Révision 32700c57
Ajouté par Assos Assos il y a environ 5 ans
| drupal7/sites/all/modules/ldap/ldap_authorization/ldap_authorization_og/LdapAuthorizationConsumerOG.class.php | ||
|---|---|---|
| 22 | 22 |
public $allowConsumerObjectCreation = FALSE; |
| 23 | 23 |
public $defaultMembershipRid; |
| 24 | 24 |
public $anonymousRid; |
| 25 |
public $defaultConsumerConfProperties = array(
|
|
| 25 |
public $defaultConsumerConfProperties = [
|
|
| 26 | 26 |
'onlyApplyToLdapAuthenticated' => TRUE, |
| 27 | 27 |
'useMappingsAsFilter' => TRUE, |
| 28 | 28 |
'synchOnLogon' => TRUE, |
| 29 | 29 |
'revokeLdapProvisioned' => TRUE, |
| 30 | 30 |
'regrantLdapProvisioned' => TRUE, |
| 31 | 31 |
'createConsumers' => TRUE, |
| 32 |
);
|
|
| 32 |
];
|
|
| 33 | 33 |
|
| 34 | 34 |
/** |
| 35 | 35 |
* |
| 36 | 36 |
*/ |
| 37 | 37 |
public function __construct($consumer_type) {
|
| 38 | 38 |
|
| 39 |
// @todo these properties are not used in ldap og 2, but when they are their derivation needs to be examined and tested |
|
| 40 |
// as they may be per entity rids, not global. |
|
| 41 |
// ldap_authorization_og_rid_from_role_name(OG_AUTHENTICATED_ROLE); |
|
| 42 | 39 |
$this->defaultMembershipRid = NULL; |
| 43 |
// ldap_authorization_og_rid_from_role_name(OG_ANONYMOUS_ROLE); |
|
| 44 | 40 |
$this->anonymousRid = NULL; |
| 45 | 41 |
|
| 46 | 42 |
$params = ldap_authorization_og_ldap_authorization_consumer(); |
| ... | ... | |
| 52 | 48 |
*/ |
| 53 | 49 |
public function og2ConsumerIdParts($consumer_id) {
|
| 54 | 50 |
if (!is_scalar($consumer_id)) {
|
| 55 |
return array(NULL, NULL, NULL);
|
|
| 51 |
return [NULL, NULL, NULL];
|
|
| 56 | 52 |
} |
| 57 | 53 |
$parts = explode(':', $consumer_id);
|
| 58 |
return (count($parts) != 3) ? array(NULL, NULL, NULL) : $parts;
|
|
| 54 |
return (count($parts) != 3) ? [NULL, NULL, NULL] : $parts;
|
|
| 59 | 55 |
} |
| 60 | 56 |
|
| 61 | 57 |
/** |
| ... | ... | |
| 73 | 69 |
* @see LdapAuthorizationConsumerAbstract::normalizeMappings |
| 74 | 70 |
*/ |
| 75 | 71 |
public function normalizeMappings($mappings) {
|
| 76 |
$new_mappings = array();
|
|
| 72 |
$new_mappings = [];
|
|
| 77 | 73 |
$group_entity_types = og_get_all_group_bundle(); |
| 78 | 74 |
foreach ($mappings as $i => $mapping) {
|
| 79 | 75 |
$from = $mapping[0]; |
| 80 | 76 |
$to = $mapping[1]; |
| 81 | 77 |
$to_parts = explode('(raw: ', $to);
|
| 82 | 78 |
$user_entered = $to_parts[0]; |
| 83 |
$new_mapping = array(
|
|
| 79 |
$new_mapping = [
|
|
| 84 | 80 |
'from' => $from, |
| 85 | 81 |
'user_entered' => $user_entered, |
| 86 | 82 |
'valid' => TRUE, |
| 87 | 83 |
'error_message' => '', |
| 88 |
);
|
|
| 84 |
];
|
|
| 89 | 85 |
|
| 90 | 86 |
// Has simplified and normalized part in (). update normalized part as validation. |
| 91 | 87 |
if (count($to_parts) == 2) {
|
| ... | ... | |
| 104 | 100 |
$role = (count($to_simplified_parts) < 3) ? OG_AUTHENTICATED_ROLE : $to_simplified_parts[2]; |
| 105 | 101 |
