/drupal7/sites/all/modules/ldap/ldap_authorization/LdapAuthorizationConsumerConfAdmin.class.php - Annoter - Club Drupal - Forge Centrale Marseille

root / drupal7 / sites / all / modules / ldap / ldap_authorization / LdapAuthorizationConsumerConfAdmin.class.php @ bc175c27

1	85ad3d82	Assos Assos	<?php
2
3			/**
4			* @file
5	bc175c27	Assos Assos	* Class to encapsulate an ldap authorization ldap entry to authorization ids mapping.
6	85ad3d82	Assos Assos	*/
7
8			module_load_include('php', 'ldap_authorization', 'LdapAuthorizationConsumerConf.class');
9	bc175c27	Assos Assos	/**
10			* LDAP Authorization Consumer Configration Admin Class.
11			*/
12	85ad3d82	Assos Assos	class LdapAuthorizationConsumerConfAdmin extends LdapAuthorizationConsumerConf {
13
14	bc175c27	Assos Assos	/**
15			*
16			*/
17	85ad3d82	Assos Assos	public function save() {
18
19			$op = $this->inDatabase ? 'edit' : 'insert';
20	bc175c27	Assos Assos	// $this;.
21			$values = new stdClass();
22	85ad3d82	Assos Assos	$values->sid = $this->sid;
23			$values->numeric_consumer_conf_id = $this->numericConsumerConfId;
24			$values->consumer_type = $this->consumerType;
25			$values->consumer_module = $this->consumer->consumerModule;
26			$values->status = ($this->status) ? 1 : 0;
27	bc175c27	Assos Assos	$values->only_ldap_authenticated = (int) $this->onlyApplyToLdapAuthenticated;
28			$values->use_first_attr_as_groupid = (int) $this->useFirstAttrAsGroupId;
29	85ad3d82	Assos Assos	$values->mappings = serialize($this->mappings);
30	bc175c27	Assos Assos	$values->use_filter = (int) $this->useMappingsAsFilter;
31			$values->synch_to_ldap = (int) $this->synchToLdap;
32			$values->synch_on_logon = (int) $this->synchOnLogon;
33			$values->revoke_ldap_provisioned = (int) $this->revokeLdapProvisioned;
34			$values->create_consumers = (int) $this->createConsumers;
35			$values->regrant_ldap_provisioned = (int) $this->regrantLdapProvisioned;
36	85ad3d82	Assos Assos
37			if (module_exists('ctools')) {
38			ctools_include('export');
39	bc175c27	Assos Assos	// Populate our object with ctool's properties.
40	85ad3d82	Assos Assos	$object = ctools_export_crud_new('ldap_authorization');
41			foreach ($object as $property => $value) {
42			if (!isset($values->$property)) {
43			$values->$property = $value;
44			}
45			}
46			try {
47			$values->export_type = NULL;
48			$result = ctools_export_crud_save('ldap_authorization', $values);
49	bc175c27	Assos Assos	}
50			catch (Exception $e) {
51	85ad3d82	Assos Assos	$values->export_type = EXPORT_IN_DATABASE;
52			$result = ctools_export_crud_save('ldap_authorization', $values);
53			}
54	bc175c27	Assos Assos	// ctools_export_crud_save doesn't invalidate cache.
55			ctools_export_load_object_reset('ldap_authorization');
56	85ad3d82	Assos Assos	}
57			else {
58
59			if ($op == 'edit') {
60			$result = drupal_write_record('ldap_authorization', $values, 'consumer_type');
61			}
62	bc175c27	Assos Assos	/**
63			*Insert.
