Révision bc175c27
Ajouté par Assos Assos il y a plus de 5 ans
drupal7/sites/all/modules/ldap/ldap_authorization/ldap_authorization.module | ||
---|---|---|
2 | 2 |
|
3 | 3 |
/** |
4 | 4 |
* @file |
5 |
* ldap authorization module
|
|
5 |
* Ldap authorization module.
|
|
6 | 6 |
*/ |
7 | 7 |
|
8 | 8 |
define('LDAP_AUTHORIZATION_PROJECT_TAG', 'ldap_authorization'); |
... | ... | |
14 | 14 |
|
15 | 15 |
define('LDAP_AUTHORIZATION_NO_LDAP_SERVERS', 'ldap_authorization_no_ldap_servers'); |
16 | 16 |
|
17 |
|
|
18 | 17 |
/** |
19 |
* this is a workaround for og 7.x-2.x bug I believe
|
|
18 |
* This is a workaround for og 7.x-2.x bug I believe.
|
|
20 | 19 |
*/ |
21 |
|
|
22 | 20 |
function ldap_authorization_cleanse_empty_og_fields(&$user) { |
23 | 21 |
if (property_exists($user, 'og_user_group_ref') && is_array($user->og_user_group_ref) && count($user->og_user_group_ref) == 0) { |
24 | 22 |
unset($user->og_user_group_ref); |
25 | 23 |
} |
26 |
if (property_exists($user, 'og_other_user_group_ref') && is_array($user->og_other_user_group_ref) && count($user->og_other_user_group_ref) == 0 ) {
|
|
24 |
if (property_exists($user, 'og_other_user_group_ref') && is_array($user->og_other_user_group_ref) && count($user->og_other_user_group_ref) == 0) { |
|
27 | 25 |
unset($user->og_other_user_group_ref); |
28 | 26 |
} |
29 | 27 |
} |
... | ... | |
49 | 47 |
); |
50 | 48 |
|
51 | 49 |
$items['admin/config/people/ldap/authorization/edit/%'] = array( |
52 |
'title' => 'Edit LDAP Authorization Configuration',
|
|
53 |
'page callback' => 'drupal_get_form',
|
|
54 |
'page arguments' => array('ldap_authorization_admin_form', 6, 'edit'),
|
|
55 |
'access arguments' => array('administer site configuration'),
|
|
56 |
'file' => 'ldap_authorization.admin.inc',
|
|
50 |
'title' => 'Edit LDAP Authorization Configuration', |
|
51 |
'page callback' => 'drupal_get_form', |
|
52 |
'page arguments' => array('ldap_authorization_admin_form', 6, 'edit'), |
|
53 |
'access arguments' => array('administer site configuration'), |
|
54 |
'file' => 'ldap_authorization.admin.inc', |
|
57 | 55 |
); |
58 | 56 |
|
59 | 57 |
$items['admin/config/people/ldap/authorization/delete/%'] = array( |
60 |
'title' => 'Delete LDAP Authorization Configuration',
|
|
61 |
'description' => 'Delete an ldap authorization configuration',
|
|
62 |
'page callback' => 'drupal_get_form',
|
|
63 |
'page arguments' => array('ldap_authorization_admin_form', 6, 'delete'),
|
|
64 |
'access arguments' => array('administer site configuration'),
|
|
65 |
'file' => 'ldap_authorization.admin.inc',
|
|
58 |
'title' => 'Delete LDAP Authorization Configuration', |
|
59 |
'description' => 'Delete an ldap authorization configuration', |
|
60 |
'page callback' => 'drupal_get_form', |
|
61 |
'page arguments' => array('ldap_authorization_admin_form', 6, 'delete'), |
|
62 |
'access arguments' => array('administer site configuration'), |
|
63 |
'file' => 'ldap_authorization.admin.inc', |
|
66 | 64 |
); |
67 | 65 |
|
68 | 66 |
$items['admin/config/people/ldap/authorization/test/%'] = array( |
... | ... | |
85 | 83 |
return $items; |
86 | 84 |
} |
87 | 85 |
|
88 |
|
|
89 | 86 |
/** |
90 | 87 |
* Implements hook_user_login() login operation. |
91 | 88 |
*/ |
... | ... | |
94 | 91 |
if (variable_get('ldap_help_watchdog_detail', FALSE)) { |
95 | 92 |
foreach ($authorizations as $consumer_type => $authorization_ids) { |
96 | 93 |
$ul = theme('item_list', array('title' => $consumer_type, 'items' => array_keys($authorization_ids), 'type' => 'ul')); |
97 |
watchdog('ldap_authentication', 'ldap_authorization_user_login.authorizations' . $ul , array(), WATCHDOG_DEBUG);
|
|
94 |
watchdog('ldap_authentication', 'ldap_authorization_user_login.authorizations' . $ul, array(), WATCHDOG_DEBUG); |
|
98 | 95 |
} |
99 | 96 |
} |
100 | 97 |
} |
101 | 98 |
|
102 | 99 |
/** |
103 |
* ldap_authorization_maps_alter_invoke invokes hook_ldap_authorization_maps_alter() in every module.
