Révision bc175c27
Ajouté par Assos Assos il y a plus de 5 ans
drupal7/sites/all/modules/ldap/ldap_authorization/LdapAuthorizationConsumerAbstract.class.php | ||
---|---|---|
2 | 2 |
|
3 | 3 |
/** |
4 | 4 |
* @file |
5 |
* |
|
6 |
* abstract class to represent an ldap_authorization consumer behavior |
|
5 |
* Abstract class to represent an ldap_authorization consumer behavior |
|
7 | 6 |
* such as drupal_role, og_group, etc. each authorization comsumer |
8 | 7 |
* will extend this class with its own class named |
9 |
* LdapAuthorizationConsumer<consumer type> such as LdapAuthorizationConsumerDrupalRole |
|
10 |
* |
|
8 |
* LdapAuthorizationConsumer<consumer type> such as LdapAuthorizationConsumerDrupalRole. |
|
11 | 9 |
*/ |
12 | 10 |
|
11 |
/** |
|
12 |
* |
|
13 |
*/ |
|
13 | 14 |
class LdapAuthorizationConsumerAbstract { |
14 | 15 |
|
15 |
public $consumerType = NULL; // machine name of consumer. e.g. og_group, drupal_role, etc. |
|
16 |
/** |
|
17 |
* Machine name of consumer. e.g. og_group, drupal_role, etc. |
|
18 |
*/ |
|
19 |
public $consumerType = NULL; |
|
16 | 20 |
|
17 | 21 |
/** |
18 |
* the following properties are generally populated from a
|
|
22 |
* The following properties are generally populated from a
|
|
19 | 23 |
* call to hook_ldap_authorization_consumer() |
20 | 24 |
*/ |
21 |
public $name; // user interface name of consumer. e.g. drupal role, og group |
|
22 |
public $namePlural; // user interface name of consumer. e.g. drupal roles, og groups |
|
23 |
public $shortName; // user interface short name of consumer. e.g. role, group |
|
24 |
public $shortNamePlural; // user interface short name of consumer plural, e.g. roles, groups |
|
25 |
public $description;// e.g. roles, groups |
|
26 |
public $consumerModule; // module providing consumer functionality e.g. ldap_authorization_drupal_roles |
|
27 | 25 |
|
28 |
public $consumerConf; // LDAPConsumerConf object class encapuslating admin form |
|
29 |
public $testLink; // link to test this consumer |
|
30 |
public $editLink; // link to configure this consumer |
|
26 |
/** |
|
27 |
* User interface name of consumer. e.g. drupal role, og group. |
|
28 |
*/ |
|
29 |
public $name; |
|
30 |
|
|
31 |
/** |
|
32 |
* User interface name of consumer. e.g. drupal roles, og groups. |
|
33 |
*/ |
|
34 |
public $namePlural; |
|
35 |
/** |
|
36 |
* User interface short name of consumer. e.g. role, group. |
|
37 |
*/ |
|
38 |
public $shortName; |
|
39 |
|
|
40 |
/** |
|
41 |
* User interface short name of consumer plural, e.g. roles, groups. |
|
42 |
*/ |
|
43 |
public $shortNamePlural; |
|
44 |
|
|
45 |
/** |
|
46 |
* E.g. roles, groups. |
|
47 |
*/ |
|
48 |
public $description; |
|
49 |
/** |
|
50 |
* Module providing consumer functionality e.g. ldap_authorization_drupal_roles. |
|
51 |
*/ |
|
52 |
public $consumerModule; |
|
53 |
|
|
54 |
/** |
|
55 |
* LDAPConsumerConf object class encapuslating admin form. |
|
56 |
*/ |
|
57 |
public $consumerConf; |
|
58 |
|
|
59 |
/** |
|
60 |
* Link to test this consumer. |
|
61 |
*/ |
|
62 |
public $testLink; |
|
63 |
|
|
64 |
/** |
|
65 |
* Link to configure this consumer. |
|
66 |
*/ |
|
67 |
public $editLink; |
|
31 | 68 |
|
32 | 69 |
public $emptyConsumer = array( |
33 | 70 |
'exists' => TRUE, |
34 | 71 |
'value' => NULL, |
35 | 72 |
'name' => NULL, |
36 |
'map_to_string' => NULL |
|
37 |
);
|
|
73 |
'map_to_string' => NULL,
|
|
74 |
); |
|
38 | 75 |
|
39 |
/**
|
|
76 |
/** |
|
40 | 77 |
