Révision bc175c27
Ajouté par Assos Assos il y a plus de 5 ans
drupal7/sites/all/modules/ldap/ldap_authorization/LdapAuthorizationConsumerConfAdmin.class.php | ||
---|---|---|
2 | 2 |
|
3 | 3 |
/** |
4 | 4 |
* @file |
5 |
* class to encapsulate an ldap authorization ldap entry to authorization ids mapping |
|
6 |
* |
|
5 |
* Class to encapsulate an ldap authorization ldap entry to authorization ids mapping. |
|
7 | 6 |
*/ |
8 | 7 |
|
9 | 8 |
module_load_include('php', 'ldap_authorization', 'LdapAuthorizationConsumerConf.class'); |
10 |
/**
|
|
11 |
* LDAP Authorization Consumer Configration Admin Class
|
|
12 |
*/
|
|
9 |
/** |
|
10 |
* LDAP Authorization Consumer Configration Admin Class.
|
|
11 |
*/ |
|
13 | 12 |
class LdapAuthorizationConsumerConfAdmin extends LdapAuthorizationConsumerConf { |
14 | 13 |
|
15 |
|
|
14 |
/** |
|
15 |
* |
|
16 |
*/ |
|
16 | 17 |
public function save() { |
17 | 18 |
|
18 | 19 |
$op = $this->inDatabase ? 'edit' : 'insert'; |
19 |
$values = new stdClass; // $this; |
|
20 |
// $this;. |
|
21 |
$values = new stdClass(); |
|
20 | 22 |
$values->sid = $this->sid; |
21 | 23 |
$values->numeric_consumer_conf_id = $this->numericConsumerConfId; |
22 | 24 |
$values->consumer_type = $this->consumerType; |
23 | 25 |
$values->consumer_module = $this->consumer->consumerModule; |
24 | 26 |
$values->status = ($this->status) ? 1 : 0; |
25 |
$values->only_ldap_authenticated = (int)$this->onlyApplyToLdapAuthenticated; |
|
26 |
$values->use_first_attr_as_groupid = (int)$this->useFirstAttrAsGroupId; |
|
27 |
$values->only_ldap_authenticated = (int) $this->onlyApplyToLdapAuthenticated;
|
|
28 |
$values->use_first_attr_as_groupid = (int) $this->useFirstAttrAsGroupId;
|
|
27 | 29 |
$values->mappings = serialize($this->mappings); |
28 |
$values->use_filter = (int)$this->useMappingsAsFilter; |
|
29 |
$values->synch_to_ldap = (int)$this->synchToLdap; |
|
30 |
$values->synch_on_logon = (int)$this->synchOnLogon; |
|
31 |
$values->revoke_ldap_provisioned = (int)$this->revokeLdapProvisioned; |
|
32 |
$values->create_consumers = (int)$this->createConsumers; |
|
33 |
$values->regrant_ldap_provisioned = (int)$this->regrantLdapProvisioned; |
|
30 |
$values->use_filter = (int) $this->useMappingsAsFilter;
|
|
31 |
$values->synch_to_ldap = (int) $this->synchToLdap;
|
|
32 |
$values->synch_on_logon = (int) $this->synchOnLogon;
|
|
33 |
$values->revoke_ldap_provisioned = (int) $this->revokeLdapProvisioned;
|
|
34 |
$values->create_consumers = (int) $this->createConsumers;
|
|
35 |
$values->regrant_ldap_provisioned = (int) $this->regrantLdapProvisioned;
|
|
34 | 36 |
|
35 | 37 |
if (module_exists('ctools')) { |
36 | 38 |
ctools_include('export'); |
37 |
// Populate our object with ctool's properties |
|
39 |
// Populate our object with ctool's properties.
