1 |
85ad3d82
|
Assos Assos
|
<?php
|
2 |
|
|
|
3 |
|
|
/** @file
|
4 |
|
|
*
|
5 |
|
|
* controls organic group membership based on LDAP values
|
6 |
|
|
*
|
7 |
|
|
*/
|
8 |
|
|
|
9 |
|
|
/**
|
10 |
|
|
* Implements hook_ldap_authorization_consumer().
|
11 |
|
|
*/
|
12 |
|
|
|
13 |
|
|
function ldap_authorization_og_ldap_authorization_consumer() {
|
14 |
|
|
$types['og_group'] = array(
|
15 |
|
|
'consumer_name' => t('OG group'),
|
16 |
|
|
'consumer_name_plural' => t('OG groups'),
|
17 |
|
|
'consumer_short_name' => t('group'),
|
18 |
|
|
'consumer_short_name_plural' => t('groups'),
|
19 |
|
|
'consumer_description' => t('An OG group.'),
|
20 |
|
|
'consumer_class_name' => 'LdapAuthorizationConsumerOG',
|
21 |
|
|
'consumer_class_file' => 'LdapAuthorizationConsumerOG.class.php',
|
22 |
|
|
'consumer_module' => 'ldap_authorization_og',
|
23 |
|
|
);
|
24 |
|
|
|
25 |
|
|
if (ldap_authorization_og_og_version() == 1) {
|
26 |
|
|
$types['og_group']['consumer_mapping_directions'] = 'Mappings should be of form:<br/>
|
27 |
|
|
<code>[raw authorization id]|[og group match field]=[og group match id],[og role match field]=[og role match id]</code>
|
28 |
|
|
<br/>such as:<br/>
|
29 |
|
|
<code>
|
30 |
|
|
Student Accounts|group-name=students,role-name=member<br/>
|
31 |
|
|
cn=honors students,ou=groups,dc=hogwarts,dc=edu|gid=7,rid=28<br/>
|
32 |
|
|
</code>';
|
33 |
|
|
}
|
34 |
|
|
else {
|
35 |
|
|
$types['og_group']['consumer_mapping_directions'] = 'Mappings should be of form:<br/>
|
36 |
|
|
<code>[raw authorization id]|[og entity type]:[og entity id or title]:[og role id]</code>
|
37 |
|
|
<br/>[og entity type] is generally "node"
|
38 |
|
|
<br/>[og entity id or title] can be the groups title or entity id. <strong>Titles with ":"s in them may not be used</strong>.
|
39 |
|
|
<br/>when [og role id] is left off, default role is used.
|
40 |
|
|
<br/>such as:<br/>
|
41 |
|
|
<code>
|
42 |
|
|
Student Accounts|node:17:2<br/>
|
43 |
|
|
cn=honors students,ou=groups,dc=hogwarts,dc=edu|node:honors students<br/>
|
44 |
|
|
cn=gryffindor,ou=groups,dc=hogwarts,dc=edu|node:gryffindor:3<br/>
|
45 |
|
|
</code>';
|
46 |
|
|
}
|
47 |
|
|
return $types;
|
48 |
|
|
}
|
49 |
|
|
|
50 |
|
|
/**
|
51 |
|
|
* Format authorization id
|
52 |
|
|
*
|
53 |
|
|
* @param int $gid as organic group gid
|
54 |
|
|
* @param int $rid as organic group rig
|
55 |
|
|
* @param array $group_entity as entity associated with organic group
|
56 |
|
|
*
|
57 |
|
|
* @return string "normalized" authorization id such as 3-3
|
58 |
|
|
*/
|
59 |
|
|
function ldap_authorization_og_authorization_id($gid, $rid, $entity_type = 'node') {
|
60 |
|
|
return (ldap_authorization_og_og_version() == 1) ? $gid . '-' . $rid : join(':', array($entity_type, $gid, $rid));
|
61 |
|
|
}
|
62 |
|
|
|
63 |
|
|
|
64 |
|
|
function ldap_authorization_og_og_version() {
|
65 |
|
|
return (function_exists('og_action_info')) ? 2 : 1;
|
66 |
|
|
}
|
67 |
|
|
|
68 |
|
|
/**
|
