Révision bc175c27
Ajouté par Assos Assos il y a plus de 5 ans
| drupal7/sites/all/modules/ldap/ldap_authorization/ldap_authorization_drupal_role/LdapAuthorizationConsumerRole.class.php | ||
|---|---|---|
| 2 | 2 |
|
| 3 | 3 |
/** |
| 4 | 4 |
* @file |
| 5 |
* |
|
| 6 |
* class to represent configuration of ldap authorizations to drupal roles |
|
| 7 |
* |
|
| 8 |
* |
|
| 5 |
* Class to represent configuration of ldap authorizations to drupal roles. |
|
| 9 | 6 |
*/ |
| 10 | 7 |
|
| 11 | 8 |
module_load_include('php', 'ldap_authorization', 'LdapAuthorizationConsumerAbstract.class');
|
| 12 |
|
|
| 9 |
/** |
|
| 10 |
* |
|
| 11 |
*/ |
|
| 13 | 12 |
class LdapAuthorizationConsumerDrupalRole extends LdapAuthorizationConsumerAbstract {
|
| 14 | 13 |
|
| 15 | 14 |
public $consumerType = 'drupal_role'; |
| ... | ... | |
| 22 | 21 |
'revokeLdapProvisioned' => TRUE, |
| 23 | 22 |
'regrantLdapProvisioned' => TRUE, |
| 24 | 23 |
'createConsumers' => TRUE, |
| 25 |
);
|
|
| 24 |
); |
|
| 26 | 25 |
|
| 27 |
function __construct($consumer_type = NULL) {
|
|
| 26 |
/** |
|
| 27 |
* |
|
| 28 |
*/ |
|
| 29 |
public function __construct($consumer_type = NULL) {
|
|
| 28 | 30 |
$params = ldap_authorization_drupal_role_ldap_authorization_consumer(); |
| 29 | 31 |
parent::__construct('drupal_role', $params['drupal_role']);
|
| 30 | 32 |
} |
| ... | ... | |
| 32 | 34 |
/** |
| 33 | 35 |
* @see LdapAuthorizationConsumerAbstract::createConsumer |
| 34 | 36 |
*/ |
| 35 |
|
|
| 36 | 37 |
public function createConsumer($consumer_id, $consumer) {
|
| 37 | 38 |
$roles_by_consumer_id = $this->existingRolesByRoleName(); |
| 38 | 39 |
$existing_role = isset($roles_by_consumer_id[$consumer_id]) ? $roles_by_consumer_id[$consumer_id] : FALSE; |
| 39 | 40 |
|
| 40 | 41 |
if ($existing_role) {
|
| 41 |
return FALSE; // role exists |
|
| 42 |
// Role exists. |
|
| 43 |
return FALSE; |
|
| 42 | 44 |
} |
| 43 | 45 |
elseif (drupal_strlen($consumer_id) > 63) {
|
| 44 | 46 |
watchdog('ldap_authorization_drupal_role', 'Tried to create drupal role
|
| ... | ... | |
| 49 | 51 |
|
| 50 | 52 |
$new_role = new stdClass(); |
| 51 | 53 |
$new_role->name = empty($consumer['value']) ? $consumer_id : $consumer['value']; |
| 52 |
if (! ($status = user_role_save($new_role))) {
|
|
| 53 |
// if role is not created, remove from array to user object doesn't have it stored as granted
|
|
| 54 |
if (!($status = user_role_save($new_role))) {
|
|
| 55 |
// If role is not created, remove from array to user object doesn't have it stored as granted.
