Révision bc175c27
Ajouté par Assos Assos il y a plus de 5 ans
| drupal7/sites/all/modules/ldap/ldap_authorization/ldap_authorization.module | ||
|---|---|---|
| 2 | 2 |
|
| 3 | 3 |
/** |
| 4 | 4 |
* @file |
| 5 |
* ldap authorization module
|
|
| 5 |
* Ldap authorization module.
|
|
| 6 | 6 |
*/ |
| 7 | 7 |
|
| 8 | 8 |
define('LDAP_AUTHORIZATION_PROJECT_TAG', 'ldap_authorization');
|
| ... | ... | |
| 14 | 14 |
|
| 15 | 15 |
define('LDAP_AUTHORIZATION_NO_LDAP_SERVERS', 'ldap_authorization_no_ldap_servers');
|
| 16 | 16 |
|
| 17 |
|
|
| 18 | 17 |
/** |
| 19 |
* this is a workaround for og 7.x-2.x bug I believe
|
|
| 18 |
* This is a workaround for og 7.x-2.x bug I believe.
|
|
| 20 | 19 |
*/ |
| 21 |
|
|
| 22 | 20 |
function ldap_authorization_cleanse_empty_og_fields(&$user) {
|
| 23 | 21 |
if (property_exists($user, 'og_user_group_ref') && is_array($user->og_user_group_ref) && count($user->og_user_group_ref) == 0) {
|
| 24 | 22 |
unset($user->og_user_group_ref); |
| 25 | 23 |
} |
| 26 |
if (property_exists($user, 'og_other_user_group_ref') && is_array($user->og_other_user_group_ref) && count($user->og_other_user_group_ref) == 0 ) {
|
|
| 24 |
if (property_exists($user, 'og_other_user_group_ref') && is_array($user->og_other_user_group_ref) && count($user->og_other_user_group_ref) == 0) {
|
|
| 27 | 25 |
unset($user->og_other_user_group_ref); |
| 28 | 26 |
} |
| 29 | 27 |
} |
| ... | ... | |
| 49 | 47 |
); |
| 50 | 48 |
|
| 51 | 49 |
$items['admin/config/people/ldap/authorization/edit/%'] = array( |
| 52 |
'title' => 'Edit LDAP Authorization Configuration',
|
|
| 53 |
'page callback' => 'drupal_get_form',
|
|
| 54 |
'page arguments' => array('ldap_authorization_admin_form', 6, 'edit'),
|
|
| 55 |
'access arguments' => array('administer site configuration'),
|
|
| 56 |
'file' => 'ldap_authorization.admin.inc',
|
|
| 50 |
'title' => 'Edit LDAP Authorization Configuration', |
|
| 51 |
'page callback' => 'drupal_get_form', |
|
| 52 |
'page arguments' => array('ldap_authorization_admin_form', 6, 'edit'),
|
|
| 53 |
'access arguments' => array('administer site configuration'),
|
|
| 54 |
'file' => 'ldap_authorization.admin.inc', |
|
| 57 | 55 |
); |
| 58 | 56 |
|
| 59 | 57 |
$items['admin/config/people/ldap/authorization/delete/%'] = array( |
| 60 |
'title' => 'Delete LDAP Authorization Configuration',
|
|
| 61 |
'description' => 'Delete an ldap authorization configuration',
|
|
| 62 |
'page callback' => 'drupal_get_form',
|
|
| 63 |
'page arguments' => array('ldap_authorization_admin_form', 6, 'delete'),
|
|
| 64 |
'access arguments' => array('administer site configuration'),
|
|
| 65 |
'file' => 'ldap_authorization.admin.inc',
|
|
| 58 |
'title' => 'Delete LDAP Authorization Configuration', |
|
| 59 |
'description' => 'Delete an ldap authorization configuration', |
|
| 60 |
'page callback' => 'drupal_get_form', |
|
| 61 |
'page arguments' => array('ldap_authorization_admin_form', 6, 'delete'),
|
|
| 62 |
'access arguments' => array('administer site configuration'),
|
|
| 63 |
'file' => 'ldap_authorization.admin.inc', |
|
| 66 | 64 |
); |
| 67 | 65 |
|
| 68 | 66 |
$items['admin/config/people/ldap/authorization/test/%'] = array( |
| ... | ... | |
| 85 | 83 |
return $items; |
| 86 | 84 |
} |
| 87 | 85 |
|
| 88 |
|
|
| 89 | 86 |
/** |
| 90 | 87 |
* Implements hook_user_login() login operation. |
| 91 | 88 |
*/ |
| ... | ... | |
| 94 | 91 |
if (variable_get('ldap_help_watchdog_detail', FALSE)) {
|
| 95 | 92 |
foreach ($authorizations as $consumer_type => $authorization_ids) {
|
| 96 | 93 |
$ul = theme('item_list', array('title' => $consumer_type, 'items' => array_keys($authorization_ids), 'type' => 'ul'));
|
| 97 |
watchdog('ldap_authentication', 'ldap_authorization_user_login.authorizations' . $ul , array(), WATCHDOG_DEBUG);
|
|
| 94 |
watchdog('ldap_authentication', 'ldap_authorization_user_login.authorizations' . $ul, array(), WATCHDOG_DEBUG);
|
|
| 98 | 95 |
} |
| 99 | 96 |
} |
| 100 | 97 |
} |
| 101 | 98 |
|
| 102 | 99 |
/** |
| 103 |
* ldap_authorization_maps_alter_invoke invokes hook_ldap_authorization_maps_alter() in every module.