|
|
100 |
* Ldap_authorization_maps_alter_invoke invokes hook_ldap_authorization_maps_alter() in every module.
|
|
104 | 101 |
* |
105 | 102 |
* We cannot use module_invoke() for this, because the arguments need to |
106 | 103 |
* be passed by reference. |
... | ... | |
108 | 105 |
function ldap_authorization_maps_alter_invoke(&$user, &$user_ldap_entry, &$ldap_server, &$consumer_conf, &$proposed_ldap_authorizations, $op) { |
109 | 106 |
foreach (module_implements('ldap_authorization_maps_alter') as $module) { |
110 | 107 |
$function = $module . '_ldap_authorization_maps_alter'; |
111 |
$function($user, $user_ldap_entry, $ldap_server, $consumer_conf, $proposed_ldap_authorizations, $op);
|
|
108 |
$function($user, $user_ldap_entry, $ldap_server, $consumer_conf, $proposed_ldap_authorizations, $op); |
|
112 | 109 |
} |
113 | 110 |
} |
114 | 111 |
|
... | ... | |
144 | 141 |
if ($consumer_conf->server->groupUserMembershipsAttrExists) { |
145 | 142 |
$attribute_name = $consumer_conf->server->groupUserMembershipsAttr; |
146 | 143 |
if ($attribute_name) { |
147 |
$attribute_maps[$attribute_name] = ldap_servers_set_attribute_map($attribute_name); //array($attribute_name, 0, NULL); |
|
144 |
// array($attribute_name, 0, NULL);. |
|
145 |
$attribute_maps[$attribute_name] = ldap_servers_set_attribute_map($attribute_name); |
|
148 | 146 |
} |
149 | 147 |
} |
150 | 148 |
} |
... | ... | |
155 | 153 |
/** |
156 | 154 |
* Implements hook_ldap_authorization_maps_alter(). |
157 | 155 |
* |
158 |
* to suggest authorization ids to grant (drupal roles in this case)
|
|
156 |
* To suggest authorization ids to grant (drupal roles in this case)
|
|
159 | 157 |
* |
160 |
* @param object $user drupal user object |
|
158 |
* @param object $user |
|
159 |
* drupal user object. |
|
161 | 160 |
* |
162 |
* @param array $user_ldap_entry is ldap data from ldap entry which drupal user is mapped to |
|
161 |
* @param array $user_ldap_entry |
|
162 |
* is ldap data from ldap entry which drupal user is mapped to. |
|
163 | 163 |
* |
164 | 164 |
* @param object $ldap_server |
165 | 165 |
* |
166 |
* @param array $consumer_conf . |
|
167 |
* |
|
168 |
* @param array $authz_ids. any new authorization ids (drupal user role names in this case) in form array('rolename1', 'rolename2',....) |
|
166 |
* @param array $consumer_conf |
|
167 |
* . |
|
169 | 168 |
* |
170 |
* @param string $op = 'set' or 'query' |
|
169 |
* @param array $authz_ids |
|
170 |
* any new authorization ids (drupal user role names in this case) in form array('rolename1', 'rolename2',....) |
|
171 | 171 |
* |
172 |
* @param string $op |
|
173 |
* = 'set' or 'query'. |
|
172 | 174 |
*/ |
173 | 175 |
function ldap_authorization_ldap_authorization_maps_alter(&$user, &$user_ldap_entry, &$ldap_server, &$consumer_conf, &$authz_ids, $op) { |
174 | 176 |
|
175 | 177 |
ldap_servers_module_load_include('inc', 'ldap_authorization', 'ldap_authorization'); |
176 |