69 |
|
|
* Convert entity id to group id
|
70 |
|
|
*
|
71 |
|
|
* @param int $entity_id as id of entity associated with organic group
|
72 |
|
|
* @return int og group id
|
73 |
|
|
*/
|
74 |
|
|
function ldap_authorization_og1_entity_id_to_gid($entity_id) {
|
75 |
|
|
|
76 |
|
|
$gid = db_select('og', 'og')
|
77 |
|
|
->fields('og', array('gid'))
|
78 |
|
|
->condition('og.etid', $entity_id, '=')
|
79 |
|
|
->range(0, 1)
|
80 |
|
|
->execute()
|
81 |
|
|
->fetchField();
|
82 |
|
|
return ($gid && is_scalar($gid)) ? $gid : FALSE;
|
83 |
|
|
|
84 |
|
|
}
|
85 |
|
|
|
86 |
|
|
/**
|
87 |
|
|
* Convert entity id to group id
|
88 |
|
|
*
|
89 |
|
|
* @param int $entity_id as id of entity associated with organic group
|
90 |
|
|
* @return int og group id
|
91 |
|
|
*/
|
92 |
|
|
function ldap_authorization_og1_group_name_to_gid($group_name) {
|
93 |
|
|
|
94 |
|
|
$gid = db_select('og', 'og')
|
95 |
|
|
->fields('og', array('gid'))
|
96 |
|
|
->condition('og.label', $group_name, '=')
|
97 |
|
|
->range(0, 1)
|
98 |
|
|
->execute()
|
99 |
|
|
->fetchField();
|
100 |
|
|
return ($gid && is_scalar($gid)) ? $gid : FALSE;
|
101 |
|
|
|
102 |
|
|
}
|
103 |
|
|
|
104 |
|
|
|
105 |
|
|
/**
|
106 |
|
|
* Generic function to convert between query values and organic groups structures and attributes
|
107 |
|
|
*
|
108 |
|
|
* @param mixed $value signifies query value e.g. 'bakers', 7 etc.
|
109 |
|
|
* @param mixed $value_type signifies query type e.g. 'group_name', 'gid', etc.
|
110 |
|
|
* @param string $return signifying return type. e.g. 'object', 'label', 'name', 'gid'
|
111 |
|
|
* @return mixed organic group object, gid, label, etc.
|
112 |
|
|
*/
|
113 |
|
|
function ldap_authorization_og1_get_group($value, $value_type = 'group_name', $return = 'object') {
|
114 |
|
|
|
115 |
|
|
if ($value_type == 'gid') {
|
116 |
|
|
$group = og_load($value);
|
117 |
|
|
}
|
118 |
|
|
elseif ($value_type == 'group_name') {
|
119 |
|
|
$gid = ldap_authorization_og1_group_name_to_gid($value);
|
120 |
|
|
$group = ($gid) ? og_load($gid) : FALSE;
|
121 |
|
|
}
|
122 |
|
|
|
123 |
|
|
if (!$group || !is_object($group)) {
|
124 |
|
|
return FALSE;
|
125 |
|
|
}
|
126 |
|
|
if ($return == 'object' && is_object($group)) {
|
127 |
|
|
$group_entity = node_load($group->etid);
|
128 |
|
|
return array($group, $group_entity);
|
129 |
|
|
}
|
130 |
|
|
elseif ($return == 'label' || $return == 'name') {
|
131 |
|
|
return $group->label;
|
132 |
|
|
}
|
133 |
|
|
elseif ($return == 'gid') {
|
134 |
|
|
return $group->gid;
|
135 |
|
|
}
|
136 |
|
|
else {
|
137 |
|
|
return FALSE;
|
138 |
|
|
}
|
139 |
|
|
}
|
140 |
|
|
|
141 |
|
|
/**
|
142 |
|
|
* Generic function to convert between query values and organic groups structures and attributes
|
143 |
|
|
*
|
144 |
be58a50c
|
Assos Assos
|
* @param mixed $entity_type signifies query value e.g. 'bakers', 7 etc.
|
145 |
|
|
* @param mixed $group_name signifies query type e.g. 'group_name', 'gid', etc.
