1 |
85ad3d82
|
Assos Assos
|
<?php
|
2 |
|
|
|
3 |
|
|
|
4 |
|
|
|
5 |
|
|
|
6 |
|
|
|
7 |
|
|
|
8 |
|
|
|
9 |
|
|
|
10 |
|
|
|
11 |
|
|
if (function_exists('ldap_servers_module_load_include')) {
|
12 |
|
|
ldap_servers_module_load_include('php', 'ldap_authorization', 'LdapAuthorizationConsumerAbstract.class');
|
13 |
|
|
}
|
14 |
|
|
else {
|
15 |
|
|
module_load_include('php', 'ldap_authorization', 'LdapAuthorizationConsumerAbstract.class');
|
16 |
|
|
}
|
17 |
|
|
|
18 |
|
|
class LdapAuthorizationConsumerOG extends LdapAuthorizationConsumerAbstract {
|
19 |
|
|
|
20 |
|
|
public $consumerType = 'og_group';
|
21 |
|
|
public $allowConsumerObjectCreation = FALSE;
|
22 |
|
|
public $ogVersion = NULL;
|
23 |
|
|
public $defaultMembershipRid;
|
24 |
|
|
public $anonymousRid;
|
25 |
|
|
public $defaultConsumerConfProperties = array(
|
26 |
|
|
'onlyApplyToLdapAuthenticated' => TRUE,
|
27 |
|
|
'useMappingsAsFilter' => TRUE,
|
28 |
|
|
'synchOnLogon' => TRUE,
|
29 |
|
|
'revokeLdapProvisioned' => TRUE,
|
30 |
|
|
'regrantLdapProvisioned' => TRUE,
|
31 |
|
|
'createConsumers' => TRUE,
|
32 |
|
|
);
|
33 |
|
|
|
34 |
|
|
function __construct($consumer_type) {
|
35 |
|
|
|
36 |
|
|
$this->ogVersion = ldap_authorization_og_og_version();
|
37 |
|
|
if ($this->ogVersion == 1) {
|
38 |
|
|
$this->defaultMembershipRid = ldap_authorization_og1_role_name_to_role_id(OG_AUTHENTICATED_ROLE);
|
39 |
|
|
$this->anonymousRid = ldap_authorization_og1_role_name_to_role_id(OG_ANONYMOUS_ROLE);
|
40 |
|
|
}
|
41 |
|
|
else {
|
42 |
|
|
|
43 |
|
|
|
44 |
|
|
$this->defaultMembershipRid = NULL;
|
45 |
|
|
$this->anonymousRid = NULL;
|
46 |
|
|
}
|
47 |
|
|
|
48 |
|
|
$params = ldap_authorization_og_ldap_authorization_consumer();
|
49 |
|
|
parent::__construct('og_group', $params['og_group']);
|
50 |
|
|
}
|
51 |
|
|
|
52 |
|
|
public function og1ConsumerIdParts($consumer_id) {
|
53 |
|
|
if (!is_scalar($consumer_id)) {
|
54 |
|
|
return array(NULL, NULL);
|
55 |
|
|
}
|
56 |
|
|
$parts = explode('-', $consumer_id);
|
57 |
|
|
return (count($parts) != 2) ? array(NULL, NULL) : $parts;
|
58 |
|
|
}
|
59 |
|
|
|
60 |
|
|
public function og2ConsumerIdParts($consumer_id) {
|
61 |
|
|
if (!is_scalar($consumer_id)) {
|
62 |
|
|
return array(NULL, NULL, NULL);
|
63 |
|
|
}
|
64 |
|
|
$parts = explode(':', $consumer_id);
|
65 |
|
|
return (count($parts) != 3) ? array(NULL, NULL, NULL) : $parts;
|
66 |
|
|
}
|
67 |
|
|
|
68 |
|
|
|
69 |
|
|
|
70 |
|
|
|
71 |
|
|
|
72 |
|
|
|
73 |
|
|
|
74 |
|
|
|
75 |
|
|
|
76 |
|
|
|
77 |
|
|
public function createConsumer($consumer_id, $consumer) {
|
78 |
|
|
return FALSE;
|
79 |
|
|
}
|
80 |
|
|
|
81 |
|
|
|
82 |
|
|
|
83 |
|
|
|
84 |
|
|
public function normalizeMappings($mappings) {
|
85 |
|
|
|
86 |
|
|
$new_mappings = array();
|
87 |
|
|
if ($this->ogVersion == 2) {
|
88 |
|
|
$group_entity_types = og_get_all_group_bundle();
|
89 |
|
|
foreach ($mappings as $i => $mapping) {
|
90 |
|
|
$from = $mapping[0];
|
91 |
|
|
$to = $mapping[1];
|
92 |
|
|
$to_parts = explode('(raw: ', $to);
|
93 |
|
|
$user_entered = $to_parts[0];
|
94 |
|
|
$new_mapping = array(
|
95 |
|
|
'from' => $from,
|
96 |
|
|
'user_entered' => $user_entered,
|
97 |
|
|
'valid' => TRUE,
|
98 |
|
|
'error_message' => '',
|
99 |
|
|
);
|
100 |
|
|
|
101 |
|
|
if (count($to_parts) == 2) {
|
102 |
|
|
$to_normalized = trim($to_parts[1], ')');
|
103 |
|
|
|
104 |
|
|
|
105 |
|
|
|
106 |
|
|
|
107 |
|
|
|
108 |
|
|
|
109 |
|
|
|
110 |
|
|
|
111 |
|
|
$to_simplified = $to_parts[0];
|
112 |
|
|
$to_simplified_parts = explode(':', trim($to_simplified));
|
113 |
|
|
$entity_type = (count($to_simplified_parts) == 1) ? 'node' : $to_simplified_parts[0];
|
114 |
|
|
$role = (count($to_simplified_parts) < 3) ? OG_AUTHENTICATED_ROLE : $to_simplified_parts[2];
|
115 |
|
|
$group_name = (count($to_simplified_parts) == 1) ? $to_simplified_parts[0] : $to_simplified_parts[1];
|
116 |
|
|
list($group_entity, $group_entity_id) = ldap_authorization_og2_get_group_from_name($entity_type, $group_name);
|
117 |
|
|
$to_simplified = join(':', array($entity_type, $group_name));
|
118 |
|
|
}
|
119 |
|
|
else {
|
120 |
|
|
|
121 |
|
|
|
122 |
|
|
|
123 |
|
|
|
124 |
|
|
|
125 |
|
|
|
126 |
|
|
|
127 |
|
|
$to_parts = explode(':', trim($to));
|
128 |
|
|
$entity_type = (count($to_parts) == 1) ? 'node' : $to_parts[0];
|
129 |
|
|
$role = (count($to_parts) < 3) ? OG_AUTHENTICATED_ROLE : $to_parts[2];
|
130 |
|
|
$group_name_or_entity_id = (count($to_parts) == 1) ? $to_parts[0] : $to_parts[1];
|
131 |
|
|
list($group_entity, $group_entity_id) = ldap_authorization_og2_get_group_from_name($entity_type, $group_name_or_entity_id);
|
132 |
|
|
if ($group_entity) {
|
