1
|
<?php
|
2
|
|
3
|
/**
|
4
|
* @file
|
5
|
* Install, update and uninstall functions for the LDAP authorization module.
|
6
|
*/
|
7
|
|
8
|
/**
|
9
|
* Implements hook_requirements().
|
10
|
*/
|
11
|
function ldap_authorization_requirements($phase) {
|
12
|
$requirements = [];
|
13
|
|
14
|
if ($phase != "install" && db_field_exists('ldapauth', 'ldapgroups_in_dn')) {
|
15
|
$requirements['ldap_authorization_ldap_integration']['title'] = t('LDAP Integration LDAP Groups Upgrade Concern');
|
16
|
$requirements['ldap_authorization_ldap_integration']['severity'] = REQUIREMENT_WARNING;
|
17
|
$requirements['ldap_authorization_ldap_integration']['value'] = NULL;
|
18
|
$requirements['ldap_authorization_ldap_integration']['description'] = t('Upgrade from Drupal 6 LDAP Groups to Drupal 7
|
19
|
LDAP Authorization is not automatic. LDAP Authorization will need to be configured by hand.
|
20
|
The authorization options are different and automated updgrade is not possible.
|
21
|
See also. See http://drupal.org/node/1023016, http://drupal.org/node/1183192.
|
22
|
This message will go away when the ldapauth database table is removed.');
|
23
|
}
|
24
|
// Check that ldapauth not installed.
|
25
|
return $requirements;
|
26
|
}
|
27
|
|
28
|
/**
|
29
|
* Implements hook_install().
|
30
|
*/
|
31
|
function ldap_authorization_install() {
|
32
|
|
33
|
cache_clear_all('field_info_types:', 'cache_field', TRUE);
|
34
|
foreach (ldap_authorization_user_entity_fields() as $field_id => $field_conf) {
|
35
|
$field_info = field_info_field($field_id);
|
36
|
if (!$field_info) {
|
37
|
field_create_field($field_conf['field']);
|
38
|
field_create_instance($field_conf['instance']);
|
39
|
}
|
40
|
}
|
41
|
|
42
|
}
|
43
|
|
44
|
/**
|
45
|
* Implements hook_uninstall().
|
46
|
*/
|
47
|
function ldap_authorization_uninstall() {
|
48
|
foreach (ldap_authorization_user_entity_fields() as $field_id => $field_conf) {
|
49
|
|
50
|
$instance = field_info_instance($field_conf['instance']['entity_type'], $field_conf['instance']['field_name'], $field_conf['instance']['bundle']);
|
51
|
if ($instance) {
|
52
|
field_delete_instance($instance);
|
53
|
}
|
54
|
|
55
|
$field_info = field_info_field($field_conf['field']['field_name']);
|
56
|
if ($field_info) {
|
57
|
field_delete_field($field_conf['field']['field_name']);
|
58
|
}
|
59
|
}
|
60
|
module_load_include('inc', 'ldap_servers', 'ldap_servers.user_data_remove');
|
61
|
batch_set(ldap_severs_user_data_setup_batch());
|
62
|
$batch =& batch_get();
|
63
|
|
64
|
}
|
65
|
|
66
|
/**
|
67
|
*
|
68
|
*/
|
69
|
function ldap_authorization_user_entity_fields() {
|
70
|
|
71
|
$fields = [];
|
72
|
|
73
|
return $fields;
|
74
|
}
|
75
|
|
76
|
/**
|
77
|
* Implements hook_schema().