|
146 |
|
|
*
|
147 |
85ad3d82
|
Assos Assos
|
* @return mixed organic group object, gid, label, etc.
|
148 |
|
|
*/
|
149 |
|
|
function ldap_authorization_og2_get_group_from_name($entity_type, $group_name) {
|
150 |
|
|
|
151 |
|
|
require_once(drupal_get_path('module', 'ldap_authorization_og') . '/LdapAuthorizationConsumerOG.class.php');
|
152 |
|
|
$group_entity = FALSE;
|
153 |
|
|
$group_entity_id = FALSE;
|
154 |
|
|
$query = new EntityFieldQuery();
|
155 |
|
|
$query->entityCondition('entity_type', $entity_type)
|
156 |
|
|
->propertyCondition('title', $group_name);
|
157 |
|
|
$result = $query->execute();
|
158 |
|
|
if (isset($result[$entity_type])) {
|
159 |
|
|
$group_ids = array_keys($result[$entity_type]);
|
160 |
|
|
if (count($group_ids) == 1) {
|
161 |
|
|
$group_entity = entity_load_single($entity_type, $group_ids[0]);
|
162 |
|
|
$group_entity_id = $group_ids[0];
|
163 |
|
|
}
|
164 |
|
|
}
|
165 |
|
|
|
166 |
|
|
return array($group_entity, $group_entity_id);
|
167 |
|
|
|
168 |
|
|
}
|
169 |
|
|
|
170 |
|
|
|
171 |
|
|
function ldap_authorization_og1_has_membership($gid, $uid) {
|
172 |
|
|
return (boolean)og_get_group_membership($gid, 'user', $uid);
|
173 |
|
|
}
|
174 |
|
|
/**
|
175 |
|
|
* Test if a user has a particular group role
|
176 |
|
|
*
|
177 |
|
|
* @param int $gid as og group id
|
178 |
|
|
* @param int $uid as user id
|
179 |
|
|
* @param string $rid as og role id
|
180 |
|
|
*
|
181 |
|
|
* @return boolean signifying if user has group x role
|
182 |
|
|
*/
|
183 |
|
|
function ldap_authorization_og1_has_role($gid, $uid, $rid) {
|
184 |
|
|
$roles = og_get_user_roles($gid, $uid);
|
185 |
|
|
return (is_array($roles) && in_array($rid, array_values($roles)));
|
186 |
|
|
}
|
187 |
|
|
|
188 |
|
|
/** avoid excessive calls to og_roles() **/
|
189 |
|
|
function ldap_authorization_og1_roles($reset = FALSE) {
|
190 |
|
|
static $roles;
|
191 |
|
|
if ($reset || !is_array($roles)) {
|
192 |
|
|
$roles = og_roles();
|
193 |
|
|
}
|
194 |
|
|
return $roles;
|
195 |
|
|
}
|
196 |
|
|
|
197 |
|
|
function ldap_authorization_og1_role_name_to_role_id($role_name) {
|
198 |
|
|
$roles = ldap_authorization_og1_roles();
|
199 |
|
|
return array_search($role_name, $roles); //empty($roles[$role_name]) ? FALSE : $roles[$role_name];
|
200 |
|
|
}
|
201 |
|
|
|
202 |
|
|
function ldap_authorization_og2_has_consumer_id($consumer_id, $uid) {
|
203 |
|
|
$parts = explode(':', $consumer_id);
|
204 |
|
|
$result = FALSE;
|
205 |
|
|
$watchdog_tokens = array(
|
206 |
|
|
'%consumer_id' => $consumer_id,
|
207 |
|
|
'%uid' => $uid,
|
208 |
|
|
);
|
209 |
|
|
if (count($parts) == 3) {
|
210 |
|
|
list($group_type, $gid, $rid) = $parts;
|
211 |
|
|
// need to make sure entity exists before calling og_get_user_roles which will throw fatal error
|
212 |
|
|
if ($group = entity_load_single($group_type, $gid)) {
|
213 |
|
|
if (og_is_group($group_type, $group)) {
|
214 |
|
|
$roles = og_get_user_roles($group_type, $gid, $uid, TRUE);