133 |
|
|
$to_simplified = join(':', array($entity_type, $group_name_or_entity_id));
|
134 |
|
|
}
|
135 |
|
|
else {
|
136 |
|
|
$to_simplified = FALSE;
|
137 |
|
|
}
|
138 |
|
|
$simplified = (boolean)($group_entity);
|
139 |
|
|
if (!$group_entity && ($group_entity = @entity_load_single($entity_type, $group_name_or_entity_id))) {
|
140 |
|
|
$group_entity_id = $group_name_or_entity_id;
|
141 |
|
|
}
|
142 |
|
|
}
|
143 |
|
|
if (!$group_entity) {
|
144 |
|
|
$new_mapping['normalized'] = FALSE;
|
145 |
|
|
$new_mapping['simplified'] = FALSE;
|
146 |
|
|
$new_mapping['valid'] = FALSE;
|
147 |
|
|
$new_mapping['error_message'] = t("cannot find matching group: !to", array('!to' => $to));
|
148 |
|
|
}
|
149 |
|
|
else {
|
150 |
|
|
$role_id = is_numeric($role) ? $role : ldap_authorization_og2_rid_from_role_name($entity_type, $group_entity->type, $group_entity_id, $role);
|
151 |
|
|
$roles = og_roles($entity_type, isset($group_entity->type) ? $group_entity->type : NULL, 0, FALSE, TRUE);
|
152 |
|
|
$role_name = is_numeric($role) ? $roles[$role] : $role;
|
153 |
|
|
$to_normalized = join(':', array($entity_type, $group_entity_id, $role_id));
|
154 |
|
|
$to_simplified = ($to_simplified) ? $to_simplified . ':' . $role_name : $to_normalized;
|
155 |
|
|
$new_mapping['normalized'] = $to_normalized;
|
156 |
|
|
$new_mapping['simplified'] = $to_simplified;
|
157 |
|
|
if ($to == $to_normalized) {
|
158 |
|
|
|
159 |
|
|
|
160 |
|
|
|
161 |
|
|
|
162 |
|
|
|
163 |
|
|
$new_mapping['user_entered'] = $to;
|
164 |
|
|
}
|
165 |
|
|
else {
|
166 |
|
|
$new_mapping['user_entered'] = $to_simplified . ' (raw: ' . $to_normalized . ')';
|
167 |
|
|
}
|
168 |
|
|
|
169 |
|
|
|
170 |
|
|
}
|
171 |
|
|
|
172 |
|
|
$new_mappings[] = $new_mapping;
|
173 |
|
|
}
|
174 |
|
|
}
|
175 |
|
|
else {
|
176 |
|
|
foreach ($mappings as $i => $mapping) {
|
177 |
|
|
$new_mapping = array(
|
178 |
|
|
'from' => $mapping[0],
|
179 |
|
|
'user_entered' => $mapping[1],
|
180 |
|
|
'normalized' => NULL,
|
181 |
|
|
'simplified' => NULL,
|
182 |
|
|
'valid' => TRUE,
|
183 |
|
|
'error_message' => '',
|
184 |
|
|
);
|
185 |
|
|
|
186 |
|
|
$gid = NULL;
|
187 |
|
|
$rid = NULL;
|
188 |
|
|
$correct_syntax = "gid=43,rid=2 or group-name=students,role-name=member or node.title=students,role-name=member";
|
189 |
|
|
$incorrect_syntax = t('Incorrect mapping syntax. Correct examples are:') . $correct_syntax;
|
190 |
|
|
$targets = explode(',', $mapping[1]);
|
191 |
|
|
if (count($targets) != 2) {
|
192 |
|
|
$new_mapping['valid'] = FALSE;
|
193 |
|
|
$new_mapping['error_message'] = $incorrect_syntax;
|
194 |
|
|
continue;
|
195 |
|
|
}
|
196 |
|
|
|
197 |
|
|
$group_target_and_value = explode('=', $targets[0]);
|
198 |
|
|
if (count($group_target_and_value) != 2) {
|
199 |
|
|
$new_mapping['valid'] = FALSE;
|
200 |
|
|
$new_mapping['error_message'] = $incorrect_syntax;
|
201 |
|
|
continue;
|
202 |
|
|
}
|
203 |
|
|
|
204 |
|
|
list($group_target, $group_target_value) = $group_target_and_value;
|
205 |
|
|
|
206 |
|
|
$role_target_and_value = explode('=', $targets[1]);
|
207 |
|
|
if (count($role_target_and_value) != 2) {
|
208 |
|
|
$new_mapping['valid'] = FALSE;
|
209 |
|
|
$new_mapping['error_message'] = $incorrect_syntax;
|
210 |
|
|
continue;
|
211 |
|
|
}
|
212 |
|
|
list($role_target, $role_target_value) = $role_target_and_value;
|
213 |
|
|
|
214 |
|
|
|
215 |
|
|
$og_group = FALSE;
|
216 |
|
|
if ($group_target == 'gid') {
|
217 |
|
|
$gid = $group_target_value;
|
218 |
|
|
}
|
219 |
|
|
elseif ($group_target == 'group-name') {
|
220 |
|
|
list($og_group, $og_node) = ldap_authorization_og1_get_group($group_target_value, 'group_name', 'object');
|
221 |
|
|
if (is_object($og_group) && property_exists($og_group, 'gid') && $og_group->gid) {
|
222 |
|
|
$gid = $og_group->gid;
|
223 |
|
|
}
|
224 |
|
|
}
|
225 |
|
|
else {
|
226 |
|
|
$entity_type_and_field = explode('.', $group_target);
|
227 |
|
|
if (count($entity_type_and_field) != 2) {
|
228 |
|
|
$new_mapping['valid'] = FALSE;
|
229 |
|
|
$new_mapping['error_message'] = $incorrect_syntax;
|
230 |
|
|
continue;
|
231 |
|
|
}
|
232 |
|
|
list($entity_type, $field) = $entity_type_and_field;
|
233 |
|
|
|
234 |
|
|
$query = new EntityFieldQuery();
|
235 |
|
|
$query->entityCondition('entity_type', $entity_type)
|
236 |
|
|
->fieldCondition($field, 'value', $group_target_value, '=')
|
237 |
|
|
->addMetaData('account', user_load(1));
|
238 |
|
|
|
239 |
|
|
$result = $query->execute();
|
240 |
|
|
if (is_array($result) && isset($result[$entity_type]) && count($result[$entity_type]) == 1) {
|
241 |
|
|
$entities = array_keys($result[$entity_type]);
|
242 |
|
|