|
|
| 100 |
* Ldap_authorization_maps_alter_invoke invokes hook_ldap_authorization_maps_alter() in every module.
|
|
| 104 | 101 |
* |
| 105 | 102 |
* We cannot use module_invoke() for this, because the arguments need to |
| 106 | 103 |
* be passed by reference. |
| ... | ... | |
| 108 | 105 |
function ldap_authorization_maps_alter_invoke(&$user, &$user_ldap_entry, &$ldap_server, &$consumer_conf, &$proposed_ldap_authorizations, $op) {
|
| 109 | 106 |
foreach (module_implements('ldap_authorization_maps_alter') as $module) {
|
| 110 | 107 |
$function = $module . '_ldap_authorization_maps_alter'; |
| 111 |
$function($user, $user_ldap_entry, $ldap_server, $consumer_conf, $proposed_ldap_authorizations, $op);
|
|
| 108 |
$function($user, $user_ldap_entry, $ldap_server, $consumer_conf, $proposed_ldap_authorizations, $op); |
|
| 112 | 109 |
} |
| 113 | 110 |
} |
| 114 | 111 |
|
| ... | ... | |
| 144 | 141 |
if ($consumer_conf->server->groupUserMembershipsAttrExists) {
|
| 145 | 142 |
$attribute_name = $consumer_conf->server->groupUserMembershipsAttr; |
| 146 | 143 |
if ($attribute_name) {
|
| 147 |
$attribute_maps[$attribute_name] = ldap_servers_set_attribute_map($attribute_name); //array($attribute_name, 0, NULL); |
|
| 144 |
// array($attribute_name, 0, NULL);. |
|
| 145 |
$attribute_maps[$attribute_name] = ldap_servers_set_attribute_map($attribute_name); |
|
| 148 | 146 |
} |
| 149 | 147 |
} |
| 150 | 148 |
} |
| ... | ... | |
| 155 | 153 |
/** |
| 156 | 154 |
* Implements hook_ldap_authorization_maps_alter(). |
| 157 | 155 |
* |
| 158 |
* to suggest authorization ids to grant (drupal roles in this case)
|
|
| 156 |
* To suggest authorization ids to grant (drupal roles in this case)
|
|
| 159 | 157 |
* |
| 160 |
* @param object $user drupal user object |
|
| 158 |
* @param object $user |
|
| 159 |
* drupal user object. |
|
| 161 | 160 |
* |
| 162 |
* @param array $user_ldap_entry is ldap data from ldap entry which drupal user is mapped to |
|
| 161 |
* @param array $user_ldap_entry |
|
| 162 |
* is ldap data from ldap entry which drupal user is mapped to. |
|
| 163 | 163 |
* |
| 164 | 164 |
* @param object $ldap_server |
| 165 | 165 |
* |
| 166 |
* @param array $consumer_conf . |
|
| 167 |
* |
|
| 168 |
* @param array $authz_ids. any new authorization ids (drupal user role names in this case) in form array('rolename1', 'rolename2',....)