|
|
38 | 40 |
$object = ctools_export_crud_new('ldap_authorization'); |
39 | 41 |
foreach ($object as $property => $value) { |
40 | 42 |
if (!isset($values->$property)) { |
... | ... | |
44 | 46 |
try { |
45 | 47 |
$values->export_type = NULL; |
46 | 48 |
$result = ctools_export_crud_save('ldap_authorization', $values); |
47 |
} catch (Exception $e) { |
|
49 |
} |
|
50 |
catch (Exception $e) { |
|
48 | 51 |
$values->export_type = EXPORT_IN_DATABASE; |
49 | 52 |
$result = ctools_export_crud_save('ldap_authorization', $values); |
50 | 53 |
} |
51 |
ctools_export_load_object_reset('ldap_authorization'); // ctools_export_crud_save doesn't invalidate cache |
|
54 |
// ctools_export_crud_save doesn't invalidate cache. |
|
55 |
ctools_export_load_object_reset('ldap_authorization'); |
|
52 | 56 |
} |
53 | 57 |
else { |
54 | 58 |
|
55 | 59 |
if ($op == 'edit') { |
56 | 60 |
$result = drupal_write_record('ldap_authorization', $values, 'consumer_type'); |
57 | 61 |
} |
58 |
else { // insert |
|
62 |
/** |
|
63 |
*Insert. |
|
64 |
*/ |
|
65 |
else { |
|
59 | 66 |
$result = drupal_write_record('ldap_authorization', $values); |
60 | 67 |
} |
61 | 68 |
|
... | ... | |
72 | 79 |
public $fields; |
73 | 80 |
public $consumers; |
74 | 81 |
|
82 |
/** |
|
83 |
* |
|
84 |
*/ |
|
75 | 85 |
public function delete() { |
76 | 86 |
if ($this->consumerType) { |
77 | 87 |
$this->inDatabase = FALSE; |
... | ... | |
82 | 92 |
} |
83 | 93 |
} |
84 | 94 |
|
95 |
/** |
|
96 |
* |
|
97 |
*/ |
|
85 | 98 |
public function __construct(&$consumer = NULL, $new = FALSE) { |
86 | 99 |
parent::__construct($consumer, $new); |
87 | 100 |
$this->fields = $this->fields(); |
... | ... | |
94 | 107 |
} |
95 | 108 |
} |
96 | 109 |
|
110 |
/** |
|
111 |
* |
|
112 |
*/ |
|
97 | 113 |
public function drupalForm($server_options, $op) { |
98 | 114 |
|
99 | 115 |
$consumer_tokens = ldap_authorization_tokens($this->consumer); |
100 | 116 |
$form['intro'] = array( |
101 |
'#type' => 'item',
|
|
102 |
'#markup' => t('<h1>LDAP to !consumer_name Configuration</h1>', $consumer_tokens),
|
|
117 |
'#type' => 'item', |
|
118 |
'#markup' => t('<h1>LDAP to !consumer_name Configuration</h1>', $consumer_tokens), |
|
103 | 119 |
); |
104 | 120 |
|
105 | 121 |
$form['status'] = array( |
... | ... | |
126 | 142 |
$form['status']['status'] = array( |
127 | 143 |
'#type' => 'checkbox', |
128 | 144 |
'#title' => t('Enable this configuration', $consumer_tokens), |
129 |
'#default_value' => $this->status,
|
|
145 |
'#default_value' => $this->status, |
|
130 | 146 |
); |
131 | 147 |
|
132 | 148 |
$form['status']['only_ldap_authenticated'] = array( |
133 | 149 |
'#type' => 'checkbox', |
134 | 150 |
'#title' => t('Only apply the following LDAP to !consumer_name configuration to users authenticated via LDAP. One uncommon reason for disabling this is when you are using Drupal authentication, but want to leverage LDAP for authorization; for this to work the Drupal username still has to map to an LDAP entry.', $consumer_tokens), |
135 |
'#default_value' => $this->onlyApplyToLdapAuthenticated,
|
|
151 |
'#default_value' => $this->onlyApplyToLdapAuthenticated, |
|
136 | 152 |
); |
137 | 153 |
|
138 |
|
|
139 | 154 |