64			*/
65			else {
66	85ad3d82	Assos Assos	$result = drupal_write_record('ldap_authorization', $values);
67			}
68
69			if ($result) {
70			$this->inDatabase = TRUE;
71			}
72			else {
73			drupal_set_message(t('Failed to write LDAP Authorization to the database.'));
74			}
75			}
76
77			}
78
79			public $fields;
80			public $consumers;
81
82	bc175c27	Assos Assos	/**
83			*
84			*/
85	85ad3d82	Assos Assos	public function delete() {
86			if ($this->consumerType) {
87			$this->inDatabase = FALSE;
88			return db_delete('ldap_authorization')->condition('consumer_type', $this->consumerType)->execute();
89			}
90			else {
91			return FALSE;
92			}
93			}
94
95	bc175c27	Assos Assos	/**
96			*
97			*/
98	85ad3d82	Assos Assos	public function __construct(&$consumer = NULL, $new = FALSE) {
99			parent::__construct($consumer, $new);
100			$this->fields = $this->fields();
101			$this->consumers = ldap_authorization_get_consumers(NULL, TRUE);
102
103			if ($new) {
104			foreach ($this->consumer->defaultConsumerConfProperties as $property => $value) {
105			$this->$property = $value;
106			}
107			}
108			}
109
110	bc175c27	Assos Assos	/**
111			*
112			*/
113	85ad3d82	Assos Assos	public function drupalForm($server_options, $op) {
114
115			$consumer_tokens = ldap_authorization_tokens($this->consumer);
116			$form['intro'] = array(
117	bc175c27	Assos Assos	'#type' => 'item',
118			'#markup' => t('<h1>LDAP to !consumer_name Configuration</h1>', $consumer_tokens),
119	85ad3d82	Assos Assos	);
120
121			$form['status'] = array(
122			'#type' => 'fieldset',
123			'#title' => t('I. Basics', $consumer_tokens),
124			'#collapsible' => TRUE,
125			'#collapsed' => FALSE,
126			);
127
128			$form['status']['sid'] = array(
129			'#type' => 'radios',
130			'#title' => t('LDAP Server used in !consumer_name configuration.', $consumer_tokens),
131			'#required' => 1,
132			'#default_value' => $this->sid,
133			'#options' => $server_options,
134			);
135
136			$form['status']['consumer_type'] = array(
137			'#type' => 'hidden',
138			'#value' => $this->consumerType,
139			'#required' => 1,
140			);
141
142			$form['status']['status'] = array(
143			'#type' => 'checkbox',
144			'#title' => t('Enable this configuration', $consumer_tokens),
145	bc175c27	Assos Assos	'#default_value' => $this->status,
146	85ad3d82	Assos Assos	);
147
148			$form['status']['only_ldap_authenticated'] = array(
149			'#type' => 'checkbox',
150	7547bb19	Assos Assos	'#title' => t('Only apply the following LDAP to !consumer_name configuration to users authenticated via LDAP. One uncommon reason for disabling this is when you are using Drupal authentication, but want to leverage LDAP for authorization; for this to work the Drupal username still has to map to an LDAP entry.', $consumer_tokens),
151	bc175c27	Assos Assos	'#default_value' => $this->onlyApplyToLdapAuthenticated,
152	85ad3d82	Assos Assos	);
153
154			if (method_exists($this->consumer, 'mappingExamples')) {
155			$consumer_tokens['!examples'] = '<fieldset class="collapsible collapsed form-wrapper" id="authorization-mappings">
156			<legend><span class="fieldset-legend">' . t('Examples based on current !consumer_namePlural', $consumer_tokens) . '</span></legend>
157	bc175c27	Assos Assos	<div class="fieldset-wrapper">' . $this->consumer->mappingExamples($consumer_tokens) . '<div class="fieldset-wrapper">
158	85ad3d82	Assos Assos	</fieldset>';
159			}
160			else {
161			$consumer_tokens['!examples'] = '';
162			}
163			$form['filter_and_mappings'] = array(
164			'#type' => 'fieldset',
165			'#title' => t('II. LDAP to !consumer_name mapping and filtering', $consumer_tokens),
166			'#description' => t('
167			Representations of groups derived from LDAP might initially look like:
168			<ul>
169			<li><code>cn=students,ou=groups,dc=hogwarts,dc=edu</code></li>
170			<li><code>cn=gryffindor,ou=groups,dc=hogwarts,dc=edu</code></li>
171			<li><code>cn=faculty,ou=groups,dc=hogwarts,dc=edu</code></li>
172			<li><code>cn=probation students,ou=groups,dc=hogwarts,dc=edu</code></li>