|
78
|
*/
|
79
|
function ldap_authorization_schema() {
|
80
|
|
81
|
$schema['ldap_authorization'] = [
|
82
|
'export' => [
|
83
|
'key' => 'consumer_type',
|
84
|
'key name' => 'Mapping ID',
|
85
|
'identifier' => 'consumer_type',
|
86
|
'primary key' => 'numeric_consumer_conf_id',
|
87
|
'api' => [
|
88
|
'owner' => 'ldap_authorization',
|
89
|
'api' => 'ldap_authorization',
|
90
|
'minimum_version' => 1,
|
91
|
'current_version' => 1,
|
92
|
],
|
93
|
],
|
94
|
|
95
|
'description' => "Data used to map users ldap entry to authorization rights.",
|
96
|
'primary key' => ['numeric_consumer_conf_id'],
|
97
|
'foreign keys' => [
|
98
|
'sid' => [
|
99
|
'table' => 'ldap_servers',
|
100
|
'columns' => ['sid' => 'sid'],
|
101
|
],
|
102
|
],
|
103
|
];
|
104
|
|
105
|
module_load_include('inc', 'ldap_servers', 'ldap_servers.functions');
|
106
|
module_load_include('php', 'ldap_authorization', 'LdapAuthorizationConsumerConfAdmin.class');
|
107
|
|
108
|
$fields = LdapAuthorizationConsumerConfAdmin::fields();
|
109
|
foreach ($fields as $name => $props) {
|
110
|
if (isset($props['schema'])) {
|
111
|
$schema['ldap_authorization']['fields'][$name] = $props['schema'];
|
112
|
}
|
113
|
}
|
114
|
|
115
|
return $schema;
|
116
|
}
|
117
|
|
118
|
/**
|
119
|
* Add 'create_consumers field to ldap_authorization table.
|
120
|
*/
|
121
|
function ldap_authorization_update_7100() {
|
122
|
|
123
|
if (!db_field_exists('ldap_authorization', 'create_consumers')) {
|
124
|
db_add_field('ldap_authorization', 'create_consumers', [
|
125
|
'type' => 'int',
|
126
|
'size' => 'tiny',
|
127
|
'not null' => TRUE,
|
128
|
'default' => 0,
|
129
|
]);
|
130
|
return t('"create_consumers" field added to ldap_authorization table');
|
131
|
}
|
132
|
else {
|
133
|
return t('No database changes made.');
|
134
|
}
|
135
|
|
136
|
}
|
137
|
|
138
|
/**
|
139
|
* Add derive_from_attr_use_first_attr field to ldap_authorization table.
|
140
|
*/
|
141
|
function ldap_authorization_update_7101() {
|
142
|
|
143
|
if (!db_field_exists('ldap_authorization', 'derive_from_attr_use_first_attr')) {
|
144
|
db_add_field('ldap_authorization', 'derive_from_attr_use_first_attr', [
|
145
|
'type' => 'int',
|
146
|
'size' => 'tiny',
|
147
|
'not null' => TRUE,
|
148
|
'default' => 0,
|
149
|
]);
|
150
|
return t('"derive_from_attr_use_first_attr" field added to ldap_authorization table');
|
151
|
}
|
152
|
else {
|
153
|
return t('No database changes made.');
|
154
|
}
|
155
|
|
156
|
}
|
157
|
|
158
|
/**
|
159
|
* Add derive_from_entry_search_all column to ldap_authorization.
|
160
|
*/
|
161
|
function ldap_authorization_update_7102() {
|
162
|
|
163
|
if (!db_field_exists('ldap_authorization', 'derive_from_entry_search_all')) {
|
164
|
db_add_field('ldap_authorization', 'derive_from_entry_search_all', [
|
165
|
'type' => 'int',
|
166
|
'size' => 'tiny',
|
167
|
'not null' => TRUE,
|
168
|
'default' => 0,
|
169
|
]);
|
170
|
return t('"derive_from_entry_search_all" field added to ldap_authorization table');
|
171
|
}
|
172
|
else {
|
173
|
return t('No database changes made.');
|
174
|
}
|
175
|
|
176
|
}
|
177
|
|
178
|
/**
|
179
|
* Change derive_from_attr_attr and derive_from_entry fields to text instead of varchar 2555.
|
180
|
*/
|
181
|
function ldap_authorization_update_7103() {
|
182
|
|
183
|
foreach (['derive_from_dn_attr', 'derive_from_attr_attr', 'derive_from_entry_entries'] as $field_name) {
|
184
|
db_change_field('ldap_authorization', $field_name, $field_name, [
|
185
|
'type' => 'text',
|
186
|
'not null' => FALSE,
|
187
|
]);
|
188
|
}
|
189
|
|
190
|
}
|
191
|
|
192
|
/**
|
193
|
* Change derive_from_attr_attr and derive_from_entry fields to text instead of varchar 2555
|
194
|
* applied second time because beta6 and 7 were wrong.