$gid = ldap_authorization_og1_entity_id_to_gid($entities[0]);
|
243 |
|
|
}
|
244 |
|
|
|
245 |
|
|
}
|
246 |
|
|
if (!$og_group && $gid) {
|
247 |
|
|
$og_group = og_load($gid);
|
248 |
|
|
}
|
249 |
|
|
|
250 |
|
|
|
251 |
|
|
if ($role_target == 'rid') {
|
252 |
|
|
$role_name = ldap_authorization_og1_role_name_from_rid($role_target_value);
|
253 |
|
|
$rid = $role_target_value;
|
254 |
|
|
}
|
255 |
|
|
elseif ($role_target == 'role-name') {
|
256 |
|
|
$rid = ldap_authorization_og_rid_from_role_name($role_target_value);
|
257 |
|
|
$role_name = $role_target_value;
|
258 |
|
|
}
|
259 |
|
|
|
260 |
|
|
$new_mapping['simplified'] = $og_group->label . ', '. $role_name;
|
261 |
|
|
$new_mapping['normalized'] = ($gid && $rid) ? ldap_authorization_og_authorization_id($gid, $rid) : FALSE;
|
262 |
|
|
|
263 |
|
|
$new_mappings[] = $new_mapping;
|
264 |
|
|
}
|
265 |
|
|
|
266 |
|
|
}
|
267 |
|
|
return $new_mappings;
|
268 |
|
|
}
|
269 |
|
|
|
270 |
|
|
|
271 |
|
|
|
272 |
|
|
|
273 |
|
|
|
274 |
|
|
|
275 |
|
|
|
276 |
|
|
|
277 |
|
|
public function sortConsumerIds($op, &$consumers) {
|
278 |
|
|
if ($op == 'revoke') {
|
279 |
|
|
krsort($consumers, SORT_STRING);
|
280 |
|
|
}
|
281 |
|
|
else {
|
282 |
|
|
ksort($consumers, SORT_STRING);
|
283 |
|
|
}
|
284 |
|
|
}
|
285 |
|
|
|
286 |
|
|
|
287 |
|
|
|
288 |
|
|
|
289 |
|
|
|
290 |
|
|
public function populateConsumersFromConsumerIds(&$consumers, $create_missing_consumers = FALSE) {
|
291 |
|
|
|
292 |
|
|
|
293 |
|
|
$gids = array();
|
294 |
|
|
foreach ($consumers as $consumer_id => $consumer) {
|
295 |
|
|
if (ldap_authorization_og_og_version() == 1) {
|
296 |
|
|
list($gid, $rid) = $this->og1ConsumerIdParts($consumer_id);
|
297 |
|
|
$gids[] = $gid;
|
298 |
|
|
}
|
299 |
|
|
else {
|
300 |
|
|
list($entity_type, $gid, $rid) = explode(':', $consumer_id);
|
301 |
|
|
$gids[$entity_type][] = $gid;
|
302 |
|
|
}
|
303 |
|
|
|
304 |
|
|
}
|
305 |
|
|
if (ldap_authorization_og_og_version() == 1) {
|
306 |
|
|
$og_group_entities = og_load_multiple($gids);
|
307 |
|
|
}
|
308 |
|
|
else {
|
309 |
|
|
foreach ($gids as $entity_type => $gid_x_entity) {
|
310 |
|
|
$og_group_entities[$entity_type] = @entity_load($entity_type, $gid_x_entity);
|
311 |
|
|
}
|
312 |
|
|
}
|
313 |
|
|
|
314 |
|
|
foreach ($consumers as $consumer_id => $consumer) {
|
315 |
|
|
if (ldap_authorization_og_og_version() == 1) {
|
316 |
|
|
list($gid, $rid) = $this->og1ConsumerIdParts($consumer_id);
|
317 |
|
|
$consumer['exists'] = isset($og_group_entities[$gid]);
|
318 |
|
|
if ($consumer['exists']) {
|
319 |
|
|
$consumer['value'] = $og_group_entities[$gid];
|
320 |
|
|
if (empty($consumer['name']) && property_exists($og_group_entities[$gid], 'title')) {
|
321 |
|
|
$consumer['name'] = $og_group_entities[$gid]->title;
|
322 |
|
|
}
|
323 |
|
|
$consumer['name'] = $consumer_id;
|
324 |
|
|
}
|
325 |
|
|
else {
|
326 |
|
|
$consumer['value'] = NULL;
|
327 |
|
|
$consumer['name'] = NULL;
|
328 |
|
|
}
|
329 |
|
|
|
330 |
|
|
$consumer['map_to_string'] = $consumer_id;
|
331 |
|
|
}
|
332 |
|
|
else {
|
333 |
|
|
list($entity_type, $gid, $rid) = explode(':', $consumer_id);
|
334 |
|
|
$consumer['exists'] = isset($og_group_entities[$entity_type][$gid]);
|
335 |
|
|
$consumer['value'] = ($consumer['exists']) ? $og_group_entities[$entity_type][$gid] : NULL;
|
336 |
|
|
$consumer['map_to_string'] = $consumer_id;
|
337 |
|
|
if (
|
338 |
|
|
empty($consumer['name']) &&
|
339 |
|
|
!empty($og_group_entities[$entity_type][$gid]) &&
|
340 |
|
|
property_exists($og_group_entities[$entity_type][$gid], 'title')
|
341 |
|
|
) {
|
342 |
|
|
$consumer['name'] = $og_group_entities[$entity_type][$gid]->title;
|
343 |
|
|
}
|
344 |
|
|
}
|
345 |
|
|
|
346 |
|
|
if (!$consumer['exists'] && $create_missing_consumers) {
|
347 |
|
|
|
348 |
|
|
|
349 |
|
|
|
350 |
|
|
|
351 |
|
|
}
|
352 |
|
|
$consumers[$consumer_id] = $consumer;
|
353 |
|
|
}
|
354 |
|
|
}
|
355 |
|
|
|
356 |
|
|
|
357 |
|
|
public function hasAuthorization(&$user, $consumer_id) {
|
358 |
|
|
|
359 |
|
|
if ($this->ogVersion == 1) {
|
360 |
|
|
$result = FALSE;
|
361 |
|
|
list($gid, $rid) = $this->og1ConsumerIdParts($consumer_id);
|
362 |
|
|
return ldap_authorization_og1_has_membership($gid, $user->uid) && ldap_authorization_og1_has_role($gid, $user->uid, $rid);
|
363 |
|
|
}
|
364 |
|
|
else {
|
365 |
|
|
return ldap_authorization_og2_has_consumer_id($consumer_id, $user->uid);
|
366 |
|
|
}
|
367 |
|
|
}
|
368 |
|
|
|
369 |
|
|
|
370 |
|
|
public function flushRelatedCaches($consumers = NULL, $user = NULL) {
|
371 |
|
|
if ($user) {
|
372 |
|
|
$this->usersAuthorizations($user, TRUE, FALSE);
|
373 |
|
|
}
|
374 |
|
|
|
375 |
|
|
if ($this->ogVersion == 1) {
|