173			</ul>
174
175			<p><strong>Mappings are used to convert and filter these group representations to !consumer_namePlural.</strong></p>
176
177			!consumer_mappingDirections
178
179			!examples
180
181			', $consumer_tokens),
182			'#collapsible' => TRUE,
183			'#collapsed' => !($this->mappings \|\| $this->useMappingsAsFilter \|\| $this->useFirstAttrAsGroupId),
184			);
185
186			$form['filter_and_mappings']['use_first_attr_as_groupid'] = array(
187			'#type' => 'checkbox',
188			'#title' => t('Convert full dn to value of first attribute before mapping. e.g. <code>cn=students,ou=groups,dc=hogwarts,dc=edu</code> would be converted to <code>students</code>', $consumer_tokens),
189			'#default_value' => $this->useFirstAttrAsGroupId,
190			);
191			$form['filter_and_mappings']['mappings'] = array(
192			'#type' => 'textarea',
193			'#title' => t('Mapping of LDAP to !consumer_name (one per line)', $consumer_tokens),
194			'#default_value' => $this->mappingsToPipeList($this->mappings),
195			'#cols' => 50,
196			'#rows' => 5,
197			);
198			$form['filter_and_mappings']['use_filter'] = array(
199			'#type' => 'checkbox',
200			'#title' => t('Only grant !consumer_namePlural that match a filter above.', $consumer_tokens),
201			'#default_value' => $this->useMappingsAsFilter,
202			'#description' => t('If enabled, only above mapped !consumer_namePlural will be assigned (e.g. students and administrator).
203			<strong>If not checked, !consumer_namePlural not mapped above also may be created and granted (e.g. gryffindor and probation students). In some LDAPs this can lead to hundreds of !consumer_namePlural being created if "Create !consumer_namePlural if they do not exist" is enabled below.
204	bc175c27	Assos Assos	</strong>', $consumer_tokens),
205	85ad3d82	Assos Assos	);
206
207			$form['more'] = array(
208			'#type' => 'fieldset',
209			'#title' => t('Part III. Even More Settings.'),
210			'#collapsible' => TRUE,
211			'#collapsed' => FALSE,
212			);
213
214			$synchronization_modes = array();
215	bc175c27	Assos Assos	if ($this->synchOnLogon) {
216	85ad3d82	Assos Assos	$synchronization_modes[] = 'user_logon';
217			}
218			$form['more']['synchronization_modes'] = array(
219			'#type' => 'checkboxes',
220			'#title' => t('When should !consumer_namePlural be granted/revoked from user?', $consumer_tokens),
221			'#options' => array(
222	bc175c27	Assos Assos	'user_logon' => t('When a user logs on.'),
223	85ad3d82	Assos Assos	),
224			'#default_value' => $synchronization_modes,
225			'#description' => '',
226			);
227
228			$synchronization_actions = array();
229	bc175c27	Assos Assos	if ($this->revokeLdapProvisioned) {
230	85ad3d82	Assos Assos	$synchronization_actions[] = 'revoke_ldap_provisioned';
231			}
232	bc175c27	Assos Assos	if ($this->createConsumers) {
233	85ad3d82	Assos Assos	$synchronization_actions[] = 'create_consumers';
234			}
235	bc175c27	Assos Assos	if ($this->regrantLdapProvisioned) {
236	85ad3d82	Assos Assos	$synchronization_actions[] = 'regrant_ldap_provisioned';
237			}
238
239	bc175c27	Assos Assos	$options = array(
240	85ad3d82	Assos Assos	'revoke_ldap_provisioned' => t('Revoke !consumer_namePlural previously granted by LDAP Authorization but no longer valid.', $consumer_tokens),
241			'regrant_ldap_provisioned' => t('Re grant !consumer_namePlural previously granted by LDAP Authorization but removed manually.', $consumer_tokens),
242			);
243			if ($this->consumer->allowConsumerObjectCreation) {
244			$options['create_consumers'] = t('Create !consumer_namePlural if they do not exist.', $consumer_tokens);
245			}
246
247			$form['more']['synchronization_actions'] = array(
248			'#type' => 'checkboxes',
249			'#title' => t('What actions would you like performed when !consumer_namePlural are granted/revoked from user?', $consumer_tokens),
250			'#options' => $options,
251			'#default_value' => $synchronization_actions,
252			);
253			/**
254			* @todo some general options for an individual mapping (perhaps in an advance tab).
