Révision bc175c27
Ajouté par Assos Assos il y a plus de 5 ans
drupal7/sites/all/modules/ldap/ldap_authorization/ldap_authorization_drupal_role/LdapAuthorizationConsumerRole.class.php | ||
---|---|---|
2 | 2 |
|
3 | 3 |
/** |
4 | 4 |
* @file |
5 |
* |
|
6 |
* class to represent configuration of ldap authorizations to drupal roles |
|
7 |
* |
|
8 |
* |
|
5 |
* Class to represent configuration of ldap authorizations to drupal roles. |
|
9 | 6 |
*/ |
10 | 7 |
|
11 | 8 |
module_load_include('php', 'ldap_authorization', 'LdapAuthorizationConsumerAbstract.class'); |
12 |
|
|
9 |
/** |
|
10 |
* |
|
11 |
*/ |
|
13 | 12 |
class LdapAuthorizationConsumerDrupalRole extends LdapAuthorizationConsumerAbstract { |
14 | 13 |
|
15 | 14 |
public $consumerType = 'drupal_role'; |
... | ... | |
22 | 21 |
'revokeLdapProvisioned' => TRUE, |
23 | 22 |
'regrantLdapProvisioned' => TRUE, |
24 | 23 |
'createConsumers' => TRUE, |
25 |
);
|
|
24 |
); |
|
26 | 25 |
|
27 |
function __construct($consumer_type = NULL) { |
|
26 |
/** |
|
27 |
* |
|
28 |
*/ |
|
29 |
public function __construct($consumer_type = NULL) { |
|
28 | 30 |
$params = ldap_authorization_drupal_role_ldap_authorization_consumer(); |
29 | 31 |
parent::__construct('drupal_role', $params['drupal_role']); |
30 | 32 |
} |
... | ... | |
32 | 34 |
/** |
33 | 35 |
* @see LdapAuthorizationConsumerAbstract::createConsumer |
34 | 36 |
*/ |
35 |
|
|
36 | 37 |
public function createConsumer($consumer_id, $consumer) { |
37 | 38 |
$roles_by_consumer_id = $this->existingRolesByRoleName(); |
38 | 39 |
$existing_role = isset($roles_by_consumer_id[$consumer_id]) ? $roles_by_consumer_id[$consumer_id] : FALSE; |
39 | 40 |
|
40 | 41 |
if ($existing_role) { |
41 |
return FALSE; // role exists |
|
42 |
// Role exists. |
|
43 |
return FALSE; |
|
42 | 44 |
} |
43 | 45 |
elseif (drupal_strlen($consumer_id) > 63) { |
44 | 46 |
watchdog('ldap_authorization_drupal_role', 'Tried to create drupal role |
... | ... | |
49 | 51 |
|
50 | 52 |
$new_role = new stdClass(); |
51 | 53 |
$new_role->name = empty($consumer['value']) ? $consumer_id : $consumer['value']; |
52 |
if (! ($status = user_role_save($new_role))) {
|
|
53 |
// if role is not created, remove from array to user object doesn't have it stored as granted
|
|
54 |
if (!($status = user_role_save($new_role))) { |
|
55 |
// If role is not created, remove from array to user object doesn't have it stored as granted.