|
|
| 166 |
* @param array $consumer_conf |
|
| 167 |
* . |
|
| 169 | 168 |
* |
| 170 |
* @param string $op = 'set' or 'query' |
|
| 169 |
* @param array $authz_ids |
|
| 170 |
* any new authorization ids (drupal user role names in this case) in form array('rolename1', 'rolename2',....)
|
|
| 171 | 171 |
* |
| 172 |
* @param string $op |
|
| 173 |
* = 'set' or 'query'. |
|
| 172 | 174 |
*/ |
| 173 | 175 |
function ldap_authorization_ldap_authorization_maps_alter(&$user, &$user_ldap_entry, &$ldap_server, &$consumer_conf, &$authz_ids, $op) {
|
| 174 | 176 |
|
| 175 | 177 |
ldap_servers_module_load_include('inc', 'ldap_authorization', 'ldap_authorization');
|
| 176 |
_ldap_authorization_ldap_authorization_maps_alter($user, $user_ldap_entry, $ldap_server, $consumer_conf, $authz_ids, $op);
|
|
| 178 |
_ldap_authorization_ldap_authorization_maps_alter($user, $user_ldap_entry, $ldap_server, $consumer_conf, $authz_ids, $op); |
|
| 177 | 179 |
} |
| 178 | 180 |
|
| 179 |
|
|
| 181 |
/** |
|
| 182 |
* |
|
| 183 |
*/ |
|
| 180 | 184 |
function ldap_authorization_theme() {
|
| 181 | 185 |
return array( |
| 182 | 186 |
'ldap_authorization_test_results' => array( |
| 183 | 187 |
'variables' => array('data' => NULL),
|
| 184 | 188 |
'render element' => 'element', |
| 185 |
'file' => 'ldap_authorization.theme.inc' |
|
| 189 |
'file' => 'ldap_authorization.theme.inc',
|
|
| 186 | 190 |
), |
| 187 | 191 |
'ldap_authorization_admin_index' => array( |
| 188 | 192 |
'variables' => array('consumers' => NULL),
|
| 189 | 193 |
'render element' => 'element', |
| 190 |
'file' => 'ldap_authorization.theme.inc' |
|
| 194 |
'file' => 'ldap_authorization.theme.inc',
|
|
| 191 | 195 |
), |
| 192 | 196 |
); |
| 193 | 197 |
} |
| 194 | 198 |
|
| 195 | 199 |
/** |
| 196 |
* param string $consumer_type is machine name of consumer such as drupal_role
|
|
| 200 |
* Param string $consumer_type is machine name of consumer such as drupal_role.
|
|
| 197 | 201 |
* |
| 198 | 202 |
* @return consumer object |
| 199 | 203 |
*/ |
| ... | ... | |
| 202 | 206 |
$consumer = ldap_authorization_get_consumers($consumer_type, TRUE, TRUE); |
| 203 | 207 |
|
| 204 | 208 |
if ($consumer) {
|
| 205 |
require_once(drupal_get_path('module', $consumer['consumer_module']) . '/' . $consumer['consumer_class_file']);
|
|
| 209 |
require_once drupal_get_path('module', $consumer['consumer_module']) . '/' . $consumer['consumer_class_file'];
|
|
| 206 | 210 |
$class = $consumer['consumer_class_name']; |
| 207 | 211 |
$consumer_obj = new $class($consumer_type); |
| 208 | 212 |
$consumer_obj->detailedWatchdogLog = variable_get('ldap_help_watchdog_detail', 0);
|
| ... | ... | |
| 214 | 218 |
} |
| 215 | 219 |
|
| 216 | 220 |
/** |
| 217 |
* @param string $consumer_type is machine name of consumer type such as "drupal_role" |
|
| 218 |
* @param boolean $reset signifies clear static variable |
|
| 219 |
* @param boolean $flatten signies return individual consumer not keyed on consumer type |
|
| 221 |
* @param string $consumer_type |
|
| 222 |
* is machine name of consumer type such as "drupal_role". |
|
| 223 |
* @param bool $reset |
|
| 224 |
* signifies clear static variable. |
|
| 225 |
* @param bool $flatten |
|
| 226 |
* signies return individual consumer not keyed on consumer type. |
|
| 220 | 227 |
* |
| 221 | 228 |
* @return array (1) if $flatten is true, consumer configuration array |
| 222 | 229 |
* otherwise (2) associative array of consumer configurations keyed on consumer type such as "drupal_role" |