$group_name = (count($to_simplified_parts) == 1) ? $to_simplified_parts[0] : $to_simplified_parts[1]; |
| 106 | 102 |
list($group_entity, $group_entity_id) = ldap_authorization_og2_get_group_from_name($entity_type, $group_name); |
| 107 |
$to_simplified = join(':', array($entity_type, $group_name));
|
|
| 103 |
$to_simplified = join(':', [$entity_type, $group_name]);
|
|
| 108 | 104 |
} |
| 109 | 105 |
// May be simplified or normalized, but not both. |
| 110 | 106 |
else {
|
| ... | ... | |
| 122 | 118 |
list($group_entity, $group_entity_id) = ldap_authorization_og2_get_group_from_name($entity_type, $group_name_or_entity_id); |
| 123 | 119 |
// If load by name works, $group_name_or_entity_id is group title. |
| 124 | 120 |
if ($group_entity) {
|
| 125 |
$to_simplified = join(':', array($entity_type, $group_name_or_entity_id));
|
|
| 121 |
$to_simplified = join(':', [$entity_type, $group_name_or_entity_id]);
|
|
| 126 | 122 |
} |
| 127 | 123 |
else {
|
| 128 | 124 |
$to_simplified = FALSE; |
| ... | ... | |
| 136 | 132 |
$new_mapping['normalized'] = FALSE; |
| 137 | 133 |
$new_mapping['simplified'] = FALSE; |
| 138 | 134 |
$new_mapping['valid'] = FALSE; |
| 139 |
$new_mapping['error_message'] = t("cannot find matching group: !to", array('!to' => $to));
|
|
| 135 |
$new_mapping['error_message'] = t("cannot find matching group: !to", ['!to' => $to]);
|
|
| 140 | 136 |
} |
| 141 | 137 |
else {
|
| 142 | 138 |
$role_id = is_numeric($role) ? $role : ldap_authorization_og2_rid_from_role_name($entity_type, $group_entity->type, $group_entity_id, $role); |
| 143 | 139 |
$roles = og_roles($entity_type, isset($group_entity->type) ? $group_entity->type : NULL, 0, FALSE, TRUE); |
| 144 | 140 |
$role_name = is_numeric($role) ? $roles[$role] : $role; |
| 145 |
$to_normalized = join(':', array($entity_type, $group_entity_id, $role_id));
|
|
| 141 |
$to_normalized = join(':', [$entity_type, $group_entity_id, $role_id]);
|
|
| 146 | 142 |
$to_simplified = ($to_simplified) ? $to_simplified . ':' . $role_name : $to_normalized; |
| 147 | 143 |
$new_mapping['normalized'] = $to_normalized; |
| 148 | 144 |
$new_mapping['simplified'] = $to_simplified; |
| ... | ... | |
| 186 | 182 |
public function populateConsumersFromConsumerIds(&$consumers, $create_missing_consumers = FALSE) {
|
| 187 | 183 |
|
| 188 | 184 |
// Generate a query for all og groups of interest. |
| 189 |
$gids = array();
|
|
| 185 |
$gids = [];
|
|
| 190 | 186 |
foreach ($consumers as $consumer_id => $consumer) {
|
| 191 | 187 |
list($entity_type, $gid, $rid) = explode(':', $consumer_id);
|
| 192 | 188 |
$gids[$entity_type][] = $gid; |
| ... | ... | |
| 239 | 235 |
og_membership_invalidate_cache(); |
| 240 | 236 |
|
| 241 | 237 |
if ($consumers) {
|
| 242 |
$gids_to_clear_cache = array();
|
|
| 238 |
$gids_to_clear_cache = [];
|
|
| 243 | 239 |
foreach ($consumers as $i => $consumer_id) {
|
| 244 | 240 |
list($entity_type, $gid, $rid) = $this->og2ConsumerIdParts($consumer_id); |
