1
|
<?php
|
2
|
|
3
|
/**
|
4
|
* @file
|
5
|
* Controls organic group membership based on LDAP values.
|
6
|
*/
|
7
|
|
8
|
/**
|
9
|
* Implements hook_ldap_authorization_consumer().
|
10
|
*/
|
11
|
function ldap_authorization_og_ldap_authorization_consumer() {
|
12
|
$types['og_group'] = [
|
13
|
'consumer_name' => t('OG group'),
|
14
|
'consumer_name_plural' => t('OG groups'),
|
15
|
'consumer_short_name' => t('group'),
|
16
|
'consumer_short_name_plural' => t('groups'),
|
17
|
'consumer_description' => t('An OG group.'),
|
18
|
'consumer_class_name' => 'LdapAuthorizationConsumerOG',
|
19
|
'consumer_class_file' => 'LdapAuthorizationConsumerOG.class.php',
|
20
|
'consumer_module' => 'ldap_authorization_og',
|
21
|
];
|
22
|
|
23
|
$types['og_group']['consumer_mapping_directions'] = 'Mappings should be of form:<br/>
|
24
|
<code>[raw authorization id]|[og entity type]:[og entity id or title]:[og role id]</code>
|
25
|
<br/>[og entity type] is generally "node"
|
26
|
<br/>[og entity id or title] can be the groups title or entity id. <strong>Titles with ":"s in them may not be used</strong>.
|
27
|
<br/>when [og role id] is left off, default role is used.
|
28
|
<br/>such as:<br/>
|
29
|
<code>
|
30
|
Student Accounts|node:17:2<br/>
|
31
|
cn=honors students,ou=groups,dc=hogwarts,dc=edu|node:honors students<br/>
|
32
|
cn=gryffindor,ou=groups,dc=hogwarts,dc=edu|node:gryffindor:3<br/>
|
33
|
</code>';
|
34
|
|
35
|
return $types;
|
36
|
}
|
37
|
|
38
|
/**
|
39
|
* Format authorization id.
|
40
|
*
|
41
|
* @param int $gid
|
42
|
* as organic group gid.
|
43
|
* @param int $rid
|
44
|
* as organic group rig.
|
45
|
* @param array $group_entity
|
46
|
* as entity associated with organic group.
|
47
|
*
|
48
|
* @return string "normalized" authorization id such as 3-3
|
49
|
*/
|
50
|
function ldap_authorization_og_authorization_id($gid, $rid, $entity_type = 'node') {
|
51
|
return join(':', [$entity_type, $gid, $rid]);
|
52
|
}
|
53
|
|
54
|
/**
|
55
|
*
|
56
|
*/
|
57
|
function ldap_authorization_og_og_version() {
|
58
|
return (function_exists('og_action_info')) ? 2 : 1;
|
59
|
}
|
60
|
|
61
|
/**
|
62
|
* Generic function to convert between query values and organic groups structures and attributes.
|
63
|
*
|
64
|
* @param mixed $entity_type
|
65
|
* signifies query value e.g. 'bakers', 7 etc.
|
66
|
* @param mixed $group_name
|
67
|
* signifies query type e.g. 'group_name', 'gid', etc.
|
68
|
*
|
69
|
* @return mixed organic group object, gid, label, etc.
|
70
|
*/
|
71
|
function ldap_authorization_og2_get_group_from_name($entity_type, $group_name) {
|
72
|
|
73
|
require_once drupal_get_path('module', 'ldap_authorization_og') . '/LdapAuthorizationConsumerOG.class.php';
|
74
|
$group_entity = FALSE;
|
75
|
$group_entity_id = FALSE;
|
76
|
$query = new EntityFieldQuery();
|
77
|
$query->entityCondition('entity_type', $entity_type)
|
78
|
->propertyCondition('title', $group_name);
|
79
|
$result = $query->execute();
|
80
|
if (isset($result[$entity_type])) {
|
81
|
$group_ids = array_keys($result[$entity_type]);
|
82
|
if (count($group_ids) == 1) {
|
83
|
$group_entity = entity_load_single($entity_type, $group_ids[0]);
|
84
|
$group_entity_id = $group_ids[0];
|
85
|
}
|
86
|
}
|
87
|
|
88
|
return [$group_entity, $group_entity_id];
|
89
|
|
90
|
}
|
91
|
|
92
|
/**
|
93
|
*
|
94
|
*/
|
95
|
function ldap_authorization_og2_has_consumer_id($consumer_id, $uid) {
|
96
|
$parts = explode(':', $consumer_id);
|
97
|
$result = FALSE;
|
98
|
$watchdog_tokens = [
|
99
|
'%consumer_id' => $consumer_id,
|
100
|
'%uid' => $uid,
|
101
|
];
|
102
|
if (count($parts) == 3) {
|
103
|
list($group_type, $gid, $rid) = $parts;
|
104
|
// Need to make sure entity exists before calling og_get_user_roles which will throw fatal error.