if (method_exists($this->consumer, 'mappingExamples')) { |
140 | 155 |
$consumer_tokens['!examples'] = '<fieldset class="collapsible collapsed form-wrapper" id="authorization-mappings"> |
141 | 156 |
<legend><span class="fieldset-legend">' . t('Examples based on current !consumer_namePlural', $consumer_tokens) . '</span></legend> |
142 |
<div class="fieldset-wrapper">'. $this->consumer->mappingExamples($consumer_tokens) . '<div class="fieldset-wrapper"> |
|
157 |
<div class="fieldset-wrapper">' . $this->consumer->mappingExamples($consumer_tokens) . '<div class="fieldset-wrapper">
|
|
143 | 158 |
</fieldset>'; |
144 | 159 |
} |
145 | 160 |
else { |
... | ... | |
186 | 201 |
'#default_value' => $this->useMappingsAsFilter, |
187 | 202 |
'#description' => t('If enabled, only above mapped !consumer_namePlural will be assigned (e.g. students and administrator). |
188 | 203 |
<strong>If not checked, !consumer_namePlural not mapped above also may be created and granted (e.g. gryffindor and probation students). In some LDAPs this can lead to hundreds of !consumer_namePlural being created if "Create !consumer_namePlural if they do not exist" is enabled below. |
189 |
</strong>', $consumer_tokens) |
|
204 |
</strong>', $consumer_tokens),
|
|
190 | 205 |
); |
191 | 206 |
|
192 |
|
|
193 | 207 |
$form['more'] = array( |
194 | 208 |
'#type' => 'fieldset', |
195 | 209 |
'#title' => t('Part III. Even More Settings.'), |
... | ... | |
198 | 212 |
); |
199 | 213 |
|
200 | 214 |
$synchronization_modes = array(); |
201 |
if ($this->synchOnLogon) {
|
|
215 |
if ($this->synchOnLogon) { |
|
202 | 216 |
$synchronization_modes[] = 'user_logon'; |
203 | 217 |
} |
204 | 218 |
$form['more']['synchronization_modes'] = array( |
205 | 219 |
'#type' => 'checkboxes', |
206 | 220 |
'#title' => t('When should !consumer_namePlural be granted/revoked from user?', $consumer_tokens), |
207 | 221 |
'#options' => array( |
208 |
'user_logon' => t('When a user logs on.'),
|
|
222 |
'user_logon' => t('When a user logs on.'), |
|
209 | 223 |
), |
210 | 224 |
'#default_value' => $synchronization_modes, |
211 | 225 |
'#description' => '', |
212 | 226 |
); |
213 | 227 |
|
214 | 228 |
$synchronization_actions = array(); |
215 |
if ($this->revokeLdapProvisioned) {
|
|
229 |
if ($this->revokeLdapProvisioned) { |
|
216 | 230 |
$synchronization_actions[] = 'revoke_ldap_provisioned'; |
217 | 231 |
} |
218 |
if ($this->createConsumers) {
|
|
232 |
if ($this->createConsumers) { |
|
219 | 233 |
$synchronization_actions[] = 'create_consumers'; |
220 | 234 |
} |
221 |
if ($this->regrantLdapProvisioned) {
|
|
235 |
if ($this->regrantLdapProvisioned) { |
|
222 | 236 |
$synchronization_actions[] = 'regrant_ldap_provisioned'; |
223 | 237 |
} |
224 | 238 |
|
225 |
$options = array(
|
|
239 |
$options = array( |
|
226 | 240 |
'revoke_ldap_provisioned' => t('Revoke !consumer_namePlural previously granted by LDAP Authorization but no longer valid.', $consumer_tokens), |
227 | 241 |
'regrant_ldap_provisioned' => t('Re grant !consumer_namePlural previously granted by LDAP Authorization but removed manually.', $consumer_tokens), |
228 | 242 |
); |
... | ... | |
246 | 260 |
|
247 | 261 |
switch ($op) { |
248 | 262 |