| 245 | 241 |
$gids_to_clear_cache[$gid] = $gid; |
| ... | ... | |
| 274 | 270 |
protected function grantsAndRevokes($op, &$user, &$user_auth_data, $consumers, &$ldap_entry = NULL, $user_save = TRUE) {
|
| 275 | 271 |
|
| 276 | 272 |
if (!is_array($user_auth_data)) {
|
| 277 |
$user_auth_data = array();
|
|
| 273 |
$user_auth_data = [];
|
|
| 278 | 274 |
} |
| 279 | 275 |
|
| 280 | 276 |
$detailed_watchdog_log = variable_get('ldap_help_watchdog_detail', 0);
|
| 281 | 277 |
$this->sortConsumerIds($op, $consumers); |
| 282 | 278 |
|
| 283 |
$results = array();
|
|
| 284 |
$watchdog_tokens = array();
|
|
| 279 |
$results = [];
|
|
| 280 |
$watchdog_tokens = [];
|
|
| 285 | 281 |
$watchdog_tokens['%username'] = $user->name; |
| 286 | 282 |
$watchdog_tokens['%action'] = $op; |
| 287 | 283 |
$watchdog_tokens['%user_save'] = $user_save; |
| ... | ... | |
| 301 | 297 |
* step #1: generate $og_actions = array of form $og_actions['revokes'|'grants'][$gid] = $rid |
| 302 | 298 |
* based on all consumer ids granted and revokes |
| 303 | 299 |
*/ |
| 304 |
$og_actions = array('grants' => array(), 'revokes' => array());
|
|
| 300 |
$og_actions = ['grants' => [], 'revokes' => []];
|
|
| 305 | 301 |
$consumer_ids_log = ""; |
| 306 | 302 |
$log = ""; |
| 307 | 303 |
|
| ... | ... | |
| 323 | 319 |
if ($user_has_authorization && !$user_has_authorization_recorded) {
|
| 324 | 320 |
// Grant case 1: authorization id already exists for user, but is not ldap provisioned. mark as ldap provisioned, but don't regrant. |
| 325 | 321 |
$results[$consumer_id] = TRUE; |
| 326 |
$user_auth_data[$consumer_id] = array(
|
|
| 322 |
$user_auth_data[$consumer_id] = [
|
|
| 327 | 323 |
'date_granted' => time(), |
| 328 | 324 |
'consumer_id_mixed_case' => $consumer_id, |
| 329 |
);
|
|
| 325 |
];
|
|
| 330 | 326 |
$log .= "grant case 1: authorization id already exists for user, but is not ldap provisioned. mark as ldap provisioned, but don't regrant"; |
| 331 | 327 |
$log .= $consumer_id; |
| 332 | 328 |
} |
| ... | ... | |
| 397 | 393 |
$this->og2Grants($og_actions, $user, $user_auth_data); |
| 398 | 394 |
$this->og2Revokes($og_actions, $user, $user_auth_data); |
| 399 | 395 |
|
| 400 |
$user_edit = array('data' => $user->data);
|
|
| 396 |
$user_edit = ['data' => $user->data];
|
|
| 401 | 397 |
$user_edit['data']['ldap_authorizations'][$this->consumerType] = $user_auth_data; |
| 402 | 398 |
// Force a reload of the user object, since changes made through the grant- |
| 403 | 399 |
// and revoke-functions above might have changed og-related field data. |
| ... | ... | |
| 434 | 430 |
$all_group_rids = array_keys($all_group_roles); |
| 435 | 431 |
// Users current rids w/authen or anon roles returned. |
| 436 | 432 |
$users_group_rids = array_keys(og_get_user_roles($group_entity_type, $gid, $user->uid, TRUE)); |
| 437 |
$users_group_rids = array_diff($users_group_rids, array($anonymous_rid));
|
|
| 433 |