* @property boolean $allowConsumerObjectCreation |
41 | 78 |
* |
42 | 79 |
* Does this consumer module support creating consumer objects |
43 | 80 |
* (drupal roles, og groups, etc.) |
44 |
* |
|
45 | 81 |
*/ |
46 | 82 |
|
47 | 83 |
public $allowConsumerObjectCreation = FALSE; |
48 | 84 |
|
49 |
/**
|
|
85 |
/** |
|
50 | 86 |
* @property boolean $detailedWatchdogLog |
51 | 87 |
* |
52 | 88 |
* should watchdog log be used for debugging, useful for non programmers |
53 | 89 |
* who don't have php debugging enabled |
54 |
* |
|
55 | 90 |
*/ |
56 | 91 |
public $detailedWatchdogLog = FALSE; |
57 | 92 |
|
58 | 93 |
|
59 |
/**
|
|
94 |
/** |
|
60 | 95 |
* @property array $defaultConsumerConfProperties |
61 | 96 |
* default properties for consumer admin UI form |
62 | 97 |
*/ |
63 | 98 |
public $defaultConsumerConfProperties = array( |
64 |
'onlyApplyToLdapAuthenticated' => TRUE, |
|
65 |
'useMappingsAsFilter' => TRUE, |
|
66 |
'synchOnLogon' => TRUE, |
|
67 |
'revokeLdapProvisioned' => TRUE, |
|
68 |
'regrantLdapProvisioned' => TRUE, |
|
69 |
'createConsumers' => TRUE, |
|
70 |
); |
|
71 |
|
|
72 |
/** |
|
73 |
* Constructor Method |
|
74 |
* |
|
75 |
* @param string $consumer_type e.g. drupal_role, og_group |
|
76 |
* @param array $params as associative array of default properties |
|
99 |
'onlyApplyToLdapAuthenticated' => TRUE, |
|
100 |
'useMappingsAsFilter' => TRUE, |
|
101 |
'synchOnLogon' => TRUE, |
|
102 |
'revokeLdapProvisioned' => TRUE, |
|
103 |
'regrantLdapProvisioned' => TRUE, |
|
104 |
'createConsumers' => TRUE, |
|
105 |
); |
|
106 |
|
|
107 |
/** |
|
108 |
* Constructor Method. |
|
77 | 109 |
* |
110 |
* @param string $consumer_type |
|
111 |
* e.g. drupal_role, og_group. |
|
112 |
* @param array $params |
|
113 |
* as associative array of default properties. |
|
78 | 114 |
*/ |
79 |
function __construct($consumer_type, $params) { |
|
115 |
public function __construct($consumer_type, $params) {
|
|
80 | 116 |
$this->consumerType = $consumer_type; |
81 | 117 |
$this->name = $params['consumer_name']; |
82 |
$this->namePlural= $params['consumer_name_plural']; |
|
118 |
$this->namePlural = $params['consumer_name_plural'];
|
|
83 | 119 |
$this->shortName = $params['consumer_short_name']; |
84 |
$this->shortNamePlural= $params['consumer_short_name_plural']; |
|
120 |
$this->shortNamePlural = $params['consumer_short_name_plural'];
|
|
85 | 121 |
$this->consumerModule = $params['consumer_module']; |
86 | 122 |
$this->mappingDirections = $params['consumer_mapping_directions']; |
87 | 123 |
$this->testLink = l(t('test') . ' ' . $this->name, LDAP_SERVERS_MENU_BASE_PATH . '/authorization/test/' . $this->consumerType); |
... | ... | |
90 | 126 |
$this->consumerConf = new LdapAuthorizationConsumerConf($this); |
91 | 127 |
} |
92 | 128 |
|
93 |
|
|
94 | 129 |
/** |
95 |
* function to normalize mappings
|
|
130 |
* Function to normalize mappings
|
|
96 | 131 |
* should be overridden when mappings are not stored as map|authorization_id format |
97 | 132 |
* where authorization_id is the format returned by |
98 | 133 |
* LdapAuthorizationConsumerAbstract::usersAuthorizations() |
99 | 134 |
* |
100 |
* for example ldap_authorization_og may store mapping target as:
|
|
101 |
* Campus Accounts|group-name=knitters,role-name=administrator member |
|
135 |
* For example ldap_authorization_og may store mapping target as:
|
|
136 |
* Campus Accounts|group-name=knitters,role-name=administrator member.