|
105
|
if ($group = entity_load_single($group_type, $gid)) {
|
106
|
if (og_is_group($group_type, $group)) {
|
107
|
$roles = og_get_user_roles($group_type, $gid, $uid, TRUE);
|
108
|
$result = isset($roles[$rid]);
|
109
|
}
|
110
|
else {
|
111
|
watchdog('ldap_authorization_og', "ldap_authorization_og2_has_consumer_id passed value of non og group consumer_id=%consumer_id, uid=%uid", $watchdog_tokens, WATCHDOG_ERROR);
|
112
|
}
|
113
|
}
|
114
|
else {
|
115
|
watchdog('ldap_authorization_og', "ldap_authorization_og2_has_consumer_id could not load entity requested: consumer_id=%consumer_id, uid=%uid", $watchdog_tokens, WATCHDOG_ERROR);
|
116
|
}
|
117
|
}
|
118
|
return $result;
|
119
|
}
|
120
|
|
121
|
/**
|
122
|
* Ldap_authorization_og2_has_role($og_students_node->nid, $web_user->uid, OG_AUTHENTICATED_ROLE)
|
123
|
*/
|
124
|
function ldap_authorization_og2_has_role($group_type, $gid, $uid, $role_name) {
|
125
|
// Array with rid as key and role name as value.
|
126
|
$roles = og_get_user_roles($group_type, $gid, $uid, TRUE);
|
127
|
return (is_array($roles) && in_array($role_name, array_values($roles)));
|
128
|
}
|
129
|
|
130
|
/**
|
131
|
* Derive og role id from role name.
|
132
|
*
|
133
|
* @param string $role_name
|
134
|
* as og role name.
|
135
|
*
|
136
|
* @return int og role id
|
137
|
*/
|
138
|
function ldap_authorization_og_rid_from_role_name($role_name) {
|
139
|
$roles = og_roles(0);
|
140
|
$rids = array_flip($roles);
|
141
|
return isset($rids[$role_name]) ? $rids[$role_name] : FALSE;
|
142
|
}
|
143
|
|
144
|
/**
|
145
|
*
|
146
|
*/
|
147
|
function ldap_authorization_og2_rid_from_role_name($entity_type, $bundle, $gid, $role_name) {
|
148
|
$roles = og_roles($entity_type, $bundle, 0, FALSE, TRUE);
|
149
|
$roles_flipped = array_flip($roles);
|
150
|
return (empty($roles_flipped[$role_name])) ? NULL : $roles_flipped[$role_name];
|
151
|
}
|
152
|
|
153
|
/**
|
154
|
*
|
155
|
*/
|
156
|
function ldap_authorization_og_get_all_group_entities() {
|
157
|
$entities = [];
|
158
|
$group_entity_types = og_get_all_group_bundle();
|
159
|
foreach ($group_entity_types as $entity_type => $group) {
|
160
|
$entity_ids = og_get_all_group('node');
|
161
|
$entities[$entity_type] = entity_load('node', $entity_ids);
|
162
|
}
|
163
|
return $entities;
|
164
|
}
|
165
|
|
166
|
/**
|
167
|
* Implements hook_form_alter().
|
168
|
*/
|
169
|
function ldap_authorization_og_form_ldap_authorization_admin_form_alter(&$form, $form_state) {
|
170
|
if ($form['status']['consumer_type']['#value'] == 'og_group') {
|
171
|
$form['filter_and_mappings']['use_filter']['#description'] = t('This is a required option for Organic Groups. It is only displayed for consistency with other user interfaces.');
|
172
|
$form['filter_and_mappings']['use_filter']['#disabled'] = TRUE;
|
173
|
}
|
174
|
}
|