376 |
|
|
og_group_membership_invalidate_cache();
|
377 |
|
|
}
|
378 |
|
|
else {
|
379 |
|
|
og_membership_invalidate_cache();
|
380 |
|
|
}
|
381 |
|
|
|
382 |
|
|
if ($consumers) {
|
383 |
|
|
$gids_to_clear_cache = array();
|
384 |
|
|
foreach ($consumers as $i => $consumer_id) {
|
385 |
|
|
if ($this->ogVersion == 1) {
|
386 |
|
|
list($gid, $rid) = $this->og1ConsumerIdParts($consumer_id);
|
387 |
|
|
}
|
388 |
|
|
else {
|
389 |
|
|
list($entity_type, $gid, $rid) = $this->og2ConsumerIdParts($consumer_id);
|
390 |
|
|
}
|
391 |
|
|
$gids_to_clear_cache[$gid] = $gid;
|
392 |
|
|
}
|
393 |
|
|
og_invalidate_cache(array_keys($gids_to_clear_cache));
|
394 |
|
|
}
|
395 |
|
|
else {
|
396 |
|
|
og_invalidate_cache();
|
397 |
|
|
}
|
398 |
|
|
}
|
399 |
|
|
|
400 |
|
|
|
401 |
|
|
|
402 |
|
|
|
403 |
|
|
|
404 |
|
|
|
405 |
|
|
|
406 |
|
|
|
407 |
|
|
|
408 |
|
|
public function authorizationDiff($existing, $desired) {
|
409 |
|
|
if ($this->ogVersion != 1) {
|
410 |
|
|
return parent::authorizationDiff($existing, $desired);
|
411 |
|
|
}
|
412 |
|
|
|
413 |
|
|
|
414 |
|
|
|
415 |
|
|
|
416 |
|
|
|
417 |
|
|
|
418 |
|
|
$diff = array_diff($existing, $desired);
|
419 |
|
|
$desired_group_ids = array();
|
420 |
|
|
foreach ($desired as $i => $consumer_id) {
|
421 |
|
|
list($gid, $rid) = $this->og1ConsumerIdParts($consumer_id);
|
422 |
|
|
$desired_group_ids[$gid] = TRUE;
|
423 |
|
|
}
|
424 |
|
|
foreach ($diff as $i => $consumer_id) {
|
425 |
|
|
list($gid, $rid) = $this->og1ConsumerIdParts($consumer_id);
|
426 |
|
|
|
427 |
|
|
|
428 |
|
|
if ($rid == $this->defaultMembershipRid && !empty($desired_group_ids[$gid])) {
|
429 |
|
|
unset($diff[$i]);
|
430 |
|
|
}
|
431 |
|
|
}
|
432 |
|
|
|
433 |
|
|
return $diff;
|
434 |
|
|
}
|
435 |
|
|
|
436 |
|
|
protected function grantsAndRevokes($op, &$user, &$user_auth_data, $consumers, &$ldap_entry = NULL, $user_save = TRUE) {
|
437 |
|
|
|
438 |
|
|
|
439 |
|
|
if (!is_array($user_auth_data)) {
|
440 |
|
|
$user_auth_data = array();
|
441 |
|
|
}
|
442 |
|
|
|
443 |
|
|
$detailed_watchdog_log = variable_get('ldap_help_watchdog_detail', 0);
|
444 |
|
|
$this->sortConsumerIds($op, $consumers);
|
445 |
|
|
|
446 |
|
|
$results = array();
|
447 |
|
|
$watchdog_tokens = array();
|
448 |
|
|
$watchdog_tokens['%username'] = $user->name;
|
449 |
|
|
$watchdog_tokens['%action'] = $op;
|
450 |
|
|
$watchdog_tokens['%user_save'] = $user_save;
|
451 |
|
|
|
452 |
|
|
|
453 |
|
|
|
454 |
|
|
|
455 |
|
|
|
456 |
|
|
$users_authorization_consumer_ids = $this->usersAuthorizations($user, TRUE);
|
457 |
|
|
|
458 |
|
|
$watchdog_tokens['%users_authorization_ids'] = join(', ', $users_authorization_consumer_ids);
|
459 |
|
|
if ($detailed_watchdog_log) {
|
460 |
|
|
watchdog('ldap_authorization', "on call of grantsAndRevokes: user_auth_data=" . print_r($user_auth_data, TRUE), $watchdog_tokens, WATCHDOG_DEBUG);
|
461 |
|
|
}
|
462 |
|
|
|
463 |
|
|
|
464 |
|
|
|
465 |
|
|
|
466 |
|
|
|
467 |
|
|
$og_actions = array('grants' => array(), 'revokes' => array());
|
468 |
|
|
$consumer_ids_log = "";
|
469 |
dd54aff9
|
Assos Assos
|
$log = "";
|
470 |
85ad3d82
|
Assos Assos
|
|
471 |
|
|
|
472 |
|
|
foreach ($consumers as $consumer_id => $consumer) {
|
473 |
|
|
if ($detailed_watchdog_log) {
|
474 |
|
|
watchdog('ldap_authorization', "consumer_id=$consumer_id, user_save=$user_save, op=$op", $watchdog_tokens, WATCHDOG_DEBUG);
|
475 |
|
|
}
|
476 |
|
|
$log = "consumer_id=$consumer_id, op=$op,";
|
477 |
|
|
|
478 |
|
|
$user_has_authorization = in_array($consumer_id, $users_authorization_consumer_ids);
|
479 |
|
|
$user_has_authorization_recorded = isset($user_auth_data[$consumer_id]);
|
480 |
|
|
|
481 |
|
|
if ($this->ogVersion == 1) {
|
482 |
|
|
list($gid, $rid) = $this->og1ConsumerIdParts($consumer_id);
|
483 |
|
|
if ($rid == $this->anonymousRid) {
|
484 |
|
|
continue;
|
485 |
|
|
}
|
486 |
|
|
}
|
487 |
|
|
else {
|
488 |
|
|
list($entity_type, $gid, $rid) = $this->og2ConsumerIdParts($consumer_id);
|
489 |
|
|
}
|
490 |
|
|
|
491 |
|
|
|
492 |
|
|
if ($op == 'grant') {
|
493 |
|
|
if ($user_has_authorization && !$user_has_authorization_recorded) {
|
494 |
|
|
|
495 |
|
|
$results[$consumer_id] = TRUE;
|
496 |
|
|
$user_auth_data[$consumer_id] = array(
|
497 |
|
|
'date_granted' => time(),
|
498 |
|
|
'consumer_id_mixed_case' => $consumer_id,
|
499 |
|
|
);
|
500 |
|
|
$log .= "grant case 1: authorization id already exists for user, but is not ldap provisioned. mark as ldap provisioned, but don't regrant";
|
501 |
|
|
$log .= $consumer_id;
|
502 |
|
|
}
|
503 |
|
|
elseif (!$user_has_authorization && $consumer['exists']) {
|
504 |
|
|
|
505 |
|
|
if ($this->ogVersion == 1) {
|