_ldap_authorization_ldap_authorization_maps_alter($user, $user_ldap_entry, $ldap_server, $consumer_conf, $authz_ids, $op);
|
|
178 |
_ldap_authorization_ldap_authorization_maps_alter($user, $user_ldap_entry, $ldap_server, $consumer_conf, $authz_ids, $op); |
|
177 | 179 |
} |
178 | 180 |
|
179 |
|
|
181 |
/** |
|
182 |
* |
|
183 |
*/ |
|
180 | 184 |
function ldap_authorization_theme() { |
181 | 185 |
return array( |
182 | 186 |
'ldap_authorization_test_results' => array( |
183 | 187 |
'variables' => array('data' => NULL), |
184 | 188 |
'render element' => 'element', |
185 |
'file' => 'ldap_authorization.theme.inc' |
|
189 |
'file' => 'ldap_authorization.theme.inc',
|
|
186 | 190 |
), |
187 | 191 |
'ldap_authorization_admin_index' => array( |
188 | 192 |
'variables' => array('consumers' => NULL), |
189 | 193 |
'render element' => 'element', |
190 |
'file' => 'ldap_authorization.theme.inc' |
|
194 |
'file' => 'ldap_authorization.theme.inc',
|
|
191 | 195 |
), |
192 | 196 |
); |
193 | 197 |
} |
194 | 198 |
|
195 | 199 |
/** |
196 |
* param string $consumer_type is machine name of consumer such as drupal_role
|
|
200 |
* Param string $consumer_type is machine name of consumer such as drupal_role.
|
|
197 | 201 |
* |
198 | 202 |
* @return consumer object |
199 | 203 |
*/ |
... | ... | |
202 | 206 |
$consumer = ldap_authorization_get_consumers($consumer_type, TRUE, TRUE); |
203 | 207 |
|
204 | 208 |
if ($consumer) { |
205 |
require_once(drupal_get_path('module', $consumer['consumer_module']) . '/' . $consumer['consumer_class_file']);
|
|
209 |
require_once drupal_get_path('module', $consumer['consumer_module']) . '/' . $consumer['consumer_class_file'];
|
|
206 | 210 |
$class = $consumer['consumer_class_name']; |
207 | 211 |
$consumer_obj = new $class($consumer_type); |
208 | 212 |
$consumer_obj->detailedWatchdogLog = variable_get('ldap_help_watchdog_detail', 0); |
... | ... | |
214 | 218 |
} |
215 | 219 |
|
216 | 220 |
/** |
217 |
* @param string $consumer_type is machine name of consumer type such as "drupal_role" |
|
218 |
* @param boolean $reset signifies clear static variable |
|
219 |
* @param boolean $flatten signies return individual consumer not keyed on consumer type |
|
221 |
* @param string $consumer_type |
|
222 |
* is machine name of consumer type such as "drupal_role". |
|
223 |
* @param bool $reset |
|
224 |
* signifies clear static variable. |
|
225 |
* @param bool $flatten |
|
226 |
* signies return individual consumer not keyed on consumer type. |
|
220 | 227 |
* |
221 | 228 |
* @return array (1) if $flatten is true, consumer configuration array |
222 | 229 |
* otherwise (2) associative array of consumer configurations keyed on consumer type such as "drupal_role" |
... | ... | |
243 | 250 |
* so it can be called from a batch synchronization process for example |
244 | 251 |
* |
245 | 252 |
* @param drupal user object $user |
246 |
* @param string $op indicating operation such as query, set, test_query, etc. |
|
247 |
* @param string $consumer_type e.g. drupal_role, or og_groups |