case 'add': |
249 |
$action = 'Add'; |
|
250 |
break; |
|
263 |
$action = 'Add';
|
|
264 |
break;
|
|
251 | 265 |
|
252 | 266 |
case 'edit': |
253 |
$action = 'Save'; |
|
254 |
break; |
|
267 |
$action = 'Save';
|
|
268 |
break;
|
|
255 | 269 |
|
256 | 270 |
case 'delete': |
257 |
$action = 'Delete'; |
|
258 |
break; |
|
271 |
$action = 'Delete';
|
|
272 |
break;
|
|
259 | 273 |
} |
260 | 274 |
|
261 | 275 |
$form['submit'] = array( |
... | ... | |
263 | 277 |
'#value' => $action, |
264 | 278 |
); |
265 | 279 |
|
266 |
return $form; |
|
280 |
return $form;
|
|
267 | 281 |
} |
268 | 282 |
|
269 |
|
|
283 |
/** |
|
284 |
* |
|
285 |
*/ |
|
270 | 286 |
protected function loadFromForm($values, $op) { |
271 | 287 |
|
272 | 288 |
} |
273 | 289 |
|
290 |
/** |
|
291 |
* |
|
292 |
*/ |
|
274 | 293 |
public function getLdapAuthorizationConsumerActions() { |
275 | 294 |
$actions = array(); |
276 |
$actions[] = l(t('edit'), LDAP_SERVERS_MENU_BASE_PATH . '/authorization/edit/' . $this->consumerType);
|
|
295 |
$actions[] = l(t('edit'), LDAP_SERVERS_MENU_BASE_PATH . '/authorization/edit/' . $this->consumerType); |
|
277 | 296 |
if (property_exists($this, 'type')) { |
278 | 297 |
if ($this->type == 'Overridden') { |
279 |
$actions[] = l(t('revert'), LDAP_SERVERS_MENU_BASE_PATH . '/authorization/delete/' . $this->consumerType);
|
|
298 |
$actions[] = l(t('revert'), LDAP_SERVERS_MENU_BASE_PATH . '/authorization/delete/' . $this->consumerType); |
|
280 | 299 |
} |
281 | 300 |
if ($this->type == 'Normal') { |
282 |
$actions[] = l(t('delete'), LDAP_SERVERS_MENU_BASE_PATH . '/authorization/delete/' . $this->consumerType);
|
|
301 |
$actions[] = l(t('delete'), LDAP_SERVERS_MENU_BASE_PATH . '/authorization/delete/' . $this->consumerType); |
|
283 | 302 |
} |
284 | 303 |
} |
285 | 304 |
else { |
286 |
$actions[] = l(t('delete'), LDAP_SERVERS_MENU_BASE_PATH . '/authorization/delete/' . $this->consumerType);
|
|
305 |
$actions[] = l(t('delete'), LDAP_SERVERS_MENU_BASE_PATH . '/authorization/delete/' . $this->consumerType); |
|
287 | 306 |
} |
288 | 307 |
$actions[] = l(t('test'), LDAP_SERVERS_MENU_BASE_PATH . '/authorization/test/' . $this->consumerType); |
289 | 308 |
return $actions; |
290 | 309 |
} |
291 | 310 |
|
292 |
public function drupalFormValidate($op, $values) { |
|
311 |
/** |
|
312 |
* |
|
313 |
*/ |
|
314 |
public function drupalFormValidate($op, $values) { |
|
293 | 315 |
$errors = array(); |
294 | 316 |
|
295 | 317 |
if ($op == 'delete') { |
... | ... | |
309 | 331 |
return $errors; |
310 | 332 |
} |
311 | 333 |
|
334 |
/** |
|
335 |
* |
|
336 |
*/ |
|
312 | 337 |
public function validate($form_values = array()) { |
313 | 338 |
$errors = array(); |
314 | 339 |
|
... | ... | |
337 | 362 |
return $errors; |
338 | 363 |
} |
339 | 364 |
|
365 |
/** |
|
366 |
* |
|
367 |
*/ |
|
340 | 368 |
protected function populateFromDrupalForm($op, $values) { |
341 | 369 |
|
342 | 370 |
$this->inDatabase = (drupal_strtolower($op) == 'edit' || drupal_strtolower($op) == 'save'); |
... | ... | |
344 | 372 |
|
345 | 373 |
$this->sid = $values['sid']; |
346 | 374 |
|
347 |
$this->status = (bool)$values['status']; |
|
348 |
$this->onlyApplyToLdapAuthenticated = (bool)(@$values['only_ldap_authenticated']);