506 |
|
|
$og_actions['grants'][$gid][] = $rid;
|
507 |
|
|
}
|
508 |
|
|
else {
|
509 |
|
|
$og_actions['grants'][$entity_type][$gid][] = $rid;
|
510 |
|
|
}
|
511 |
|
|
$log .= "grant case 2: consumer exists, but user is not member. grant authorization";
|
512 |
|
|
$log .= " ".$entity_type . ":" . $gid .":" . $rid;
|
513 |
|
|
}
|
514 |
|
|
elseif ($consumer['exists'] !== TRUE) {
|
515 |
|
|
|
516 |
|
|
$results[$consumer_id] = FALSE;
|
517 |
|
|
$log .= "grant case 3: something is wrong. consumers should have been created before calling grantsAndRevokes";
|
518 |
|
|
$log .= " ".$consumer_id; }
|
519 |
|
|
elseif ($consumer['exists'] === TRUE) {
|
520 |
|
|
|
521 |
|
|
$results[$consumer_id] = TRUE;
|
522 |
|
|
$log .= "grant case 4: consumer exists and user has authorization recorded. do nothing";
|
523 |
|
|
$log .= " ".$consumer_id;
|
524 |
|
|
}
|
525 |
|
|
else {
|
526 |
|
|
|
527 |
|
|
$results[$consumer_id] = FALSE;
|
528 |
|
|
watchdog('ldap_authorization', "grantsAndRevokes consumer[exists] not properly set. consumer_id=$consumer_id, op=$op, username=%username", $watchdog_tokens, WATCHDOG_ERROR);
|
529 |
|
|
$log .= "grantsAndRevokes consumer[exists] not properly set. consumer_id=$consumer_id, op=$op, username=%username";
|
530 |
|
|
}
|
531 |
|
|
$consumer_ids_log .= $log; }
|
532 |
|
|
|
533 |
|
|
elseif ($op == 'revoke') {
|
534 |
|
|
if ($user_has_authorization) {
|
535 |
|
|
|
536 |
|
|
if ($this->ogVersion == 1) {
|
537 |
|
|
$og_actions['revokes'][$gid][] = $rid;
|
538 |
|
|
}
|
539 |
|
|
else {
|
540 |
|
|
$og_actions['revokes'][$entity_type][$gid][] = $rid;
|
541 |
|
|
}
|
542 |
dd54aff9
|
Assos Assos
|
$log .= "revoke case 1: user has authorization, revoke it. revokeSingleAuthorization will remove $consumer_id";
|
543 |
85ad3d82
|
Assos Assos
|
$log .=" ".$entity_type . ":" . $gid .":" . $rid ;
|
544 |
|
|
}
|
545 |
|
|
elseif ($user_has_authorization_recorded) {
|
546 |
|
|
|
547 |
|
|
unset($user_auth_data[$consumer_id]);
|
548 |
|
|
$results[$consumer_id] = TRUE;
|
549 |
|
|
$log .= "revoke case 2: user does not have authorization, but has record of it. remove record of it.";
|
550 |
|
|
$log .= $consumer_id;
|
551 |
|
|
}
|
552 |
|
|
else {
|
553 |
|
|
|
554 |
|
|
$results[$consumer_id] = TRUE;
|
555 |
|
|
$log .= "revoke case 3: trying to revoke something that isn't there";
|
556 |
|
|
$log .= $consumer_id;
|
557 |
|
|
}
|
558 |
|
|
}
|
559 |
|
|
if ($detailed_watchdog_log) {
|
560 |
|
|
watchdog('ldap_authorization', "user_auth_data after consumer $consumer_id" . print_r($user_auth_data, TRUE), $watchdog_tokens, WATCHDOG_DEBUG);
|
561 |
|
|
}
|
562 |
|
|
$consumer_ids_log .= $log;
|
563 |
|
|
}
|
564 |
|
|
|
565 |
|
|
$watchdog_tokens['%consumer_ids_log'] = $consumer_ids_log;
|
566 |
|
|
|
567 |
|
|
|
568 |
|
|
|
569 |
|
|
|
570 |
|
|
|
571 |
|
|
|
572 |
|
|
|
573 |
|
|
|
574 |
|
|
|
575 |
|
|
|
576 |
|
|
|
577 |
|
|
if ($this->ogVersion == 1) {
|
578 |
|
|
$this->og1Grants($og_actions, $user, $user_auth_data);
|
579 |
|
|
$this->og1Revokes($og_actions, $user, $user_auth_data);
|
580 |
|
|
}
|
581 |
|
|
else {
|
582 |
|
|
$this->og2Grants($og_actions, $user, $user_auth_data);
|
583 |
|
|
$this->og2Revokes($og_actions, $user, $user_auth_data);
|
584 |
|
|
}
|
585 |
|
|
|
586 |
5136ce55
|
Assos Assos
|
$user_edit = array('data' => $user->data);
|
587 |
85ad3d82
|
Assos Assos
|
$user_edit['data']['ldap_authorizations'][$this->consumerType] = $user_auth_data;
|
588 |
7547bb19
|
Assos Assos
|
|
589 |
|
|
|
590 |
|
|
|
591 |
|
|
|
592 |
|
|
$user = user_load($user->uid, TRUE);
|
593 |
85ad3d82
|
Assos Assos
|
$user = user_save($user, $user_edit);
|
594 |
7547bb19
|
Assos Assos
|
|
595 |
85ad3d82
|
Assos Assos
|
$user_auth_data = $user->data['ldap_authorizations'][$this->consumerType];
|
596 |
|
|
|
597 |
|
|
$this->flushRelatedCaches($consumers, $user);
|
598 |
|
|
|
599 |
|
|
if ($detailed_watchdog_log) {
|
600 |
|
|
watchdog('ldap_authorization', '%username:
|
601 |
|
|
<hr/>LdapAuthorizationConsumerAbstract grantsAndRevokes() method log. action=%action:<br/> %consumer_ids_log
|
602 |
|
|
',
|
603 |
|
|
$watchdog_tokens, WATCHDOG_DEBUG);
|
604 |
|
|
}
|
605 |
|
|
}
|
606 |
|
|
|
607 |
|
|
public function og1Grants($og_actions, &$user, &$user_auth_data) {
|
608 |
|
|
foreach ($og_actions['grants'] as $gid => $rids) {
|
609 |
|
|
$existing_roles = og_get_user_roles($gid, $user->uid);
|
610 |
|
|
if (!in_array($this->defaultMembershipRid, array_values($existing_roles))) {
|
611 |
|
|
$user->{OG_AUDIENCE_FIELD}[LANGUAGE_NONE][] = array('gid' => $gid);
|
612 |
|
|
og_entity_presave($user, 'user');
|
613 |
|
|
$consumer_id = ldap_authorization_og_authorization_id($gid, $this->defaultMembershipRid);