|
|
102 | 137 |
* |
103 | 138 |
* normalized mappings are of form such as for organic groups: |
104 | 139 |
* |
... | ... | |
136 | 171 |
} |
137 | 172 |
|
138 | 173 |
/** |
139 |
* |
|
140 |
* create authorization consumers |
|
174 |
* Create authorization consumers. |
|
141 | 175 |
* |
142 | 176 |
* @param string (lowercase) $consumer_id |
143 |
* @param array $consumer as associative array with the following key/values |
|
177 |
* @param array $consumer |
|
178 |
* as associative array with the following key/values |
|
144 | 179 |
* 'value' => NULL | mixed consumer such as drupal role name, og group entity, etc. |
145 | 180 |
* 'name' => name of consumer for UI, logging etc. |
146 | 181 |
* 'map_to_string' => string mapped to in ldap authorization. mixed case string |
147 | 182 |
* 'exists' => TRUE indicates consumer is known to exist, |
148 | 183 |
* FALSE indicates consumer is known to not exist, |
149 |
* NULL indicate consumer's existance not checked yet |
|
150 |
* |
|
184 |
* NULL indicate consumer's existance not checked yet. |
|
151 | 185 |
*/ |
152 | 186 |
public function createConsumer($consumer_id, $consumer) { |
153 |
// method must be overridden
|
|
187 |
// Method must be overridden.
|
|
154 | 188 |
} |
155 | 189 |
|
156 | 190 |
/** |
157 |
* populate consumer side of $consumers array
|
|
191 |
* Populate consumer side of $consumers array.
|
|
158 | 192 |
* |
159 |
* @param array $consumers as associative array keyed on $consumer_id with values |
|
193 |
* @param array $consumers |
|
194 |
* as associative array keyed on $consumer_id with values |
|
160 | 195 |
* of $consumer. $consumer_id and $consumer have structure in LdapAuthorizationConsumerAbstractClass::createConsumer |
161 |
* when values are $consumer['exists'] != TRUE need to be populated by consumer object |
|
162 |
* @param boolean $create_missing_consumers indicates if consumers (drupal roles, og groups, etc) should be created |
|
163 |
* if values are NULL, object will be created if |
|
196 |
* when values are $consumer['exists'] != TRUE need to be populated by consumer object. |
|
197 |
* @param bool $create_missing_consumers |
|
198 |
* indicates if consumers (drupal roles, og groups, etc) should be created |
|
199 |
* if values are NULL, object will be created if. |
|
164 | 200 |
* |
165 | 201 |
* @return $consumers by reference |
166 | 202 |
*/ |
167 |
|
|
168 | 203 |
public function populateConsumersFromConsumerIds(&$consumers, $create_missing_consumers = FALSE) { |
169 |
// method must be overridden
|
|
204 |
// Method must be overridden.
|
|
170 | 205 |
} |
171 | 206 |
|
207 |
/** |
|
208 |
* |
|
209 |
*/ |
|
172 | 210 |
public function authorizationDiff($initial, $current) { |
173 | 211 |
return array_diff($initial, $current); |
174 | 212 |
} |
175 | 213 |
|
176 |
|
|
177 | 214 |
/** |
178 |
* grant authorizations to a user
|
|
215 |
* Grant authorizations to a user.
|
|
179 | 216 |
* |
180 |
* @param object $user drupal user object |
|
181 |
* @param array $consumers in form of LdapAuthorizationConsumerAbstractClass::populateConsumersFromConsumerIds |
|
182 |
* @param array $ldap_entry is ldap data from ldap entry which drupal user is mapped to |
|
183 |
* @param boolean $user_save. should user object be saved by authorizationGrant method |
|
217 |
* @param object $user |
|
218 |
* drupal user object. |
|
219 |
* @param array $consumers |
|
220 |
* in form of LdapAuthorizationConsumerAbstractClass::populateConsumersFromConsumerIds. |
|
221 |
* @param array $ldap_entry |
|
222 |
* is ldap data from ldap entry which drupal user is mapped to. |
|
223 |
* @param bool $user_save |
|
224 |
* should user object be saved by authorizationGrant method. |
|
184 | 225 |
* |
185 | 226 |
* @return array $results. Array of form |
186 | 227 |
* array( |
... | ... | |
190 | 231 |
* where 1s and 0s represent success and failure to grant |
191 | 232 |
* |
192 | 233 |
* |
193 |
* method may be desireable to override, if consumer benefits from adding grants as a group rather than one at a time |
|
234 |
* method may be desireable to override, if consumer benefits from adding grants as a group rather than one at a time
|
|
194 | 235 |
*/ |
195 |
|
|
196 | 236 |
public function authorizationGrant(&$user, &$user_auth_data, $consumers, $ldap_entry = NULL, $user_save = TRUE) { |
197 | 237 |
$this->filterOffPastAuthorizationRecords($user, $user_auth_data); |
198 | 238 |
$this->grantsAndRevokes('grant', $user, $user_auth_data, $consumers, $ldap_entry, $user_save); |
199 | 239 |
} |
200 | 240 |
|
201 | 241 |
/** |
202 |
* revoke authorizations to a user
|
|
242 |
* Revoke authorizations to a user.