|
|
54 | 56 |
watchdog('user', 'failed to create drupal role %role in ldap_authorizations module', array('%role' => $new_role->name)); |
55 | 57 |
return FALSE; |
56 | 58 |
} |
57 | 59 |
else { |
58 |
$roles_by_consumer_id = $this->existingRolesByRoleName(TRUE); // flush existingRolesByRoleName cache after creating new role |
|
60 |
// Flush existingRolesByRoleName cache after creating new role. |
|
61 |
$roles_by_consumer_id = $this->existingRolesByRoleName(TRUE); |
|
59 | 62 |
watchdog('user', 'created drupal role %role in ldap_authorizations module', array('%role' => $new_role->name)); |
60 | 63 |
} |
61 | 64 |
return TRUE; |
62 | 65 |
} |
63 | 66 |
|
64 |
|
|
65 | 67 |
/** |
66 | 68 |
* @see LdapAuthorizationConsumerAbstract::populateConsumersFromConsumerIds |
67 | 69 |
*/ |
68 |
|
|
69 | 70 |
public function populateConsumersFromConsumerIds(&$consumers, $create_missing_consumers = FALSE) { |
70 | 71 |
|
71 | 72 |
$roles_by_consumer_id = $this->existingRolesByRoleName(TRUE); |
72 | 73 |
foreach ($consumers as $consumer_id => $consumer) { |
73 | 74 |
|
74 |
if (!$consumer['exists']) { // role marked as not existing |
|
75 |
if (isset($roles_by_consumer_id[$consumer_id])) { // check if is existing |
|
75 |
// Role marked as not existing. |
|
76 |
if (!$consumer['exists']) { |
|
77 |
// Check if is existing. |
|
78 |
if (isset($roles_by_consumer_id[$consumer_id])) { |
|
76 | 79 |
$consumer['exists'] = TRUE; |
77 | 80 |
$consumer['value'] = $roles_by_consumer_id[$consumer_id]['role_name']; |
78 | 81 |
$consumer['name'] = $consumer['map_to_string']; |
... | ... | |
95 | 98 |
} |
96 | 99 |
} |
97 | 100 |
|
98 |
|
|
101 |
/** |
|
102 |
* |
|
103 |
*/ |
|
99 | 104 |
public function revokeSingleAuthorization(&$user, $consumer_id, $consumer, &$user_auth_data, $user_save = FALSE, $reset = FALSE) { |
100 | 105 |
|
101 | 106 |
$role_name_lcase = $consumer_id; |
102 | 107 |
$role_name = empty($consumer['value']) ? $consumer_id : $consumer['value']; |
103 | 108 |
$rid = $this->getDrupalRoleIdFromRoleName($role_name); |
104 | 109 |
if (!$rid) { |
105 |
$result = FALSE; // role id not found |
|
110 |
// Role id not found. |
|
111 |
$result = FALSE; |
|
106 | 112 |
} |
107 |
elseif (!$user->roles[$rid]) { // user doesn't have role |
|
113 |
// User doesn't have role. |
|
114 |
elseif (!$user->roles[$rid]) { |
|
108 | 115 |
if (isset($user_auth_data[$consumer_id])) { |
109 | 116 |
unset($user_auth_data[$consumer_id]); |
110 | 117 |
} |
... | ... | |
124 | 131 |
if ($this->detailedWatchdogLog) { |
125 | 132 |
watchdog('ldap_authorization', 'LdapAuthorizationConsumerDrupalRole.revokeSingleAuthorization() |
126 | 133 |
revoked: rid=%rid, role_name=%role_name for username=%username, result=%result', |
127 |
array('%rid' => $rid, '%role_name' => $role_name, '%username' => $user->name, |
|
128 |
'%result' => $result), WATCHDOG_DEBUG); |
|
134 |
array( |
|
135 |
'%rid' => $rid, |
|
136 |
'%role_name' => $role_name, |
|
137 |
'%username' => $user->name, |
|
138 |
'%result' => $result, |
|
139 |
), WATCHDOG_DEBUG); |
|
129 | 140 |
} |
130 | 141 |
|
131 | 142 |
return $result; |
... | ... | |
133 | 144 |
} |
134 | 145 |
|
135 | 146 |
/** |
136 |
* extends grantSingleAuthorization()
|
|
147 |
* Extends grantSingleAuthorization()
|
|
137 | 148 |
*/ |
138 |
|
|
139 | 149 |
public function grantSingleAuthorization(&$user, $consumer_id, $consumer, &$user_auth_data, $user_save = FALSE, $reset = FALSE) { |
140 | 150 |
|
141 | 151 |
$role_name_lcase = $consumer_id; |
... | ... | |
162 | 172 |
if ($this->detailedWatchdogLog) { |
163 | 173 |
watchdog('ldap_authorization', 'LdapAuthorizationConsumerDrupalRole.grantSingleAuthorization() |
164 | 174 |
granted: rid=%rid, role_name=%role_name for username=%username, result=%result', |
165 |
array('%rid' => $rid, '%role_name' => $role_name, '%username' => $user->name, |
|
166 |
'%result' => $result), WATCHDOG_DEBUG); |
|
175 |
array( |
|
176 |