|
|
349 |
$this->useFirstAttrAsGroupId = (bool)($values['use_first_attr_as_groupid']);
|
|
375 |
$this->status = (bool) $values['status'];
|
|
376 |
$this->onlyApplyToLdapAuthenticated = (bool) (@$values['only_ldap_authenticated']);
|
|
377 |
$this->useFirstAttrAsGroupId = (bool) ($values['use_first_attr_as_groupid']);
|
|
350 | 378 |
|
351 | 379 |
$this->mappings = $this->consumer->normalizeMappings($this->pipeListToArray($values['mappings'], FALSE)); |
352 |
$this->useMappingsAsFilter = (bool)(@$values['use_filter']);
|
|
380 |
$this->useMappingsAsFilter = (bool) (@$values['use_filter']);
|
|
353 | 381 |
|
354 |
$this->synchOnLogon = (bool)(@$values['synchronization_modes']['user_logon']); |
|
355 |
$this->regrantLdapProvisioned = (bool)(@$values['synchronization_actions']['regrant_ldap_provisioned']); |
|
356 |
$this->revokeLdapProvisioned = (bool)(@$values['synchronization_actions']['revoke_ldap_provisioned']); |
|
357 |
$this->createConsumers = (bool)(@$values['synchronization_actions']['create_consumers']); |
|
382 |
$this->synchOnLogon = (bool) (@$values['synchronization_modes']['user_logon']);
|
|
383 |
$this->regrantLdapProvisioned = (bool) (@$values['synchronization_actions']['regrant_ldap_provisioned']);
|
|
384 |
$this->revokeLdapProvisioned = (bool) (@$values['synchronization_actions']['revoke_ldap_provisioned']);
|
|
385 |
$this->createConsumers = (bool) (@$values['synchronization_actions']['create_consumers']);
|
|
358 | 386 |
|
359 | 387 |
} |
360 | 388 |
|
389 |
/** |
|
390 |
* |
|
391 |
*/ |
|
361 | 392 |
public function drupalFormSubmit($op, $values) { |
362 | 393 |
|
363 | 394 |
$this->populateFromDrupalForm($op, $values); |
364 | 395 |
if ($op == 'delete') { |
365 | 396 |
$this->delete(); |
366 | 397 |
} |
367 |
else { // add or edit |
|
398 |
// Add or edit. |
|
399 |
else { |
|
368 | 400 |
|
369 | 401 |
try { |
370 | 402 |
$save_result = $this->save(); |
... | ... | |
377 | 409 |
} |
378 | 410 |
} |
379 | 411 |
|
380 |
|
|
412 |
/** |
|
413 |
* |
|
414 |
*/ |
|
381 | 415 |
public static function fields() { |
382 | 416 |
|
383 |
/**
|
|
417 |
/** |
|
384 | 418 |
* consumer_type is tag (unique alphanumeric id) of consuming authorization such as |
385 | 419 |
* drupal_roles, og_groups, civicrm_memberships |
386 | 420 |
*/ |
387 | 421 |
$fields = array( |
388 | 422 |
'numeric_consumer_conf_id' => array( |
389 |
'schema' => array( |
|
390 |
'type' => 'serial', |
|
391 |
'unsigned' => TRUE, |
|
392 |
'not null' => TRUE, |
|
393 |
'description' => 'Primary ID field for the table. Only used internally.', |
|
394 |
'no export' => TRUE, |
|
395 |
), |
|
423 |
'schema' => array( |
|
424 |
'type' => 'serial', |
|
425 |
'unsigned' => TRUE, |
|
426 |
'not null' => TRUE, |
|
427 |
'description' => 'Primary ID field for the table. Only used internally.', |
|
428 |
'no export' => TRUE, |
|
396 | 429 |
), |
430 |
), |
|
397 | 431 |
'sid' => array( |
398 | 432 |
'schema' => array( |
399 | 433 |
'type' => 'varchar', |
400 | 434 |
'length' => 20, |
401 | 435 |
'not null' => TRUE, |
402 |
) |
|
436 |
),
|
|
403 | 437 |
), |
404 | 438 |
'consumer_type' => array( |
405 |
'schema' => array(
|
|
406 |
'type' => 'varchar',