|
614 |
|
|
$user_auth_data[$consumer_id] = array(
|
615 |
|
|
'date_granted' => time(),
|
616 |
|
|
'consumer_id_mixed_case' => $consumer_id,
|
617 |
|
|
);
|
618 |
|
|
}
|
619 |
|
|
foreach ($rids as $rid) {
|
620 |
|
|
if ($rid != $this->defaultMembershipRid && $rid != $this->anonymousRid) {
|
621 |
|
|
og_role_grant($gid, $user->uid, $rid);
|
622 |
|
|
$consumer_id = ldap_authorization_og_authorization_id($gid, $rid);
|
623 |
|
|
$user_auth_data[$consumer_id] = array(
|
624 |
|
|
'date_granted' => time(),
|
625 |
|
|
'consumer_id_mixed_case' => $consumer_id,
|
626 |
|
|
);
|
627 |
|
|
}
|
628 |
|
|
}
|
629 |
|
|
}
|
630 |
|
|
}
|
631 |
|
|
|
632 |
|
|
public function og2Grants($og_actions, &$user, &$user_auth_data) {
|
633 |
|
|
foreach ($og_actions['grants'] as $group_entity_type => $gids) {
|
634 |
|
|
foreach ($gids as $gid => $granting_rids) {
|
635 |
|
|
$all_group_roles = og_roles($group_entity_type, FALSE, $gid, FALSE, TRUE);
|
636 |
|
|
$authenticated_rid = array_search(OG_AUTHENTICATED_ROLE, $all_group_roles);
|
637 |
|
|
$anonymous_rid = array_search(OG_ANONYMOUS_ROLE, $all_group_roles);
|
638 |
|
|
$all_group_rids = array_keys($all_group_roles);
|
639 |
|
|
$users_group_rids = array_keys(og_get_user_roles($group_entity_type, $gid, $user->uid, TRUE));
|
640 |
|
|
$users_group_rids = array_diff($users_group_rids, array($anonymous_rid));
|
641 |
|
|
$new_rids = array_diff($granting_rids, $users_group_rids, array($anonymous_rid));
|
642 |
|
|
|
643 |
|
|
|
644 |
|
|
|
645 |
|
|
if (!in_array($authenticated_rid, $users_group_rids) && count($new_rids) > 0) {
|
646 |
|
|
$values = array(
|
647 |
|
|
'entity_type' => 'user',
|
648 |
|
|
'entity' => $user->uid,
|
649 |
|
|
'field_name' => FALSE,
|
650 |
|
|
'state' => OG_STATE_ACTIVE,
|
651 |
|
|
);
|
652 |
|
|
$og_membership = og_group($group_entity_type, $gid, $values);
|
653 |
|
|
|
654 |
|
|
$consumer_id = join(':', array($group_entity_type, $gid, $authenticated_rid));
|
655 |
|
|
$user_auth_data[$consumer_id] = array(
|
656 |
|
|
'date_granted' => time(),
|
657 |
|
|
'consumer_id_mixed_case' => $consumer_id,
|
658 |
|
|
);
|
659 |
|
|
$new_rids = array_diff($new_rids, array($authenticated_rid));
|
660 |
|
|
|
661 |
|
|
}
|
662 |
|
|
foreach ($new_rids as $i => $rid) {
|
663 |
|
|
|
664 |
|
|
og_role_grant($group_entity_type, $gid, $user->uid, $rid);
|
665 |
|
|
}
|
666 |
|
|
foreach ($granting_rids as $i => $rid) {
|
667 |
|
|
|
668 |
|
|
$consumer_id = join(':', array($group_entity_type, $gid, $rid));
|
669 |
|
|
$user_auth_data[$consumer_id] = array(
|
670 |
|
|
'date_granted' => time(),
|
671 |
|
|
'consumer_id_mixed_case' => $consumer_id,
|
672 |
|
|
);
|
673 |
|
|
}
|
674 |
|
|
}
|
675 |
|
|
}
|
676 |
|
|
}
|
677 |
|
|
|
678 |
|
|
|
679 |
|
|
public function og1Revokes($og_actions, &$user, &$user_auth_data) {
|
680 |
|
|
$group_audience_gids = empty($user->{OG_AUDIENCE_FIELD}[LANGUAGE_NONE]['gid']) ? array() : $user->{OG_AUDIENCE_FIELD}[LANGUAGE_NONE]['gid'];
|
681 |
|
|
foreach ($og_actions['revokes'] as $gid => $rids) {
|
682 |
|
|
$existing_roles = og_get_user_roles($gid, $user->uid);
|
683 |
|
|
if (in_array($this->defaultMembershipRid, array_values($existing_roles))) {
|
684 |
|
|
|
685 |
|
|
foreach ($group_audience_gids as $i => $_audience_gid) {
|
686 |
|
|
if ($_audience_gid == $gid) {
|
687 |
|
|
unset($user->{OG_AUDIENCE_FIELD}[LANGUAGE_NONE][$i]);
|
688 |
|
|
}
|
689 |
|
|
}
|
690 |
|
|
og_entity_presave($user, 'user');
|
691 |
|
|
$user = og_ungroup($gid, 'user', $user, TRUE);
|
692 |
|
|
foreach (array_values($existing_roles) as $rid) {
|
693 |
|
|
$consumer_id = ldap_authorization_og_authorization_id($gid, $rid);
|
694 |
|
|
if (isset($user_auth_data[$consumer_id])) {
|
695 |
|
|
unset($user_auth_data[$consumer_id]);
|
696 |
|
|
}
|
697 |
|
|
}
|
698 |
|
|
}
|
699 |
|
|
else {
|
700 |
|
|
foreach ($existing_roles as $rid) {
|
701 |
|
|
if ($rid != $this->defaultMembershipRid && $this->defaultMembershipRid != 1) {
|
702 |
|
|
og_role_revoke($gid, $user->uid, $rid);
|
703 |
|
|
unset($user_auth_data[ldap_authorization_og_authorization_id($gid, $rid)]);
|
704 |
|
|
}
|
705 |
|
|
}
|
706 |
|
|
}
|
707 |
|
|
}
|
708 |
|
|
}
|
709 |
|
|
|
710 |
|
|
public function og2Revokes($og_actions, &$user, &$user_auth_data) {
|
711 |
|
|
foreach ($og_actions['revokes'] as $group_entity_type => $gids) {
|
712 |
|
|
foreach ($gids as $gid => $revoking_rids) {
|
713 |
|
|
$all_group_roles = og_roles($group_entity_type, FALSE, $gid, FALSE, TRUE);
|
714 |
|
|
$all_group_rids = array_keys($all_group_roles);
|
715 |
|
|
$users_group_rids = array_keys(og_get_user_roles($group_entity_type, $gid, $user->uid, TRUE));
|
716 |