'%rid' => $rid, |
|
177 |
'%role_name' => $role_name, |
|
178 |
'%username' => $user->name, |
|
179 |
'%result' => $result, |
|
180 |
), WATCHDOG_DEBUG); |
|
167 | 181 |
} |
168 | 182 |
|
169 | 183 |
return $result; |
170 | 184 |
|
171 | 185 |
} |
172 | 186 |
|
187 |
/** |
|
188 |
* |
|
189 |
*/ |
|
173 | 190 |
public function usersAuthorizations(&$user) { |
174 | 191 |
$authorizations = array(); |
175 | 192 |
foreach ($user->roles as $rid => $role_name_mixed_case) { |
... | ... | |
178 | 195 |
return $authorizations; |
179 | 196 |
} |
180 | 197 |
|
198 |
/** |
|
199 |
* |
|
200 |
*/ |
|
181 | 201 |
public function validateAuthorizationMappingTarget($mapping, $form_values = NULL, $clear_cache = FALSE) { |
182 | 202 |
|
183 | 203 |
$has_form_values = is_array($form_values); |
... | ... | |
188 | 208 |
$roles_by_name = $this->existingRolesByRoleName(); |
189 | 209 |
$pass = isset($roles_by_name[drupal_strtolower($role_name)]); |
190 | 210 |
|
191 |
|
|
192 | 211 |
if (!$pass) { |
193 | 212 |
$message_text = '"' . t('Drupal role') . ' ' . t('!map_to', $tokens) . '" ' . t('does not map to any existing Drupal roles.'); |
194 | 213 |
if ($has_form_values) { |
... | ... | |
217 | 236 |
* @param string mixed case $role_name |
218 | 237 |
* @return integer role id |
219 | 238 |
*/ |
220 |
|
|
221 | 239 |
private function getDrupalRoleIdFromRoleName($role_name) { |
222 | 240 |
$role_ids_by_name = $this->existingRolesByRoleName(); |
223 | 241 |
$role_name_lowercase = drupal_strtolower($role_name); |
... | ... | |
225 | 243 |
} |
226 | 244 |
|
227 | 245 |
/** |
228 |
* @param boolean $reset to reset static values |
|
246 |
* @param bool $reset |
|
247 |
* to reset static values. |
|
229 | 248 |
* @return associative array() keyed on lowercase role names with values |
230 | 249 |
* of array('rid' => role id, 'role_name' => mixed case role name) |
231 | 250 |
*/ |
... | ... | |
243 | 262 |
return $roles_by_name; |
244 | 263 |
} |
245 | 264 |
|
246 |
/** |
|
265 |
/**
|
|
247 | 266 |
* @see LdapAuthorizationConsumerAbstract::normalizeMappings |
248 | 267 |
*/ |
249 | 268 |
public function normalizeMappings($mappings) { |
250 | 269 |
|
251 | 270 |
$new_mappings = array(); |
252 |
$roles = user_roles(TRUE); // in rid => role name format |
|
271 |
// In rid => role name format. |
|
272 |
$roles = user_roles(TRUE); |
|
253 | 273 |
$roles_by_name = array_flip($roles); |
254 | 274 |
foreach ($mappings as $i => $mapping) { |
255 | 275 |
$new_mapping = array(); |
... | ... | |
257 | 277 |
$new_mapping['from'] = $mapping[0]; |
258 | 278 |
$new_mapping['normalized'] = $mapping[1]; |
259 | 279 |
$new_mapping['simplified'] = $mapping[1]; |
260 |
$create_consumers = (boolean)($this->allowConsumerObjectCreation && $this->consumerConf->createConsumers); |
|
261 |
$new_mapping['valid'] = (boolean)(!$create_consumers && !empty($roles_by_name[$mapping[1]])); |
|
280 |
$create_consumers = (boolean) ($this->allowConsumerObjectCreation && $this->consumerConf->createConsumers);
|
|
281 |
$new_mapping['valid'] = (boolean) (!$create_consumers && !empty($roles_by_name[$mapping[1]]));
|
|
262 | 282 |
$new_mapping['error_message'] = ($new_mapping['valid']) ? '' : t("Role %role_name does not exist and role creation is not enabled.", array('%role' => $mapping[1])); |
263 | 283 |
$new_mappings[] = $new_mapping; |
264 | 284 |
} |
... | ... | |
266 | 286 |
return $new_mappings; |
267 | 287 |
} |
268 | 288 |
|
269 |
/**
|
|
270 |
* @see ldapAuthorizationConsumerAbstract::convertToFriendlyAuthorizationIds
|
|
271 |
*/
|
|
289 |
/** |
|
290 |
* @see ldapAuthorizationConsumerAbstract::convertToFriendlyAuthorizationIds
|
|
291 |
*/
|
|
272 | 292 |
public function convertToFriendlyAuthorizationIds($authorizations) { |
273 | 293 |
$authorization_ids_friendly = array(); |
274 | 294 |
foreach ($authorizations as $authorization_id => $authorization) { |
Formats disponibles : Unified diff
Weekly update of contrib modules