|
|
203 | 243 |
* |
204 |
* @param object $user drupal user object |
|
205 |
* @param array $consumers in form of LdapAuthorizationConsumerAbstractClass::populateConsumersFromConsumerIds |
|
206 |
* @param array $ldap_entry is ldap data from ldap entry which drupal user is mapped to |
|
207 |
* @param boolean $user_save. should user object be saved by authorizationGrant method |
|
244 |
* @param object $user |
|
245 |
* drupal user object. |
|
246 |
* @param array $consumers |
|
247 |
* in form of LdapAuthorizationConsumerAbstractClass::populateConsumersFromConsumerIds. |
|
248 |
* @param array $ldap_entry |
|
249 |
* is ldap data from ldap entry which drupal user is mapped to. |
|
250 |
* @param bool $user_save |
|
251 |
* should user object be saved by authorizationGrant method. |
|
208 | 252 |
* |
209 | 253 |
* @return array $results. Array of form |
210 | 254 |
* array( |
... | ... | |
212 | 256 |
* <authz consumer id2> => 0, |
213 | 257 |
* ) |
214 | 258 |
* where 1s and 0s represent success and failure to revoke |
215 |
* $user_auth_data is returned by reference |
|
259 |
* $user_auth_data is returned by reference
|
|
216 | 260 |
* |
217 |
* method may be desireable to override, if consumer benefits from revoking grants as a group rather than one at a time |
|
261 |
* method may be desireable to override, if consumer benefits from revoking grants as a group rather than one at a time
|
|
218 | 262 |
*/ |
219 |
|
|
220 | 263 |
public function authorizationRevoke(&$user, &$user_auth_data, $consumers, $ldap_entry, $user_save = TRUE) { |
221 | 264 |
$this->filterOffPastAuthorizationRecords($user, $user_auth_data); |
222 | 265 |
$this->grantsAndRevokes('revoke', $user, $user_auth_data, $consumers, $ldap_entry, $user_save); |
223 | 266 |
} |
224 | 267 |
|
225 |
|
|
226 |
|
|
227 | 268 |
/** |
228 |
* this is a function to clear off
|
|
269 |
* This is a function to clear off.
|
|
229 | 270 |
*/ |
230 | 271 |
public function filterOffPastAuthorizationRecords(&$user, &$user_auth_data, $time = NULL) { |
231 | 272 |
if ($time != NULL || variable_get('ldap_help_user_data_clear', 0)) { |
... | ... | |
244 | 285 |
} |
245 | 286 |
|
246 | 287 |
/** |
247 |
* some authorization schemes such as organic groups, require a certain order. implement this method |
|
248 |
* to sort consumer ids/authorization ids |
|
249 |
* |
|
250 |
* @param string $op 'grant' or 'revoke' signifying what to do with the $consumer_ids |
|
251 |
* @param $consumers associative array in form of LdapAuthorizationConsumerAbstract::populateConsumersFromConsumerIds |
|
288 |
* Some authorization schemes such as organic groups, require a certain order. implement this method |
|
289 |
* to sort consumer ids/authorization ids. |
|
252 | 290 |
* |
253 |
* alters $consumers by reference |
|
291 |
* @param string $op |
|
292 |
* 'grant' or 'revoke' signifying what to do with the $consumer_ids. |
|
293 |
* @param $consumers |
|
294 |
* associative array in form of LdapAuthorizationConsumerAbstract::populateConsumersFromConsumerIds |
|
254 | 295 |
* |
296 |
* alters $consumers by reference |
|
255 | 297 |
*/ |
256 |
public function sortConsumerIds($op, &$consumers) { } |
|
257 |
|
|
298 |
public function sortConsumerIds($op, &$consumers) {} |
|
258 | 299 |
|
259 | 300 |
/** |
260 |
* attempt to flush related caches. This will be something like og_invalidate_cache($gids) |
|
261 |
* |
|
262 |
* @param $consumers associative array in form of LdapAuthorizationConsumerAbstract::populateConsumersFromConsumerIds |
|
263 |
* |
|
301 |
* Attempt to flush related caches. This will be something like og_invalidate_cache($gids) |
|
264 | 302 |
* |