|
|
$remaining_rids = array_diff($users_group_rids, $revoking_rids);
|
717 |
|
|
$authenticated_rid = array_search(OG_AUTHENTICATED_ROLE, $all_group_roles);
|
718 |
|
|
|
719 |
|
|
foreach ($revoking_rids as $i => $rid) {
|
720 |
|
|
|
721 |
|
|
if (in_array($rid, $users_group_rids)) {
|
722 |
|
|
og_role_revoke($group_entity_type, $gid, $user->uid, $rid);
|
723 |
|
|
}
|
724 |
|
|
|
725 |
|
|
unset($user_auth_data[ldap_authorization_og_authorization_id($gid, $rid, $group_entity_type)]);
|
726 |
|
|
}
|
727 |
|
|
|
728 |
|
|
if (in_array($authenticated_rid, $revoking_rids) || count($remaining_rids) == 0) {
|
729 |
|
|
$entity = og_ungroup($group_entity_type, $gid, 'user', $user->uid);
|
730 |
|
|
$result = (boolean)($entity);
|
731 |
|
|
}
|
732 |
|
|
}
|
733 |
|
|
}
|
734 |
|
|
}
|
735 |
|
|
|
736 |
|
|
|
737 |
|
|
|
738 |
|
|
|
739 |
|
|
|
740 |
|
|
public function usersAuthorizations(&$user, $reset = FALSE, $return_data = TRUE) {
|
741 |
|
|
|
742 |
|
|
static $users;
|
743 |
|
|
if (!is_array($users)) {
|
744 |
|
|
$users = array();
|
745 |
|
|
}
|
746 |
|
|
elseif ($reset && isset($users[$user->uid])) {
|
747 |
|
|
unset($users[$user->uid]);
|
748 |
|
|
}
|
749 |
|
|
elseif (!$return_data) {
|
750 |
|
|
return NULL;
|
751 |
|
|
}
|
752 |
|
|
elseif (!empty($users[$user->uid])) {
|
753 |
|
|
return $users[$user->uid];
|
754 |
|
|
}
|
755 |
|
|
|
756 |
|
|
$authorizations = array();
|
757 |
|
|
|
758 |
|
|
if ($this->ogVersion == 1) {
|
759 |
|
|
$gids = og_get_groups_by_user($user);
|
760 |
|
|
foreach ($gids as $i => $gid) {
|
761 |
|
|
$roles = og_get_user_roles($gid, $user->uid);
|
762 |
|
|
if (!empty($roles[$this->defaultMembershipRid])) {
|
763 |
|
|
if (isset($roles[$this->anonymousRid])) {
|
764 |
|
|
unset($roles[$this->anonymousRid]);
|
765 |
|
|
}
|
766 |
|
|
$rids = array_values($roles);
|
767 |
|
|
asort($rids, SORT_NUMERIC);
|
768 |
|
|
foreach ($rids as $rid) {
|
769 |
|
|
$authorizations[] = ldap_authorization_og_authorization_id($gid, $rid);
|
770 |
|
|
}
|
771 |
|
|
}
|
772 |
|
|
}
|
773 |
|
|
}
|
774 |
|
|
else {
|
775 |
|
|
$user_entities = entity_load('user', array($user->uid));
|
776 |
|
|
$memberships = og_get_entity_groups('user', $user_entities[$user->uid]);
|
777 |
|
|
foreach ($memberships as $entity_type => $entity_memberships) {
|
778 |
|
|
foreach ($entity_memberships as $og_membership_id => $gid) {
|
779 |
|
|
$roles = og_get_user_roles($entity_type, $gid, $user->uid);
|
780 |
|
|
foreach ($roles as $rid => $discard) {
|
781 |
|
|
$authorizations[] = ldap_authorization_og_authorization_id($gid, $rid, $entity_type);
|
782 |
|
|
}
|
783 |
|
|
}
|
784 |
|
|
}
|
785 |
|
|
}
|
786 |
|
|
$users[$user->uid] = $authorizations;
|
787 |
|
|
|
788 |
|
|
return $authorizations;
|
789 |
|
|
}
|
790 |
|
|
|
791 |
|
|
|
792 |
|
|
|
793 |
|
|
|
794 |
|
|
public function convertToFriendlyAuthorizationIds($authorizations) {
|
795 |
|
|
$authorization_ids_friendly = array();
|
796 |
|
|
foreach ($authorizations as $authorization_id => $authorization) {
|
797 |
|
|
$authorization_ids_friendly[] = $authorization['name'] . ' (' . $authorization_id . ')';
|
798 |
|
|
}
|
799 |
|
|
return $authorization_ids_friendly;
|
800 |
|
|
}
|
801 |
|
|
|
802 |
|
|
|
803 |
|
|
|
804 |
|
|
|
805 |
|
|
public function validateAuthorizationMappingTarget($mapping, $form_values = NULL, $clear_cache = FALSE) {
|
806 |
|
|
|
807 |
|
|
|
808 |
|
|
$has_form_values = is_array($form_values);
|
809 |
|
|
$message_type = NULL;
|
810 |
|
|
$message_text = NULL;
|
811 |
|
|
$pass = !empty($mapping['valid']) && $mapping['valid'] === TRUE;
|
812 |
|
|
|
813 |
|
|
|
814 |
|
|
|
815 |
|
|
|
816 |
|
|
|
817 |
|
|
if (!$pass) {
|
818 |
|
|
$tokens = array(
|
819 |
|
|
'!from' => $mapping['from'],
|
820 |
|
|
'!user_entered' => $mapping['user_entered'],
|
821 |
|
|
'!error' => $mapping['error_message'],
|
822 |
|
|
);
|
823 |
|
|
$message_text = '<code>"' . t('!map_to|!user_entered', $tokens) . '"</code> ' . t('has the following error: !error.', $tokens);
|
824 |
|
|
}
|
825 |
|
|
return array($message_type, $message_text);
|
826 |
|
|
}
|
827 |
|
|
|
828 |
|
|
|
829 |
|
|
|
830 |
|
|
|
831 |
|
|
|
832 |
|
|
|
833 |
|
|
|
834 |
|
|
|
835 |
|
|
public function mappingExamples($tokens) {
|
836 |
|
|
|
837 |
|
|
if ($this->ogVersion == 1) {
|
838 |
|
|
$groups = og_get_all_group();
|
839 |
|
|
$ogEntities = og_load_multiple($groups);
|
840 |
|
|
$OGroles = og_roles(0);
|
841 |
|
|
|
842 |
|
|
$rows = array();
|
843 |
|
|
foreach ($ogEntities as $group) {
|
844 |
|
|
foreach ($OGroles as $rid => $role) {
|
845 |
|
|
$example = "<code>ou=IT,dc=myorg,dc=mytld,dc=edu|gid=" . $group->gid . ',rid=' . $rid . '</code><br/>' .