|
|
| 54 | 56 |
watchdog('user', 'failed to create drupal role %role in ldap_authorizations module', array('%role' => $new_role->name));
|
| 55 | 57 |
return FALSE; |
| 56 | 58 |
} |
| 57 | 59 |
else {
|
| 58 |
$roles_by_consumer_id = $this->existingRolesByRoleName(TRUE); // flush existingRolesByRoleName cache after creating new role |
|
| 60 |
// Flush existingRolesByRoleName cache after creating new role. |
|
| 61 |
$roles_by_consumer_id = $this->existingRolesByRoleName(TRUE); |
|
| 59 | 62 |
watchdog('user', 'created drupal role %role in ldap_authorizations module', array('%role' => $new_role->name));
|
| 60 | 63 |
} |
| 61 | 64 |
return TRUE; |
| 62 | 65 |
} |
| 63 | 66 |
|
| 64 |
|
|
| 65 | 67 |
/** |
| 66 | 68 |
* @see LdapAuthorizationConsumerAbstract::populateConsumersFromConsumerIds |
| 67 | 69 |
*/ |
| 68 |
|
|
| 69 | 70 |
public function populateConsumersFromConsumerIds(&$consumers, $create_missing_consumers = FALSE) {
|
| 70 | 71 |
|
| 71 | 72 |
$roles_by_consumer_id = $this->existingRolesByRoleName(TRUE); |
| 72 | 73 |
foreach ($consumers as $consumer_id => $consumer) {
|
| 73 | 74 |
|
| 74 |
if (!$consumer['exists']) { // role marked as not existing
|
|
| 75 |
if (isset($roles_by_consumer_id[$consumer_id])) { // check if is existing
|
|
| 75 |
// Role marked as not existing. |
|
| 76 |
if (!$consumer['exists']) {
|
|
| 77 |
// Check if is existing. |
|
| 78 |
if (isset($roles_by_consumer_id[$consumer_id])) {
|
|
| 76 | 79 |
$consumer['exists'] = TRUE; |
| 77 | 80 |
$consumer['value'] = $roles_by_consumer_id[$consumer_id]['role_name']; |
| 78 | 81 |
$consumer['name'] = $consumer['map_to_string']; |
| ... | ... | |
| 95 | 98 |
} |
| 96 | 99 |
} |
| 97 | 100 |
|
| 98 |
|
|
| 101 |
/** |
|
| 102 |
* |
|
| 103 |
*/ |
|
| 99 | 104 |
public function revokeSingleAuthorization(&$user, $consumer_id, $consumer, &$user_auth_data, $user_save = FALSE, $reset = FALSE) {
|
| 100 | 105 |
|
| 101 | 106 |
$role_name_lcase = $consumer_id; |
| 102 | 107 |
$role_name = empty($consumer['value']) ? $consumer_id : $consumer['value']; |
| 103 | 108 |
$rid = $this->getDrupalRoleIdFromRoleName($role_name); |
| 104 | 109 |
if (!$rid) {
|
| 105 |
$result = FALSE; // role id not found |
|
| 110 |
// Role id not found. |
|
| 111 |
$result = FALSE; |
|
| 106 | 112 |
} |
| 107 |
elseif (!$user->roles[$rid]) { // user doesn't have role
|
|
| 113 |
// User doesn't have role. |
|
| 114 |
elseif (!$user->roles[$rid]) {
|
|
| 108 | 115 |
if (isset($user_auth_data[$consumer_id])) {
|
| 109 | 116 |
unset($user_auth_data[$consumer_id]); |
| 110 | 117 |
} |
| ... | ... | |
| 124 | 131 |
if ($this->detailedWatchdogLog) {
|
| 125 | 132 |
watchdog('ldap_authorization', 'LdapAuthorizationConsumerDrupalRole.revokeSingleAuthorization()
|
| 126 | 133 |
revoked: rid=%rid, role_name=%role_name for username=%username, result=%result', |
| 127 |
array('%rid' => $rid, '%role_name' => $role_name, '%username' => $user->name,
|
|
| 128 |
'%result' => $result), WATCHDOG_DEBUG); |
|
| 134 |
array( |
|
| 135 |
'%rid' => $rid, |
|
| 136 |
'%role_name' => $role_name, |
|
| 137 |
'%username' => $user->name, |
|
| 138 |
'%result' => $result, |
|
| 139 |
), WATCHDOG_DEBUG); |
|
| 129 | 140 |
} |
| 130 | 141 |
|
| 131 | 142 |
return $result; |
| ... | ... | |
| 133 | 144 |
} |
| 134 | 145 |
|
| 135 | 146 |
/** |
| 136 |
* extends grantSingleAuthorization()
|
|
| 147 |
* Extends grantSingleAuthorization()
|
|
| 137 | 148 |
*/ |
| 138 |
|
|
| 139 | 149 |
public function grantSingleAuthorization(&$user, $consumer_id, $consumer, &$user_auth_data, $user_save = FALSE, $reset = FALSE) {
|
| 140 | 150 |
|
| 141 | 151 |
$role_name_lcase = $consumer_id; |
| ... | ... | |
| 162 | 172 |
if ($this->detailedWatchdogLog) {
|
| 163 | 173 |
watchdog('ldap_authorization', 'LdapAuthorizationConsumerDrupalRole.grantSingleAuthorization()
|
| 164 | 174 |
granted: rid=%rid, role_name=%role_name for username=%username, result=%result', |
| 165 |
array('%rid' => $rid, '%role_name' => $role_name, '%username' => $user->name,
|
|
| 166 |
'%result' => $result), WATCHDOG_DEBUG); |
|
| 175 |
array( |
|
| 176 |