$users_group_rids = array_diff($users_group_rids, [$anonymous_rid]);
|
|
| 438 | 434 |
// Rids to be added without anonymous rid. |
| 439 |
$new_rids = array_diff($granting_rids, $users_group_rids, array($anonymous_rid));
|
|
| 435 |
$new_rids = array_diff($granting_rids, $users_group_rids, [$anonymous_rid]);
|
|
| 440 | 436 |
|
| 441 | 437 |
// If adding OG_AUTHENTICATED_ROLE or any other role and does not currently have OG_AUTHENTICATED_ROLE, group. |
| 442 | 438 |
if (!in_array($authenticated_rid, $users_group_rids) && count($new_rids) > 0) {
|
| 443 |
$values = array(
|
|
| 439 |
$values = [
|
|
| 444 | 440 |
'entity_type' => 'user', |
| 445 | 441 |
'entity' => $user->uid, |
| 446 | 442 |
'field_name' => FALSE, |
| 447 | 443 |
'state' => OG_STATE_ACTIVE, |
| 448 |
);
|
|
| 444 |
];
|
|
| 449 | 445 |
$og_membership = og_group($group_entity_type, $gid, $values); |
| 450 |
$consumer_id = join(':', array($group_entity_type, $gid, $authenticated_rid));
|
|
| 451 |
$user_auth_data[$consumer_id] = array(
|
|
| 446 |
$consumer_id = join(':', [$group_entity_type, $gid, $authenticated_rid]);
|
|
| 447 |
$user_auth_data[$consumer_id] = [
|
|
| 452 | 448 |
'date_granted' => time(), |
| 453 | 449 |
'consumer_id_mixed_case' => $consumer_id, |
| 454 |
);
|
|
| 450 |
];
|
|
| 455 | 451 |
// Granted on membership creation. |
| 456 |
$new_rids = array_diff($new_rids, array($authenticated_rid));
|
|
| 452 |
$new_rids = array_diff($new_rids, [$authenticated_rid]);
|
|
| 457 | 453 |
|
| 458 | 454 |
} |
| 459 | 455 |
foreach ($new_rids as $i => $rid) {
|
| ... | ... | |
| 461 | 457 |
} |
| 462 | 458 |
foreach ($granting_rids as $i => $rid) {
|
| 463 | 459 |
// Attribute to ldap regardless of if is being granted. |
| 464 |
$consumer_id = join(':', array($group_entity_type, $gid, $rid));
|
|
| 465 |
$user_auth_data[$consumer_id] = array(
|
|
| 460 |
$consumer_id = join(':', [$group_entity_type, $gid, $rid]);
|
|
| 461 |
$user_auth_data[$consumer_id] = [
|
|
| 466 | 462 |
'date_granted' => time(), |
| 467 | 463 |
'consumer_id_mixed_case' => $consumer_id, |
| 468 |
);
|
|
| 464 |
];
|
|
| 469 | 465 |
} |
| 470 | 466 |
} |
| 471 | 467 |
} |
| ... | ... | |
| 496 | 492 |
// Unattribute to ldap even if user does not currently have role. |
| 497 | 493 |
unset($user_auth_data[ldap_authorization_og_authorization_id($gid, $rid, $group_entity_type)]); |
| 498 | 494 |
} |
| 499 |
// define('OG_ANONYMOUS_ROLE', 'non-member'); define('OG_AUTHENTICATED_ROLE', 'member');
|
|
| 500 |
// ungroup if only authenticated and anonymous role left. |
|
| 495 |
// Ungroup if only authenticated and anonymous role left. |
|
| 501 | 496 |
if (in_array($authenticated_rid, $revoking_rids) || count($remaining_rids) == 0) {
|
| 502 | 497 |
$entity = og_ungroup($group_entity_type, $gid, 'user', $user->uid); |
| 503 | 498 |
$result = (boolean) ($entity); |
| ... | ... | |
| 514 | 509 |
static $users; |
| 515 | 510 |
if (!is_array($users)) {
|
| 516 | 511 |