|
215 |
|
|
$result = isset($roles[$rid]);
|
216 |
|
|
}
|
217 |
|
|
else {
|
218 |
|
|
watchdog('ldap_authorization_og', "ldap_authorization_og2_has_consumer_id passed value of non og group consumer_id=%consumer_id, uid=%uid", $watchdog_tokens, WATCHDOG_ERROR);
|
219 |
|
|
}
|
220 |
|
|
}
|
221 |
|
|
else {
|
222 |
|
|
watchdog('ldap_authorization_og', "ldap_authorization_og2_has_consumer_id could not load entity requested: consumer_id=%consumer_id, uid=%uid", $watchdog_tokens, WATCHDOG_ERROR);
|
223 |
|
|
}
|
224 |
|
|
}
|
225 |
|
|
return $result;
|
226 |
|
|
}
|
227 |
|
|
|
228 |
|
|
// ldap_authorization_og2_has_role($og_students_node->nid, $web_user->uid, OG_AUTHENTICATED_ROLE)
|
229 |
|
|
function ldap_authorization_og2_has_role($group_type, $gid, $uid, $role_name) {
|
230 |
|
|
$roles = og_get_user_roles($group_type, $gid, $uid, TRUE); // array with rid as key and role name as value
|
231 |
|
|
return (is_array($roles) && in_array($role_name, array_values($roles)));
|
232 |
|
|
}
|
233 |
|
|
|
234 |
|
|
|
235 |
|
|
|
236 |
|
|
/**
|
237 |
|
|
* Derive og role id from role name
|
238 |
|
|
*
|
239 |
|
|
* @param string $role_name as og role name
|
240 |
|
|
* @return int og role id
|
241 |
|
|
*/
|
242 |
|
|
|
243 |
|
|
function ldap_authorization_og_rid_from_role_name($role_name) {
|
244 |
|
|
$roles = og_roles(0);
|
245 |
|
|
$rids = array_flip($roles);
|
246 |
|
|
return isset($rids[$role_name]) ? $rids[$role_name] : FALSE;
|
247 |
|
|
}
|
248 |
|
|
|
249 |
|
|
function ldap_authorization_og1_role_name_from_rid($rid) {
|
250 |
|
|
$roles = og_roles(0);
|
251 |
|
|
return isset($roles[$rid]) ? $roles[$rid] : FALSE;
|
252 |
|
|
}
|
253 |
|
|
|
254 |
|
|
function ldap_authorization_og2_rid_from_role_name($entity_type, $bundle, $gid, $role_name) {
|
255 |
|
|
$roles = og_roles($entity_type, $bundle, 0, FALSE, TRUE);
|
256 |
|
|
$roles_flipped = array_flip($roles);
|
257 |
|
|
return (empty($roles_flipped[$role_name])) ? NULL : $roles_flipped[$role_name];
|
258 |
|
|
}
|
259 |
|
|
|
260 |
|
|
function ldap_authorization_og_get_all_group_entities() {
|
261 |
|
|
$entities = array();
|
262 |
|
|
$group_entity_types = og_get_all_group_bundle();
|
263 |
|
|
foreach ($group_entity_types as $entity_type => $group) {
|
264 |
|
|
$entity_ids = og_get_all_group('node');
|
265 |
|
|
$entities[$entity_type] = entity_load('node', $entity_ids);
|
266 |
|
|
}
|
267 |
|
|
return $entities;
|
268 |
|
|
}
|
269 |
|
|
/**
|
270 |
|
|
* Implements hook_form_alter().
|
271 |
|
|
*/
|
272 |
|
|
function ldap_authorization_og_form_ldap_authorization_admin_form_alter(&$form, $form_state) {
|
273 |
|
|
if ($form['status']['consumer_type']['#value'] == 'og_group') {
|
274 |
|
|
$form['filter_and_mappings']['use_filter']['#description'] = t('This is a required option for Organic Groups. It is only displayed for consistency with other user interfaces.');
|
275 |
|
|
$form['filter_and_mappings']['use_filter']['#disabled'] = TRUE;
|
276 |
|
|
}
|
277 |
|
|
} |