|
|
407 |
'length' => 20,
|
|
408 |
'not null' => TRUE,
|
|
409 |
) |
|
439 |
'schema' => array( |
|
440 |
'type' => 'varchar', |
|
441 |
'length' => 20, |
|
442 |
'not null' => TRUE, |
|
443 |
),
|
|
410 | 444 |
), |
411 |
'consumer_module' => array( |
|
412 |
'schema' => array(
|
|
413 |
'type' => 'varchar',
|
|
414 |
'length' => 30,
|
|
415 |
'not null' => TRUE,
|
|
416 |
) |
|
445 |
'consumer_module' => array(
|
|
446 |
'schema' => array( |
|
447 |
'type' => 'varchar', |
|
448 |
'length' => 30, |
|
449 |
'not null' => TRUE, |
|
450 |
),
|
|
417 | 451 |
), |
418 | 452 |
|
419 | 453 |
'status' => array( |
420 |
'schema' => array(
|
|
421 |
'type' => 'int',
|
|
422 |
'size' => 'tiny',
|
|
423 |
'not null' => TRUE,
|
|
424 |
'default' => 0,
|
|
425 |
)
|
|
454 |
'schema' => array( |
|
455 |
'type' => 'int', |
|
456 |
'size' => 'tiny', |
|
457 |
'not null' => TRUE, |
|
458 |
'default' => 0, |
|
459 |
),
|
|
426 | 460 |
), |
427 | 461 |
'only_ldap_authenticated' => array( |
428 | 462 |
'schema' => array( |
... | ... | |
430 | 464 |
'size' => 'tiny', |
431 | 465 |
'not null' => TRUE, |
432 | 466 |
'default' => 1, |
433 |
) |
|
467 |
),
|
|
434 | 468 |
), |
435 | 469 |
|
436 | 470 |
'use_first_attr_as_groupid' => array( |
... | ... | |
439 | 473 |
'size' => 'tiny', |
440 | 474 |
'not null' => TRUE, |
441 | 475 |
'default' => 0, |
442 |
) |
|
476 |
),
|
|
443 | 477 |
), |
444 | 478 |
|
445 | 479 |
'mappings' => array( |
... | ... | |
449 | 483 |
'size' => 'medium', |
450 | 484 |
'not null' => FALSE, |
451 | 485 |
'default' => NULL, |
452 |
) |
|
486 |
),
|
|
453 | 487 |
), |
454 | 488 |
|
455 | 489 |
'use_filter' => array( |
... | ... | |
458 | 492 |
'size' => 'tiny', |
459 | 493 |
'not null' => TRUE, |
460 | 494 |
'default' => 1, |
461 |
) |
|
495 |
),
|
|
462 | 496 |
), |
463 | 497 |
|
464 | 498 |
'synchronization_modes' => array( |
465 |
'form_default' => array('user_logon'),
|
|
499 |
'form_default' => array('user_logon'), |
|
466 | 500 |
), |
467 | 501 |
|
468 | 502 |
'synchronization_actions' => array( |
469 |
'form_default' => array('revoke_ldap_provisioned', 'create_consumers'),
|
|
503 |
'form_default' => array('revoke_ldap_provisioned', 'create_consumers'), |
|
470 | 504 |
), |
471 | 505 |
|
472 | 506 |
'synch_to_ldap' => array( |
... | ... | |
496 | 530 |
), |
497 | 531 |
), |
498 | 532 |
|
499 |
'create_consumers' => array( |
|
533 |
'create_consumers' => array(
|
|
500 | 534 |
'schema' => array( |
501 | 535 |
'type' => 'int', |
502 | 536 |
'size' => 'tiny', |
... | ... | |
505 | 539 |
), |
506 | 540 |
), |
507 | 541 |
|
508 |
'regrant_ldap_provisioned' => array( |
|
542 |
'regrant_ldap_provisioned' => array(
|
|
509 | 543 |
'schema' => array( |
510 | 544 |
'type' => 'int', |
511 | 545 |
'size' => 'tiny', |
... | ... | |
517 | 551 |
return $fields; |
518 | 552 |
} |
519 | 553 |
|
520 |
|
|
554 |
/** |
|
555 |
* |
|
556 |
*/ |
|
521 | 557 |
protected function mappingsToPipeList($mappings) { |
522 | 558 |
$result_text = ""; |
523 | 559 |
foreach ($mappings as $map) { |
... | ... | |
526 | 562 |
return $result_text; |
527 | 563 |
} |
528 | 564 |
|
529 |
|
|
530 | 565 |
} |
Formats disponibles : Unified diff
Weekly update of contrib modules