303 |
* @param $consumers |
|
304 |
* associative array in form of LdapAuthorizationConsumerAbstract::populateConsumersFromConsumerIds |
|
265 | 305 |
*/ |
266 |
public function flushRelatedCaches($consumers = NULL) { }
|
|
306 |
public function flushRelatedCaches($consumers = NULL) {} |
|
267 | 307 |
|
268 | 308 |
/** |
269 |
* @param string $op 'grant' or 'revoke' signifying what to do with the $consumer_ids |
|
309 |
* @param string $op |
|
310 |
* 'grant' or 'revoke' signifying what to do with the $consumer_ids. |
|
270 | 311 |
* @param drupal user object $object |
271 |
* @param array $user_auth_data is array specific to this consumer_type. Stored at $user->data['ldap_authorizations'][<consumer_type>] |
|
272 |
* @param $consumers as associative array in form of LdapAuthorizationConsumerAbstract::populateConsumersFromConsumerIds |
|
273 |
* @param array $ldap_entry, when available user's ldap entry. |
|
274 |
* @param boolean $user_save indicates is user data array should be saved or not. this depends on the implementation calling this function |
|
312 |
* @param array $user_auth_data |
|
313 |
* is array specific to this consumer_type. Stored at $user->data['ldap_authorizations'][<consumer_type>]. |
|
314 |
* @param $consumers |
|
315 |
* as associative array in form of LdapAuthorizationConsumerAbstract::populateConsumersFromConsumerIds |
|
316 |
* @param array $ldap_entry, |
|
317 |
* when available user's ldap entry. |
|
318 |
* @param bool $user_save |
|
319 |
* indicates is user data array should be saved or not. this depends on the implementation calling this function. |
|
275 | 320 |
*/ |
276 |
|
|
277 | 321 |
protected function grantsAndRevokes($op, &$user, &$user_auth_data, $consumers, &$ldap_entry = NULL, $user_save = TRUE) { |
278 | 322 |
|
279 | 323 |
if (!is_array($user_auth_data)) { |
... | ... | |
305 | 349 |
/** grants **/ |
306 | 350 |
if ($op == 'grant') { |
307 | 351 |
if ($user_has_authorization && !$user_has_authorization_recorded) { |
308 |
// grant case 1: authorization id already exists for user, but is not ldap provisioned. mark as ldap provisioned, but don't regrant
|
|
352 |
// Grant case 1: authorization id already exists for user, but is not ldap provisioned. mark as ldap provisioned, but don't regrant.
|
|
309 | 353 |
$results[$consumer_id] = TRUE; |
310 | 354 |
$user_auth_data[$consumer_id] = array( |
311 | 355 |
'date_granted' => time(), |
... | ... | |
313 | 357 |
); |
314 | 358 |
} |
315 | 359 |
elseif (!$user_has_authorization && $consumer['exists']) { |
316 |
// grant case 2: consumer exists, but user is not member. grant authorization |
|
317 |
$results[$consumer_id] = $this->grantSingleAuthorization($user, $consumer_id, $consumer, $user_auth_data, $user_save); // allow consuming module to add additional data to $user_auth_data |
|
360 |
// Grant case 2: consumer exists, but user is not member. grant authorization |
|
361 |
// allow consuming module to add additional data to $user_auth_data. |
|
362 |
$results[$consumer_id] = $this->grantSingleAuthorization($user, $consumer_id, $consumer, $user_auth_data, $user_save); |
|
318 | 363 |
$existing = empty($user_auth_data[$consumer_id]) ? array() : $user_auth_data[$consumer_id]; |
319 | 364 |
$user_auth_data[$consumer_id] = $existing + array( |
320 | 365 |
'date_granted' => time(), |
... | ... | |
322 | 367 |
); |
323 | 368 |
} |
324 | 369 |
elseif ($consumer['exists'] !== TRUE) { |
325 |
// grant case 3: something is wrong. consumers should have been created before calling grantsAndRevokes
|
|
370 |
// Grant case 3: something is wrong. consumers should have been created before calling grantsAndRevokes.