255			*
256			* - on synchronization allow: revoking authorizations made by this module, authorizations made outside of this module
257			* - on synchronization create authorization contexts not in existance when needed (drupal roles etc)
258			* - synchronize actual authorizations (not cached) when granting authorizations
259			*/
260
261			switch ($op) {
262			case 'add':
263	bc175c27	Assos Assos	$action = 'Add';
264			break;
265	85ad3d82	Assos Assos
266			case 'edit':
267	bc175c27	Assos Assos	$action = 'Save';
268			break;
269	85ad3d82	Assos Assos
270			case 'delete':
271	bc175c27	Assos Assos	$action = 'Delete';
272			break;
273	85ad3d82	Assos Assos	}
274
275			$form['submit'] = array(
276			'#type' => 'submit',
277			'#value' => $action,
278			);
279
280	bc175c27	Assos Assos	return $form;
281	85ad3d82	Assos Assos	}
282
283	bc175c27	Assos Assos	/**
284			*
285			*/
286	85ad3d82	Assos Assos	protected function loadFromForm($values, $op) {
287
288			}
289
290	bc175c27	Assos Assos	/**
291			*
292			*/
293	85ad3d82	Assos Assos	public function getLdapAuthorizationConsumerActions() {
294			$actions = array();
295	bc175c27	Assos Assos	$actions[] = l(t('edit'), LDAP_SERVERS_MENU_BASE_PATH . '/authorization/edit/' . $this->consumerType);
296	85ad3d82	Assos Assos	if (property_exists($this, 'type')) {
297			if ($this->type == 'Overridden') {
298	bc175c27	Assos Assos	$actions[] = l(t('revert'), LDAP_SERVERS_MENU_BASE_PATH . '/authorization/delete/' . $this->consumerType);
299	85ad3d82	Assos Assos	}
300			if ($this->type == 'Normal') {
301	bc175c27	Assos Assos	$actions[] = l(t('delete'), LDAP_SERVERS_MENU_BASE_PATH . '/authorization/delete/' . $this->consumerType);
302	85ad3d82	Assos Assos	}
303			}
304			else {
305	bc175c27	Assos Assos	$actions[] = l(t('delete'), LDAP_SERVERS_MENU_BASE_PATH . '/authorization/delete/' . $this->consumerType);
306	85ad3d82	Assos Assos	}
307			$actions[] = l(t('test'), LDAP_SERVERS_MENU_BASE_PATH . '/authorization/test/' . $this->consumerType);
308			return $actions;
309			}
310
311	bc175c27	Assos Assos	/**
312			*
313			*/
314			public function drupalFormValidate($op, $values) {
315	85ad3d82	Assos Assos	$errors = array();
316
317			if ($op == 'delete') {
318			if (!$this->consumerType) {
319			$errors['consumer_type_missing'] = 'Consumer type is missing from delete form.';
320			}
321			}
322			else {
323
324			$this->populateFromDrupalForm($op, $values);
325			$errors = $this->validate($values);
326			if (count($this->mappings) == 0 && trim($values['mappings'])) {
327			$errors['mappings'] = t('Bad mapping syntax. Text entered but not able to convert to array.');
328			}
329
330			}
331			return $errors;
332			}
333
334	bc175c27	Assos Assos	/**
335			*
336			*/
337	85ad3d82	Assos Assos	public function validate($form_values = array()) {
338			$errors = array();
339
340			if (!$this->consumerType) {
341			$errors['consumer_type'] = t('Consumer type is missing.');
342			}
343
344			if ($this->inDatabase && (!$this->consumerType)) {
345			$errors['consumer_type'] = t('Edit or delete called without consumer type in form.');
346			}
347
348			if (count($this->mappings) > 0) {
349			foreach ($this->mappings as $mapping_item) {