|
195
|
*/
|
196
|
function ldap_authorization_update_7104() {
|
197
|
|
198
|
foreach (['derive_from_dn_attr', 'derive_from_attr_attr', 'derive_from_entry_entries'] as $field_name) {
|
199
|
db_change_field('ldap_authorization', $field_name, $field_name, [
|
200
|
'type' => 'text',
|
201
|
'not null' => FALSE,
|
202
|
]);
|
203
|
}
|
204
|
|
205
|
}
|
206
|
|
207
|
/**
|
208
|
* Add derive_from_entry_user_ldap_attr field to allow user specification of dn or other identifier.
|
209
|
*/
|
210
|
function ldap_authorization_update_7105() {
|
211
|
|
212
|
if (!db_field_exists('ldap_authorization', 'derive_from_entry_user_ldap_attr')) {
|
213
|
db_add_field('ldap_authorization', 'derive_from_entry_user_ldap_attr', [
|
214
|
'type' => 'varchar',
|
215
|
'length' => 255,
|
216
|
'default' => NULL,
|
217
|
]);
|
218
|
return t('"derive_from_entry_user_ldap_attr" field added to ldap_authorization table');
|
219
|
}
|
220
|
else {
|
221
|
return t('No database changes made.');
|
222
|
}
|
223
|
|
224
|
}
|
225
|
|
226
|
/**
|
227
|
* Add nested checkboxes to derive from entry and attributes strategies.
|
228
|
*/
|
229
|
function ldap_authorization_update_7106() {
|
230
|
|
231
|
if (!db_field_exists('ldap_authorization', 'derive_from_attr_nested')) {
|
232
|
db_add_field('ldap_authorization', 'derive_from_attr_nested', [
|
233
|
'type' => 'int',
|
234
|
'size' => 'tiny',
|
235
|
'not null' => TRUE,
|
236
|
'default' => 0,
|
237
|
]);
|
238
|
$msg = t('"derive_from_attr_nested" field added to ldap_authorization table');
|
239
|
}
|
240
|
|
241
|
if (!db_field_exists('ldap_authorization', 'derive_from_entry_nested')) {
|
242
|
db_add_field('ldap_authorization', 'derive_from_entry_nested', [
|
243
|
'type' => 'int',
|
244
|
'size' => 'tiny',
|
245
|
'not null' => TRUE,
|
246
|
'default' => 0,
|
247
|
]);
|
248
|
$msg .= t('"derive_from_entry_nested" field added to ldap_authorization table');
|
249
|
}
|
250
|
|
251
|
return ($msg) ? $msg : t('No database changes made.');
|
252
|
}
|
253
|
|
254
|
/**
|
255
|
* Add derive_from_entry_use_first_attr field to and remove description field from ldap_authorization table.
|
256
|
*/
|
257
|
function ldap_authorization_update_7107() {
|
258
|
|
259
|
$changes = '';
|
260
|
|
261
|
if (!db_field_exists('ldap_authorization', 'derive_from_entry_use_first_attr')) {
|
262
|
db_add_field('ldap_authorization', 'derive_from_entry_use_first_attr', [
|
263
|
'type' => 'int',
|
264
|
'size' => 'tiny',
|
265
|
'not null' => TRUE,
|
266
|
'default' => 0,
|
267
|
]);
|
268
|
$changes .= t('"derive_from_entry_use_first_attr" field added to ldap_authorization table');
|
269
|
}
|
270
|
|
271
|
if (db_field_exists('ldap_authorization', 'description')) {
|
272
|
db_drop_field('ldap_authorization', 'description');
|
273
|
$changes .= t('"description" field dropped from to ldap_authorization table');
|
274
|
}
|
275
|
|
276
|
return ($changes) ? $changes : t('No database changes made.');
|
277
|
|
278
|
}
|
279
|
|
280
|
/**
|
281
|
* Add derive_from_entry_entries_attr field to allow user specification of attribute representing group in queries.