|
253 |
* @param string $op |
|
254 |
* indicating operation such as query, set, test_query, etc. |
|
255 |
* @param string $consumer_type |
|
256 |
* e.g. drupal_role, or og_groups. |
|
248 | 257 |
* @param string $context |
249 | 258 |
* |
250 | 259 |
* @return array of form: |
251 |
* $authorizations[<consumer_type>][<authorization_id>] |
|
252 |
* |
|
260 |
* $authorizations[<consumer_type>][<authorization_id>] |
|
253 | 261 |
*/ |
254 | 262 |
function ldap_authorizations_user_authorizations(&$user, $op = 'query', $consumer_type = NULL, $context = NULL) { |
255 | 263 |
ldap_servers_module_load_include('inc', 'ldap_authorization', 'ldap_authorization'); |
... | ... | |
270 | 278 |
return array($new_authorizations, $notifications); |
271 | 279 |
} |
272 | 280 |
|
281 |
/** |
|
282 |
* |
|
283 |
*/ |
|
273 | 284 |
function ldap_authorization_help($path, $arg) { |
274 | 285 |
|
275 | 286 |
$authorization_help = t('LDAP authorization allows LDAP data such as group memberships, |
... | ... | |
291 | 302 |
} |
292 | 303 |
} |
293 | 304 |
|
294 |
/** just tokens for better watchdog and drupal_set_message arguments **/
|
|
295 |
|
|
305 |
/** |
|
306 |
* Just tokens for better watchdog and drupal_set_message arguments .**/ |
|
296 | 307 |
function ldap_authorization_tokens($consumer) { |
297 | 308 |
$tokens = array(); |
298 | 309 |
|
... | ... | |
311 | 322 |
return $tokens; |
312 | 323 |
} |
313 | 324 |
|
314 |
|
|
325 |
/** |
|
326 |
* |
|
327 |
*/ |
|
315 | 328 |
function ldap_authorization_get_consumer_admin_object($consumer_type, $new = NULL) { |
316 | 329 |
ldap_servers_module_load_include('php', 'ldap_authorization', 'LdapAuthorizationConsumerConfAdmin.class'); |
317 | 330 |
$consumer_object = ldap_authorization_get_consumer_object($consumer_type); |
... | ... | |
319 | 332 |
return $consumer_conf_admin; |
320 | 333 |
} |
321 | 334 |
|
335 |
/** |
|
336 |
* |
|
337 |
*/ |
|
322 | 338 |
function ldap_authorization_get_consumer_conf($consumer_type, $type = 'default', $new = NULL) { |
323 | 339 |
$consumer_object = ldap_authorization_get_consumer_object($consumer_type); |
324 | 340 |
if ($type == 'admin') { |
... | ... | |
332 | 348 |
return $consumer_conf; |
333 | 349 |
} |
334 | 350 |
|
335 |
|
|
336 | 351 |
/** |
337 | 352 |
* Implements hook_ldap_user_attrs_list_alter(). |
338 | 353 |
*/ |
339 |
|
|
340 | 354 |
function ldap_authorization_ldap_user_attrs_list_alter(&$available_user_attrs, &$params) { |
341 | 355 |
|
342 |
// this is a case where a field is being denied synching configuration because its not meant to be used by other modules
|
|
356 |
// This is a case where a field is being denied synching configuration because its not meant to be used by other modules.
|
|
343 | 357 |
$available_user_attrs['[field.ldap_authorizations]'] = array( |
344 | 358 |
'name' => 'Field: LDAP Authorizations', |
345 | 359 |
'source' => 'LDAP Authorization modules', |
Formats disponibles : Unified diff
Weekly update of contrib modules