350			list($type, $text) = $this->consumer->validateAuthorizationMappingTarget($mapping_item, $form_values);
351			if ($type == 'error') {
352			$errors['mappings'] = $text;
353			}
354			elseif ($type == 'warning' \|\| $type == 'status') {
355			drupal_set_message(check_plain($text), $type);
356			}
357			}
358			}
359			if ($this->useMappingsAsFilter && !count($this->mappings)) {
360			$errors['mappings'] = t('Mappings are missing. Mappings must be supplied if filtering is enabled.');
361			}
362			return $errors;
363			}
364
365	bc175c27	Assos Assos	/**
366			*
367			*/
368	85ad3d82	Assos Assos	protected function populateFromDrupalForm($op, $values) {
369
370			$this->inDatabase = (drupal_strtolower($op) == 'edit' \|\| drupal_strtolower($op) == 'save');
371			$this->consumerType = $values['consumer_type'];
372
373			$this->sid = $values['sid'];
374
375	bc175c27	Assos Assos	$this->status = (bool) $values['status'];
376			$this->onlyApplyToLdapAuthenticated = (bool) (@$values['only_ldap_authenticated']);
377			$this->useFirstAttrAsGroupId = (bool) ($values['use_first_attr_as_groupid']);
378	85ad3d82	Assos Assos
379			$this->mappings = $this->consumer->normalizeMappings($this->pipeListToArray($values['mappings'], FALSE));
380	bc175c27	Assos Assos	$this->useMappingsAsFilter = (bool) (@$values['use_filter']);
381	85ad3d82	Assos Assos
382	bc175c27	Assos Assos	$this->synchOnLogon = (bool) (@$values['synchronization_modes']['user_logon']);
383			$this->regrantLdapProvisioned = (bool) (@$values['synchronization_actions']['regrant_ldap_provisioned']);
384			$this->revokeLdapProvisioned = (bool) (@$values['synchronization_actions']['revoke_ldap_provisioned']);
385			$this->createConsumers = (bool) (@$values['synchronization_actions']['create_consumers']);
386	85ad3d82	Assos Assos
387			}
388
389	bc175c27	Assos Assos	/**
390			*
391			*/
392	85ad3d82	Assos Assos	public function drupalFormSubmit($op, $values) {
393
394			$this->populateFromDrupalForm($op, $values);
395			if ($op == 'delete') {
396			$this->delete();
397			}
398	bc175c27	Assos Assos	// Add or edit.
399			else {
400	85ad3d82	Assos Assos
401			try {
402			$save_result = $this->save();
403			}
404			catch (Exception $e) {
405			$this->errorName = 'Save Error';
406			$this->errorMsg = t('Failed to save object. Your form data was not saved.');
407			$this->hasError = TRUE;
408			}
409			}
410			}
411
412	bc175c27	Assos Assos	/**
413			*
414			*/
415	85ad3d82	Assos Assos	public static function fields() {
416
417	bc175c27	Assos Assos	/**
418	85ad3d82	Assos Assos	* consumer_type is tag (unique alphanumeric id) of consuming authorization such as
419			* drupal_roles, og_groups, civicrm_memberships
420			*/
421			$fields = array(
422			'numeric_consumer_conf_id' => array(
423	bc175c27	Assos Assos	'schema' => array(
424			'type' => 'serial',
425			'unsigned' => TRUE,
426			'not null' => TRUE,
427			'description' => 'Primary ID field for the table. Only used internally.',
428			'no export' => TRUE,
429	85ad3d82	Assos Assos	),
430	bc175c27	Assos Assos	),
431	85ad3d82	Assos Assos	'sid' => array(
432			'schema' => array(
433			'type' => 'varchar',
434			'length' => 20,
435			'not null' => TRUE,
436	bc175c27	Assos Assos	),
437	85ad3d82	Assos Assos	),
438			'consumer_type' => array(