|
|
326 | 371 |
$results[$consumer_id] = FALSE; |
327 | 372 |
} |
328 | 373 |
elseif ($consumer['exists'] === TRUE) { |
329 |
// grant case 4: consumer exists and user has authorization recorded. do nothing
|
|
374 |
// Grant case 4: consumer exists and user has authorization recorded. do nothing.
|
|
330 | 375 |
$results[$consumer_id] = TRUE; |
331 | 376 |
} |
332 | 377 |
else { |
333 |
// grant case 5: $consumer['exists'] has not been properly set before calling function
|
|
378 |
// Grant case 5: $consumer['exists'] has not been properly set before calling function.
|
|
334 | 379 |
$results[$consumer_id] = FALSE; |
335 | 380 |
watchdog('ldap_authorization', "grantsAndRevokes consumer[exists] not properly set. consumer_id=$consumer_id, op=$op, username=%username", $watchdog_tokens, WATCHDOG_ERROR); |
336 | 381 |
} |
... | ... | |
340 | 385 |
|
341 | 386 |
$log .= "revoking existing consumer object, "; |
342 | 387 |
if ($user_has_authorization) { |
343 |
// revoke case 1: user has authorization, revoke it. revokeSingleAuthorization will remove $user_auth_data[$consumer_id] |
|
344 |
$results[$consumer_id] = $this->revokeSingleAuthorization($user, $consumer_id, $consumer, $user_auth_data, $user_save); // defer to default for $user_save param |
|
345 |
$log .= t(',result=') . (boolean)($results[$consumer_id]); |
|
388 |
// Revoke case 1: user has authorization, revoke it. revokeSingleAuthorization will remove $user_auth_data[$consumer_id] |
|
389 |
// defer to default for $user_save param. |
|
390 |
$results[$consumer_id] = $this->revokeSingleAuthorization($user, $consumer_id, $consumer, $user_auth_data, $user_save); |
|
391 |
$log .= t(',result=') . (boolean) ($results[$consumer_id]); |
|
346 | 392 |
} |
347 |
elseif ($user_has_authorization_recorded) {
|
|
348 |
// revoke case 2: user does not have authorization, but has record of it. remove record of it.
|
|
393 |
elseif ($user_has_authorization_recorded) { |
|
394 |
// Revoke case 2: user does not have authorization, but has record of it. remove record of it.
|
|
349 | 395 |
unset($user_auth_data[$consumer_id]); |
350 | 396 |
$results[$consumer_id] = TRUE; |
351 | 397 |
} |
352 | 398 |
else { |
353 |
// revoke case 3: trying to revoke something that isn't there
|
|
399 |
// Revoke case 3: trying to revoke something that isn't there.
|
|
354 | 400 |
$results[$consumer_id] = TRUE; |
355 | 401 |
} |
356 | 402 |
|
... | ... | |
368 | 414 |
$user_edit = $user->data; |
369 | 415 |
$user_edit['data']['ldap_authorizations'][$this->consumerType] = $user_auth_data; |
370 | 416 |
$user = user_save($user, $user_edit); |
371 |
$user_auth_data = $user->data['ldap_authorizations'][$this->consumerType]; // reload this. |
|
417 |
// Reload this. |
|
418 |
$user_auth_data = $user->data['ldap_authorizations'][$this->consumerType]; |
|
372 | 419 |
} |
373 | 420 |
$this->flushRelatedCaches($consumers); |
374 | 421 |
|
... | ... | |
382 | 429 |
} |
383 | 430 |
|
384 | 431 |
/** |
385 |
* @param drupal user object $user to have $consumer_id revoked |
|
386 |
* @param string lower case $consumer_id $consumer_id such as drupal role name, og group name, etc. |
|
387 |
* @param mixed $consumer. depends on type of consumer. Drupal roles are strings, og groups are ?? |
|
388 |
* @param array $user_auth_data array of $user data specific to this consumer type. |
|
389 |
* stored in $user->data['ldap_authorizations'][<consumer_type>] array |
|
390 |
* @param boolean $reset signifying if caches associated with $consumer_id should be invalidated. |
|
432 |
* @param drupal user object $user |
|
433 |
* to have $consumer_id revoked. |
|
434 |
* @param string lower case $consumer_id |
|
435 |
* $consumer_id such as drupal role name, og group name, etc. |
|
436 |
* @param mixed $consumer |
|
437 |
* depends on type of consumer. Drupal roles are strings, og groups are ?? |
|
438 |
* @param array $user_auth_data |
|
439 |
* array of $user data specific to this consumer type. |
|
440 |
* stored in $user->data['ldap_authorizations'][<consumer_type>] array. |
|
441 |
* @param bool $reset |
|
442 |
* signifying if caches associated with $consumer_id should be invalidated. |
|
391 | 443 |
* |
392 |
* return boolen TRUE on success, FALSE on fail. If user save is FALSE, the user object will |
|
444 |
* return boolen TRUE on success, FALSE on fail. If user save is FALSE, the user object will
|
|
393 | 445 |
* not be saved and reloaded, so a returned TRUE may be misleading. |
394 |
* $user_auth_data should have successfully revoked consumer id removed |
|
446 |
* $user_auth_data should have successfully revoked consumer id removed.