'%rid' => $rid, |
|
| 177 |
'%role_name' => $role_name, |
|
| 178 |
'%username' => $user->name, |
|
| 179 |
'%result' => $result, |
|
| 180 |
), WATCHDOG_DEBUG); |
|
| 167 | 181 |
} |
| 168 | 182 |
|
| 169 | 183 |
return $result; |
| 170 | 184 |
|
| 171 | 185 |
} |
| 172 | 186 |
|
| 187 |
/** |
|
| 188 |
* |
|
| 189 |
*/ |
|
| 173 | 190 |
public function usersAuthorizations(&$user) {
|
| 174 | 191 |
$authorizations = array(); |
| 175 | 192 |
foreach ($user->roles as $rid => $role_name_mixed_case) {
|
| ... | ... | |
| 178 | 195 |
return $authorizations; |
| 179 | 196 |
} |
| 180 | 197 |
|
| 198 |
/** |
|
| 199 |
* |
|
| 200 |
*/ |
|
| 181 | 201 |
public function validateAuthorizationMappingTarget($mapping, $form_values = NULL, $clear_cache = FALSE) {
|
| 182 | 202 |
|
| 183 | 203 |
$has_form_values = is_array($form_values); |
| ... | ... | |
| 188 | 208 |
$roles_by_name = $this->existingRolesByRoleName(); |
| 189 | 209 |
$pass = isset($roles_by_name[drupal_strtolower($role_name)]); |
| 190 | 210 |
|
| 191 |
|
|
| 192 | 211 |
if (!$pass) {
|
| 193 | 212 |
$message_text = '"' . t('Drupal role') . ' ' . t('!map_to', $tokens) . '" ' . t('does not map to any existing Drupal roles.');
|
| 194 | 213 |
if ($has_form_values) {
|
| ... | ... | |
| 217 | 236 |
* @param string mixed case $role_name |
| 218 | 237 |
* @return integer role id |
| 219 | 238 |
*/ |
| 220 |
|
|
| 221 | 239 |
private function getDrupalRoleIdFromRoleName($role_name) {
|
| 222 | 240 |
$role_ids_by_name = $this->existingRolesByRoleName(); |
| 223 | 241 |
$role_name_lowercase = drupal_strtolower($role_name); |
| ... | ... | |
| 225 | 243 |
} |
| 226 | 244 |
|
| 227 | 245 |
/** |
| 228 |
* @param boolean $reset to reset static values |
|
| 246 |
* @param bool $reset |
|
| 247 |
* to reset static values. |
|
| 229 | 248 |
* @return associative array() keyed on lowercase role names with values |
| 230 | 249 |
* of array('rid' => role id, 'role_name' => mixed case role name)
|
| 231 | 250 |
*/ |
| ... | ... | |
| 243 | 262 |
return $roles_by_name; |
| 244 | 263 |
} |
| 245 | 264 |
|
| 246 |
/** |
|
| 265 |
/**
|
|
| 247 | 266 |
* @see LdapAuthorizationConsumerAbstract::normalizeMappings |
| 248 | 267 |
*/ |
| 249 | 268 |
public function normalizeMappings($mappings) {
|
| 250 | 269 |
|
| 251 | 270 |
$new_mappings = array(); |
| 252 |
$roles = user_roles(TRUE); // in rid => role name format |
|
| 271 |
// In rid => role name format. |
|
| 272 |
$roles = user_roles(TRUE); |
|
| 253 | 273 |
$roles_by_name = array_flip($roles); |
| 254 | 274 |
foreach ($mappings as $i => $mapping) {
|
| 255 | 275 |
$new_mapping = array(); |
| ... | ... | |
| 257 | 277 |
$new_mapping['from'] = $mapping[0]; |
| 258 | 278 |
$new_mapping['normalized'] = $mapping[1]; |
| 259 | 279 |
$new_mapping['simplified'] = $mapping[1]; |
| 260 |
$create_consumers = (boolean)($this->allowConsumerObjectCreation && $this->consumerConf->createConsumers); |
|
| 261 |
$new_mapping['valid'] = (boolean)(!$create_consumers && !empty($roles_by_name[$mapping[1]])); |
|
| 280 |
$create_consumers = (boolean) ($this->allowConsumerObjectCreation && $this->consumerConf->createConsumers);
|
|
| 281 |
$new_mapping['valid'] = (boolean) (!$create_consumers && !empty($roles_by_name[$mapping[1]]));
|
|
| 262 | 282 |
$new_mapping['error_message'] = ($new_mapping['valid']) ? '' : t("Role %role_name does not exist and role creation is not enabled.", array('%role' => $mapping[1]));
|
| 263 | 283 |
$new_mappings[] = $new_mapping; |
| 264 | 284 |
} |
| ... | ... | |
| 266 | 286 |
return $new_mappings; |
| 267 | 287 |
} |
| 268 | 288 |
|
| 269 |
/**
|
|
| 270 |
* @see ldapAuthorizationConsumerAbstract::convertToFriendlyAuthorizationIds
|
|
| 271 |
*/
|
|
| 289 |
/** |
|
| 290 |
* @see ldapAuthorizationConsumerAbstract::convertToFriendlyAuthorizationIds
|
|
| 291 |
*/
|
|
| 272 | 292 |
public function convertToFriendlyAuthorizationIds($authorizations) {
|
| 273 | 293 |
$authorization_ids_friendly = array(); |
| 274 | 294 |
foreach ($authorizations as $authorization_id => $authorization) {
|
Formats disponibles : Unified diff
Weekly update of contrib modules