| ... | ... | |
| 243 | 250 |
* so it can be called from a batch synchronization process for example |
| 244 | 251 |
* |
| 245 | 252 |
* @param drupal user object $user |
| 246 |
* @param string $op indicating operation such as query, set, test_query, etc. |
|
| 247 |
* @param string $consumer_type e.g. drupal_role, or og_groups |
|
| 253 |
* @param string $op |
|
| 254 |
* indicating operation such as query, set, test_query, etc. |
|
| 255 |
* @param string $consumer_type |
|
| 256 |
* e.g. drupal_role, or og_groups. |
|
| 248 | 257 |
* @param string $context |
| 249 | 258 |
* |
| 250 | 259 |
* @return array of form: |
| 251 |
* $authorizations[<consumer_type>][<authorization_id>] |
|
| 252 |
* |
|
| 260 |
* $authorizations[<consumer_type>][<authorization_id>] |
|
| 253 | 261 |
*/ |
| 254 | 262 |
function ldap_authorizations_user_authorizations(&$user, $op = 'query', $consumer_type = NULL, $context = NULL) {
|
| 255 | 263 |
ldap_servers_module_load_include('inc', 'ldap_authorization', 'ldap_authorization');
|
| ... | ... | |
| 270 | 278 |
return array($new_authorizations, $notifications); |
| 271 | 279 |
} |
| 272 | 280 |
|
| 281 |
/** |
|
| 282 |
* |
|
| 283 |
*/ |
|
| 273 | 284 |
function ldap_authorization_help($path, $arg) {
|
| 274 | 285 |
|
| 275 | 286 |
$authorization_help = t('LDAP authorization allows LDAP data such as group memberships,
|
| ... | ... | |
| 291 | 302 |
} |
| 292 | 303 |
} |
| 293 | 304 |
|
| 294 |
/** just tokens for better watchdog and drupal_set_message arguments **/
|
|
| 295 |
|
|
| 305 |
/** |
|
| 306 |
* Just tokens for better watchdog and drupal_set_message arguments .**/ |
|
| 296 | 307 |
function ldap_authorization_tokens($consumer) {
|
| 297 | 308 |
$tokens = array(); |
| 298 | 309 |
|
| ... | ... | |
| 311 | 322 |
return $tokens; |
| 312 | 323 |
} |
| 313 | 324 |
|
| 314 |
|
|
| 325 |
/** |
|
| 326 |
* |
|
| 327 |
*/ |
|
| 315 | 328 |
function ldap_authorization_get_consumer_admin_object($consumer_type, $new = NULL) {
|
| 316 | 329 |
ldap_servers_module_load_include('php', 'ldap_authorization', 'LdapAuthorizationConsumerConfAdmin.class');
|
| 317 | 330 |
$consumer_object = ldap_authorization_get_consumer_object($consumer_type); |
| ... | ... | |
| 319 | 332 |
return $consumer_conf_admin; |
| 320 | 333 |
} |
| 321 | 334 |
|
| 335 |
/** |
|
| 336 |
* |
|
| 337 |
*/ |
|
| 322 | 338 |
function ldap_authorization_get_consumer_conf($consumer_type, $type = 'default', $new = NULL) {
|
| 323 | 339 |
$consumer_object = ldap_authorization_get_consumer_object($consumer_type); |
| 324 | 340 |
if ($type == 'admin') {
|
| ... | ... | |
| 332 | 348 |
return $consumer_conf; |
| 333 | 349 |
} |
| 334 | 350 |
|
| 335 |
|
|
| 336 | 351 |
/** |
| 337 | 352 |
* Implements hook_ldap_user_attrs_list_alter(). |
| 338 | 353 |
*/ |
| 339 |
|
|
| 340 | 354 |
function ldap_authorization_ldap_user_attrs_list_alter(&$available_user_attrs, &$params) {
|
| 341 | 355 |
|
| 342 |
// this is a case where a field is being denied synching configuration because its not meant to be used by other modules
|
|
| 356 |
// This is a case where a field is being denied synching configuration because its not meant to be used by other modules.
|
|
| 343 | 357 |
$available_user_attrs['[field.ldap_authorizations]'] = array( |
| 344 | 358 |
'name' => 'Field: LDAP Authorizations', |
| 345 | 359 |
'source' => 'LDAP Authorization modules', |
Formats disponibles : Unified diff
Weekly update of contrib modules