|
|
395 | 447 |
*/ |
396 |
|
|
397 | 448 |
public function revokeSingleAuthorization(&$user, $consumer_id, $consumer, &$user_auth_data, $user_save = FALSE, $reset = FALSE) { |
398 |
// method must be overridden
|
|
449 |
// Method must be overridden.
|
|
399 | 450 |
} |
400 | 451 |
|
401 | 452 |
/** |
402 |
* @param stdClass $user as drupal user object to have $consumer_id granted |
|
403 |
* @param string lower case $consumer_id $consumer_id such as drupal role name, og group name, etc. |
|
404 |
* @param mixed $consumer. depends on type of consumer. Drupal roles are strings, og groups are ?? |
|
405 |
* @param array $user_auth_data in form |
|
453 |
* @param object $user |
|
454 |
* as drupal user object to have $consumer_id granted. |
|
455 |
* @param string lower case $consumer_id |
|
456 |
* $consumer_id such as drupal role name, og group name, etc. |
|
457 |
* @param mixed $consumer |
|
458 |
* depends on type of consumer. Drupal roles are strings, og groups are ?? |
|
459 |
* @param array $user_auth_data |
|
460 |
* in form |
|
406 | 461 |
* array('my drupal role' => |
407 | 462 |
* 'date_granted' => 1351814718, |
408 | 463 |
* 'consumer_id_mixed_case' => 'My Drupal Role', |
409 | 464 |
* ) |
410 |
* @param boolean $reset signifying if caches associated with $consumer_id should be invalidated. |
|
411 |
* @return boolean FALSE on failure or TRUE on success |
|
465 |
* @param bool $reset |
|
466 |
* signifying if caches associated with $consumer_id should be invalidated. |
|
467 |
* @return boolean FALSE on failure or TRUE on success |
|
412 | 468 |
*/ |
413 | 469 |
public function grantSingleAuthorization(&$user, $consumer_id, $consumer, &$user_auth_data, $user_save = FALSE, $reset = FALSE) { |
414 |
// method must be overridden
|
|
470 |
// Method must be overridden.
|
|
415 | 471 |
} |
416 | 472 |
|
417 | 473 |
/** |
418 |
* Return all user consumer ids
|
|
419 |
* regardless of it they were granted by this module
|
|
420 |
*
|
|
421 |
* @param user object $user
|
|
422 |
* @return array of consumer ids such as array('3-2','7-2'), array('admin','user_admin')
|
|
423 |
*/
|
|
424 |
|
|
474 |
* Return all user consumer ids
|
|
475 |
* regardless of it they were granted by this module.
|
|
476 |
*
|
|
477 |
* @param user object $user
|
|
478 |
*
|
|
479 |
* @return array of consumer ids such as array('3-2','7-2'), array('admin','user_admin')
|
|
480 |
*/ |
|
425 | 481 |
public function usersAuthorizations(&$user) { |
426 |
// method must be overridden
|
|
482 |
// Method must be overridden.
|
|
427 | 483 |
} |
428 | 484 |
|
429 | 485 |
/** |
430 |
* put authorization ids in displayable format
|
|
486 |
* Put authorization ids in displayable format.
