/config/people/ldap/authorization/test/og_group'); |
Formats disponibles : Unified diff
Weekly update of contrib modules