|
282
|
*/
|
283
|
function ldap_authorization_update_7108() {
|
284
|
|
285
|
if (!db_field_exists('ldap_authorization', 'derive_from_entry_entries_attr')) {
|
286
|
db_add_field('ldap_authorization', 'derive_from_entry_entries_attr', [
|
287
|
'type' => 'varchar',
|
288
|
'length' => 255,
|
289
|
'default' => NULL,
|
290
|
]);
|
291
|
return t('"derive_from_entry_entries_attr" field added to ldap_authorization table');
|
292
|
}
|
293
|
else {
|
294
|
return t('No database changes made.');
|
295
|
}
|
296
|
_ldap_authorization_add_ldap_user_fields();
|
297
|
|
298
|
}
|
299
|
|
300
|
/**
|
301
|
* Moving some groups related fields into ldap server module.
|
302
|
*/
|
303
|
function ldap_authorization_update_7201() {
|
304
|
|
305
|
// Need to merge 2 table fields (derive_from_entry_use_first_attr and derive_from_attr_use_first_attr into one field useFirstAttrAsGroupId)
|
306
|
$results = '';
|
307
|
|
308
|
if (!db_field_exists('ldap_authorization', 'useFirstAttrAsGroupId')) {
|
309
|
db_add_field('ldap_authorization', 'useFirstAttrAsGroupId', [
|
310
|
'type' => 'int',
|
311
|
'size' => tiny,
|
312
|
'not null' => TRUE,
|
313
|
'default' => 0,
|
314
|
]);
|
315
|
$results .= t('"useFirstAttrAsGroupId" field added to ldap_authorization table');
|
316
|
}
|
317
|
|
318
|
if (!db_field_exists('ldap_authorization', 'searchAll')) {
|
319
|
db_add_field('ldap_authorization', 'searchAll', [
|
320
|
'type' => 'int',
|
321
|
'size' => tiny,
|
322
|
'not null' => TRUE,
|
323
|
'default' => 0,
|
324
|
]);
|
325
|
$results .= t('"searchAll" field added to ldap_authorization table');
|
326
|
}
|
327
|
}
|
328
|
|
329
|
/**
|
330
|
* Remove user ldap authorizations field. its in $user->data now.
|
331
|
*/
|
332
|
function ldap_authorization_update_7202() {
|
333
|
|
334
|
$instance = [
|
335
|
'field_name' => 'ldap_authorizations',
|
336
|
'entity_type' => 'user',
|
337
|
'bundle' => 'user',
|
338
|
];
|
339
|
field_delete_instance($instance, TRUE);
|
340
|
field_delete_field('ldap_authorizations');
|
341
|
|
342
|
}
|
343
|
|
344
|
/**
|
345
|
* Make all schema field names lowercase in ldap server to deal with cronic case sensitivity issues.
|
346
|
*/
|
347
|
function ldap_authorization_update_7203() {
|
348
|
|
349
|
if (db_field_exists('ldap_authorization', 'searchAll')) {
|
350
|
db_drop_field('ldap_authorization', 'searchAll');
|
351
|
}
|
352
|
|
353
|
$schema = ldap_authorization_schema();
|
354
|
$field_schema = $schema['ldap_authorization']['fields']['use_first_attr_as_groupid'];
|
355
|
if (db_field_exists('ldap_authorization', 'useFirstAttrAsGroupId')) {
|
356
|
if (db_field_exists('ldap_authorization', 'use_first_attr_as_groupid')) {
|
357
|
db_drop_field('ldap_authorization', 'useFirstAttrAsGroupId');
|
358
|
}
|
359
|
else {
|
360
|
db_change_field('ldap_authorization', 'useFirstAttrAsGroupId', 'use_first_attr_as_groupid', $field_schema);
|
361
|
}
|
362
|
}
|
363
|
|
364
|
}
|
365
|
|
366
|
/**
|
367
|
* Make all schema field names lowercase in ldap server to deal with cronic case sensitivity issues.
|
368
|
*/
|
369
|
function ldap_authorization_update_7204() {
|
370
|
|
371
|
$schema = ldap_authorization_schema();
|
372
|
$field_schema = $schema['ldap_authorization']['fields']['mappings'];
|
373
|
if (db_field_exists('ldap_authorization', 'mappings')) {
|
374
|
db_change_field('ldap_authorization', 'mappings', 'mappings', $field_schema);
|
375
|
}
|
376
|
|
377
|
}
|