|
846 |
|
|
'<code>ou=IT,dc=myorg,dc=mytld,dc=edu|group-name=' . $group->label . ',role-name=' . $role . '</code>';
|
847 |
|
|
$rows[] = array(
|
848 |
|
|
$group->label,
|
849 |
|
|
$group->gid,
|
850 |
|
|
$role,
|
851 |
|
|
$example,
|
852 |
|
|
);
|
853 |
|
|
}
|
854 |
|
|
}
|
855 |
|
|
|
856 |
|
|
$variables = array(
|
857 |
|
|
'header' => array('Group Name', 'OG Group ID', 'OG Membership Type', 'example'),
|
858 |
|
|
'rows' => $rows,
|
859 |
|
|
'attributes' => array(),
|
860 |
|
|
);
|
861 |
|
|
}
|
862 |
|
|
else {
|
863 |
|
|
|
864 |
|
|
|
865 |
|
|
|
866 |
|
|
|
867 |
|
|
|
868 |
|
|
|
869 |
|
|
|
870 |
|
|
|
871 |
|
|
|
872 |
|
|
|
873 |
|
|
|
874 |
|
|
|
875 |
|
|
|
876 |
|
|
|
877 |
|
|
|
878 |
|
|
|
879 |
|
|
|
880 |
|
|
|
881 |
|
|
|
882 |
|
|
|
883 |
|
|
$og_fields = field_info_field(OG_GROUP_FIELD);
|
884 |
|
|
$rows = array();
|
885 |
|
|
$role_name = OG_AUTHENTICATED_ROLE;
|
886 |
|
|
|
887 |
|
|
if (!empty($og_fields['bundles'])) {
|
888 |
|
|
foreach ($og_fields['bundles'] as $entity_type => $bundles) {
|
889 |
|
|
|
890 |
|
|
foreach ($bundles as $i => $bundle) {
|
891 |
|
|
|
892 |
|
|
$query = new EntityFieldQuery();
|
893 |
|
|
$query->entityCondition('entity_type', $entity_type)
|
894 |
|
|
->entityCondition('bundle', $bundle)
|
895 |
|
|
->range(0, 5)
|
896 |
|
|
->addMetaData('account', user_load(1));
|
897 |
|
|
$result = $query->execute();
|
898 |
|
|
$entities = entity_load($entity_type, array_keys($result[$entity_type]));
|
899 |
|
|
$i=0;
|
900 |
|
|
foreach ($entities as $entity_id => $entity) {
|
901 |
|
|
$i++;
|
902 |
|
|
$rid = ldap_authorization_og2_rid_from_role_name($entity_type, $bundle, $entity_id, OG_AUTHENTICATED_ROLE);
|
903 |
|
|
$title = (is_object($entity) && property_exists($entity, 'title')) ? $entity->title : '';
|
904 |
|
|
$middle = ($title && $i < 3) ? $title : $entity_id;
|
905 |
|
|
$group_role_identifier = ldap_authorization_og_authorization_id($middle, $rid, $entity_type);
|
906 |
|
|
$example = "<code>ou=IT,dc=myorg,dc=mytld,dc=edu|$group_role_identifier</code>";
|
907 |
|
|
$rows[] = array("$entity_type $title - $role_name", $example);
|
908 |
|
|
|
909 |
|
|
}
|
910 |
|
|
|
911 |
|
|
}
|
912 |
|
|
}
|
913 |
|
|
}
|
914 |
|
|
|
915 |
|
|
$variables = array(
|
916 |
|
|
'header' => array('Group Entity - Group Title - OG Membership Type', 'example'),
|
917 |
|
|
'rows' => $rows,
|
918 |
|
|
'attributes' => array(),
|
919 |
|
|
);
|
920 |
|
|
}
|
921 |
|
|
|
922 |
|
|
$table = theme('table', $variables);
|
923 |
|
|
$link = l(t('admin/config/people/ldap/authorization/test/og_group'), 'admin/config/people/ldap/authorization/test/og_group');
|
924 |
|
|
|
925 |
|
|
$examples =
|
926 |
|
|
<<<EOT
|
927 |
|
|
|
928 |
|
|
<br/>
|
929 |
|
|
Examples for some (or all) existing OG Group IDs can be found in the table below.
|
930 |
|
|
This is complex. To test what is going to happen, uncheck "When a user logs on" in IV.B.
|
931 |
|
|
and use $link to see what memberships sample users would receive.
|
932 |
|
|
|
933 |
|
|
$table
|
934 |
|
|
|
935 |
|
|
EOT;
|
936 |
|
|
$examples = t($examples, $tokens);
|
937 |
|
|
return $examples;
|
938 |
|
|
}
|
939 |
|
|
|
940 |
|
|
} |