// No cache exists, create static array. |
| 517 |
$users = array();
|
|
| 512 |
$users = [];
|
|
| 518 | 513 |
} |
| 519 | 514 |
elseif ($reset && isset($users[$user->uid])) {
|
| 520 | 515 |
// Clear users cache. |
| ... | ... | |
| 529 | 524 |
return $users[$user->uid]; |
| 530 | 525 |
} |
| 531 | 526 |
|
| 532 |
$authorizations = array();
|
|
| 527 |
$authorizations = [];
|
|
| 533 | 528 |
|
| 534 |
$user_entities = entity_load('user', array($user->uid));
|
|
| 529 |
$user_entities = entity_load('user', [$user->uid]);
|
|
| 535 | 530 |
$memberships = og_get_entity_groups('user', $user_entities[$user->uid]);
|
| 536 | 531 |
foreach ($memberships as $entity_type => $entity_memberships) {
|
| 537 | 532 |
foreach ($entity_memberships as $og_membership_id => $gid) {
|
| ... | ... | |
| 550 | 545 |
* @see ldapAuthorizationConsumerAbstract::convertToFriendlyAuthorizationIds |
| 551 | 546 |
*/ |
| 552 | 547 |
public function convertToFriendlyAuthorizationIds($authorizations) {
|
| 553 |
$authorization_ids_friendly = array();
|
|
| 548 |
$authorization_ids_friendly = [];
|
|
| 554 | 549 |
foreach ($authorizations as $authorization_id => $authorization) {
|
| 555 | 550 |
$authorization_ids_friendly[] = $authorization['name'] . ' (' . $authorization_id . ')';
|
| 556 | 551 |
} |
| ... | ... | |
| 572 | 567 |
* |
| 573 | 568 |
*/ |
| 574 | 569 |
if (!$pass) {
|
| 575 |
$tokens = array(
|
|
| 570 |
$tokens = [
|
|
| 576 | 571 |
'!from' => $mapping['from'], |
| 577 | 572 |
'!user_entered' => $mapping['user_entered'], |
| 578 | 573 |
'!error' => $mapping['error_message'], |
| 579 |
);
|
|
| 574 |
];
|
|
| 580 | 575 |
$message_text = '<code>"' . t('!map_to|!user_entered', $tokens) . '"</code> ' . t('has the following error: !error.', $tokens);
|
| 581 | 576 |
} |
| 582 |
return array($message_type, $message_text);
|
|
| 577 |
return [$message_type, $message_text];
|
|
| 583 | 578 |
} |
| 584 | 579 |
|
| 585 | 580 |
/** |
| ... | ... | |
| 612 | 607 |
*/ |
| 613 | 608 |
|
| 614 | 609 |
$og_fields = field_info_field(OG_GROUP_FIELD); |
| 615 |
$rows = array();
|
|
| 610 |
$rows = [];
|
|
| 616 | 611 |
$role_name = OG_AUTHENTICATED_ROLE; |
| 617 | 612 |
|
| 618 | 613 |
if (!empty($og_fields['bundles'])) {
|
| ... | ... | |
| 644 | 639 |
} |
| 645 | 640 |
} |
| 646 | 641 |
|
| 647 |
$variables = array(
|
|
| 648 |
'header' => array('Group Entity - Group Title - OG Membership Type', 'example'),
|
|
| 642 |
$variables = [
|
|
| 643 |
'header' => ['Group Entity - Group Title - OG Membership Type', 'example'],
|
|
| 649 | 644 |
'rows' => $rows, |
| 650 |
'attributes' => array(),
|
|
| 651 |
);
|
|
| 645 |
'attributes' => [],
|
|
| 646 |
];
|
|
| 652 | 647 |
|
| 653 | 648 |
$table = theme('table', $variables);
|
| 654 | 649 |
$link = l(t('admin/config/people/ldap/authorization/test/og_group'), 'admin/config/people/ldap/authorization/test/og_group');
|
Formats disponibles : Unified diff
Weekly update of contrib modules