|
|
431 | 487 |
*/ |
432 | 488 |
public function convertToFriendlyAuthorizationIds($authorizations) { |
433 | 489 |
return $authorizations; |
434 | 490 |
} |
435 | 491 |
|
436 | 492 |
/** |
437 |
* @param drupal user object $user to have $consumer_id granted |
|
438 |
* @param string lower case $consumer_id $consumer_id such as drupal role name, og group name, etc. |
|
439 |
* @param mixed $consumer. depends on type of consumer. Drupal roles are strings, og groups are ?? |
|
440 |
* |
|
441 |
* return boolen TRUE on success, FALSE on fail. If user save is FALSE, the user object will |
|
442 |
* not be saved and reloaded, so a returned TRUE may be misleading. |
|
443 |
*/ |
|
493 |
* @param drupal user object $user |
|
494 |
* to have $consumer_id granted. |
|
495 |
* @param string lower case $consumer_id |
|
496 |
* $consumer_id such as drupal role name, og group name, etc. |
|
497 |
* @param mixed $consumer |
|
498 |
* depends on type of consumer. Drupal roles are strings, og groups are ?? |
|
499 |
* |
|
500 |
* return boolen TRUE on success, FALSE on fail. If user save is FALSE, the user object will |
|
501 |
* not be saved and reloaded, so a returned TRUE may be misleading. |
|
502 |
*/ |
|
444 | 503 |
public function createSingleAuthorization(&$user, $consumer_id, $consumer, &$user_auth_data) { |
445 |
// method must be overridden
|
|
504 |
// Method must be overridden.
|
|
446 | 505 |
} |
447 | 506 |
|
448 | 507 |
/** |
449 |
* @param drupal user object $user |
|
450 |
* @param string lowercase $consumer_id such as drupal role name, og group name, etc. |
|
451 |
* |
|
452 |
* @return boolean if an ldap_authorization_* module granted the authorization id |
|
453 |
*/ |
|
508 |
* @param drupal user object $user |
|
509 |
* @param string lowercase $consumer_id |
|
510 |
* such as drupal role name, og group name, etc. |
|
511 |
* |
|
512 |
* @return boolean if an ldap_authorization_* module granted the authorization id |
|
513 |
*/ |
|
454 | 514 |
public function hasLdapGrantedAuthorization(&$user, $consumer_id) { |
455 | 515 |
return (!empty($user->data['ldap_authorizations'][$this->consumerType][$consumer_id])); |
456 | 516 |
} |
457 | 517 |
|
458 | 518 |
/** |
459 | 519 |
* NOTE this is in mixed case, since we must rely on whatever module is storing |
460 |
* the authorization id |
|
520 |
* the authorization id.
|
|
461 | 521 |
* |
462 | 522 |
* @param drupal user object $user |
463 |
* @param string lowercase case $consumer_id such as drupal role name, og group name, etc. |
|
523 |
* @param string lowercase case $consumer_id |
|
524 |
* such as drupal role name, og group name, etc. |
|
464 | 525 |
* |
465 | 526 |
* @return param boolean is user has authorization id, regardless of what module granted it. |
466 | 527 |
*/ |
... | ... | |
469 | 530 |
} |
470 | 531 |
|
471 | 532 |
/** |
472 |
* Validate authorization mappings on LDAP Authorization OG Admin form.
|
|
473 |
*
|
|
474 |
* @param array $mapping single mapping in format generated in normalizeMappings method
|
|
475 |
* @param array $form_values from authorization configuration form
|
|
476 |
* @param boolean $clear_cache
|
|
477 |
*
|
|
478 |
* @return array of form array($message_type, $message_text) where message type is status, warning, or error
|
|
479 |
* and $message_text is what the user should see.
|
|
480 |
*
|
|
481 |
*/
|
|
482 |
|
|
533 |
* Validate authorization mappings on LDAP Authorization OG Admin form.
|
|
534 |
*
|
|
535 |
* @param array $mapping
|
|
536 |
* single mapping in format generated in normalizeMappings method.
|
|
537 |
* @param array $form_values
|
|
538 |
* from authorization configuration form.
|
|
539 |
* @param bool $clear_cache
|
|
540 |
*
|
|
541 |
* @return array of form array($message_type, $message_text) where message type is status, warning, or error
|
|
542 |
* and $message_text is what the user should see.
|
|
543 |
*/ |
|
483 | 544 |
public function validateAuthorizationMappingTarget($mapping, $form_values = NULL, $clear_cache = FALSE) { |
484 | 545 |
$message_type = NULL; |
485 | 546 |
$message_text = NULL; |
486 | 547 |
return array($message_type, $message_text); |
487 | 548 |
} |
488 | 549 |
|
489 |
|
|
490 | 550 |
} |
Formats disponibles : Unified diff
Weekly update of contrib modules