439	bc175c27	Assos Assos	'schema' => array(
440			'type' => 'varchar',
441			'length' => 20,
442			'not null' => TRUE,
443			),
444	85ad3d82	Assos Assos	),
445	bc175c27	Assos Assos	'consumer_module' => array(
446			'schema' => array(
447			'type' => 'varchar',
448			'length' => 30,
449			'not null' => TRUE,
450			),
451	85ad3d82	Assos Assos	),
452
453			'status' => array(
454	bc175c27	Assos Assos	'schema' => array(
455			'type' => 'int',
456			'size' => 'tiny',
457			'not null' => TRUE,
458			'default' => 0,
459			),
460	85ad3d82	Assos Assos	),
461			'only_ldap_authenticated' => array(
462			'schema' => array(
463			'type' => 'int',
464			'size' => 'tiny',
465			'not null' => TRUE,
466			'default' => 1,
467	bc175c27	Assos Assos	),
468	85ad3d82	Assos Assos	),
469
470			'use_first_attr_as_groupid' => array(
471			'schema' => array(
472			'type' => 'int',
473			'size' => 'tiny',
474			'not null' => TRUE,
475			'default' => 0,
476	bc175c27	Assos Assos	),
477	85ad3d82	Assos Assos	),
478
479			'mappings' => array(
480			'form_default' => array(),
481			'schema' => array(
482			'type' => 'text',
483			'size' => 'medium',
484			'not null' => FALSE,
485			'default' => NULL,
486	bc175c27	Assos Assos	),
487	85ad3d82	Assos Assos	),
488
489			'use_filter' => array(
490			'schema' => array(
491			'type' => 'int',
492			'size' => 'tiny',
493			'not null' => TRUE,
494			'default' => 1,
495	bc175c27	Assos Assos	),
496	85ad3d82	Assos Assos	),
497
498			'synchronization_modes' => array(
499	bc175c27	Assos Assos	'form_default' => array('user_logon'),
500	85ad3d82	Assos Assos	),
501
502			'synchronization_actions' => array(
503	bc175c27	Assos Assos	'form_default' => array('revoke_ldap_provisioned', 'create_consumers'),
504	85ad3d82	Assos Assos	),
505
506			'synch_to_ldap' => array(
507			'schema' => array(
508			'type' => 'int',
509			'size' => 'tiny',
510			'not null' => TRUE,
511			'default' => 0,
512			),
513			),
514
515			'synch_on_logon' => array(
516			'schema' => array(
517			'type' => 'int',
518			'size' => 'tiny',
519			'not null' => TRUE,
520			'default' => 0,
521			),
522			),
523
524			'revoke_ldap_provisioned' => array(
525			'schema' => array(
526			'type' => 'int',
527			'size' => 'tiny',
528			'not null' => TRUE,
529			'default' => 0,
530			),
531			),
532
533	bc175c27	Assos Assos	'create_consumers' => array(
534	85ad3d82	Assos Assos	'schema' => array(
535			'type' => 'int',
536			'size' => 'tiny',
537			'not null' => TRUE,
538			'default' => 0,
539			),
540			),
541
542	bc175c27	Assos Assos	'regrant_ldap_provisioned' => array(
543	85ad3d82	Assos Assos	'schema' => array(
544			'type' => 'int',
545			'size' => 'tiny',
546			'not null' => TRUE,
547			'default' => 0,
548			),
549			),
550			);
551			return $fields;
552			}
553
554	bc175c27	Assos Assos	/**
555			*
556			*/
557	85ad3d82	Assos Assos	protected function mappingsToPipeList($mappings) {
558			$result_text = "";
559			foreach ($mappings as $map) {
560			$result_text .= $map['from'] . '\|' . $map['user_entered'] . "\n";
561			}
562			return $result_text;
563			}
564
565			}

Projet

Général

Profil

Club Drupal

root / drupal7 / sites / all / modules / ldap / ldap_authorization / LdapAuthorizationConsumerConfAdmin.class.php @ bc175c27