1
|
<?php
|
2
|
|
3
|
/** @file
|
4
|
*
|
5
|
* controls organic group membership based on LDAP values
|
6
|
*
|
7
|
*/
|
8
|
|
9
|
/**
|
10
|
* Implements hook_ldap_authorization_consumer().
|
11
|
*/
|
12
|
|
13
|
function ldap_authorization_og_ldap_authorization_consumer() {
|
14
|
$types['og_group'] = array(
|
15
|
'consumer_name' => t('OG group'),
|
16
|
'consumer_name_plural' => t('OG groups'),
|
17
|
'consumer_short_name' => t('group'),
|
18
|
'consumer_short_name_plural' => t('groups'),
|
19
|
'consumer_description' => t('An OG group.'),
|
20
|
'consumer_class_name' => 'LdapAuthorizationConsumerOG',
|
21
|
'consumer_class_file' => 'LdapAuthorizationConsumerOG.class.php',
|
22
|
'consumer_module' => 'ldap_authorization_og',
|
23
|
);
|
24
|
|
25
|
if (ldap_authorization_og_og_version() == 1) {
|
26
|
$types['og_group']['consumer_mapping_directions'] = 'Mappings should be of form:<br/>
|
27
|
<code>[raw authorization id]|[og group match field]=[og group match id],[og role match field]=[og role match id]</code>
|
28
|
<br/>such as:<br/>
|
29
|
<code>
|
30
|
Student Accounts|group-name=students,role-name=member<br/>
|
31
|
cn=honors students,ou=groups,dc=hogwarts,dc=edu|gid=7,rid=28<br/>
|
32
|
</code>';
|
33
|
}
|
34
|
else {
|
35
|
$types['og_group']['consumer_mapping_directions'] = 'Mappings should be of form:<br/>
|
36
|
<code>[raw authorization id]|[og entity type]:[og entity id or title]:[og role id]</code>
|
37
|
<br/>[og entity type] is generally "node"
|
38
|
<br/>[og entity id or title] can be the groups title or entity id. <strong>Titles with ":"s in them may not be used</strong>.
|
39
|
<br/>when [og role id] is left off, default role is used.
|
40
|
<br/>such as:<br/>
|
41
|
<code>
|
42
|
Student Accounts|node:17:2<br/>
|
43
|
cn=honors students,ou=groups,dc=hogwarts,dc=edu|node:honors students<br/>
|
44
|
cn=gryffindor,ou=groups,dc=hogwarts,dc=edu|node:gryffindor:3<br/>
|
45
|
</code>';
|
46
|
}
|
47
|
return $types;
|
48
|
}
|
49
|
|
50
|
/**
|
51
|
* Format authorization id
|
52
|
*
|
53
|
* @param int $gid as organic group gid
|
54
|
* @param int $rid as organic group rig
|
55
|
* @param array $group_entity as entity associated with organic group
|
56
|
*
|
57
|
* @return string "normalized" authorization id such as 3-3
|
58
|
*/
|
59
|
function ldap_authorization_og_authorization_id($gid, $rid, $entity_type = 'node') {
|
60
|
return (ldap_authorization_og_og_version() == 1) ? $gid . '-' . $rid : join(':', array($entity_type, $gid, $rid));
|
61
|
}
|
62
|
|
63
|
|
64
|
function ldap_authorization_og_og_version() {
|
65
|
return (function_exists('og_action_info')) ? 2 : 1;
|
66
|
}
|
67
|
|
68
|
/**
|
69
|
* Convert entity id to group id
|
70
|
*
|
71
|
* @param int $entity_id as id of entity associated with organic group
|
72
|
* @return int og group id
|
73
|
*/
|
74
|
function ldap_authorization_og1_entity_id_to_gid($entity_id) {
|
75
|
|
76
|
$gid = db_select('og', 'og')
|
77
|
->fields('og', array('gid'))
|
78
|
->condition('og.etid', $entity_id, '=')
|
79
|
->range(0, 1)
|
80
|
->execute()
|
81
|
->fetchField();
|
82
|
return ($gid && is_scalar($gid)) ? $gid : FALSE;
|
83
|
|
84
|
}
|
85
|
|
86
|
/**
|
87
|
* Convert entity id to group id
|
88
|
*
|
89
|
* @param int $entity_id as id of entity associated with organic group
|
90
|
* @return int og group id
|
91
|
*/
|
92
|
function ldap_authorization_og1_group_name_to_gid($group_name) {
|
93
|
|
94
|
$gid = db_select('og', 'og')
|
95
|
->fields('og', array('gid'))
|
96
|
->condition('og.label', $group_name, '=')
|
97
|
->range(0, 1)
|
98
|
->execute()
|
99
|
->fetchField();
|
100
|
return ($gid && is_scalar($gid)) ? $gid : FALSE;
|
101
|
|
102
|
}
|
103
|
|
104
|
|
105
|
/**
|
106
|
* Generic function to convert between query values and organic groups structures and attributes
|
107
|
*
|
108
|
* @param mixed $value signifies query value e.g. 'bakers', 7 etc.
|
109
|
* @param mixed $value_type signifies query type e.g. 'group_name', 'gid', etc.
|
110
|
* @param string $return signifying return type. e.g. 'object', 'label', 'name', 'gid'
|
111
|
* @return mixed organic group object, gid, label, etc.
|
112
|
*/
|
113
|
function ldap_authorization_og1_get_group($value, $value_type = 'group_name', $return = 'object') {
|
114
|
|
115
|
if ($value_type == 'gid') {
|
116
|
$group = og_load($value);
|
117
|
}
|
118
|
elseif ($value_type == 'group_name') {
|
119
|
$gid = ldap_authorization_og1_group_name_to_gid($value);
|
120
|
$group = ($gid) ? og_load($gid) : FALSE;
|
121
|
}
|
122
|
|
123
|
if (!$group || !is_object($group)) {
|
124
|
return FALSE;
|
125
|
}
|
126
|
if ($return == 'object' && is_object($group)) {
|
127
|
$group_entity = node_load($group->etid);
|
128
|
return array($group, $group_entity);
|
129
|
}
|
130
|
elseif ($return == 'label' || $return == 'name') {
|
131
|
return $group->label;
|
132
|
}
|
133
|
elseif ($return == 'gid') {
|
134
|
return $group->gid;
|
135
|
}
|
136
|
else {
|
137
|
return FALSE;
|
138
|
}
|
139
|
}
|
140
|
|
141
|
/**
|
142
|
* Generic function to convert between query values and organic groups structures and attributes
|
143
|
*
|
144
|
* @param mixed $entity_type signifies query value e.g. 'bakers', 7 etc.
|
145
|
* @param mixed $group_name signifies query type e.g. 'group_name', 'gid', etc.
|
146
|
*
|
147
|
* @return mixed organic group object, gid, label, etc.
|
148
|
*/
|
149
|
function ldap_authorization_og2_get_group_from_name($entity_type, $group_name) {
|
150
|
|
151
|
require_once(drupal_get_path('module', 'ldap_authorization_og') . '/LdapAuthorizationConsumerOG.class.php');
|
152
|
$group_entity = FALSE;
|
153
|
$group_entity_id = FALSE;
|
154
|
$query = new EntityFieldQuery();
|
155
|
$query->entityCondition('entity_type', $entity_type)
|
156
|
->propertyCondition('title', $group_name);
|
157
|
$result = $query->execute();
|
158
|
if (isset($result[$entity_type])) {
|
159
|
$group_ids = array_keys($result[$entity_type]);
|
160
|
if (count($group_ids) == 1) {
|
161
|
$group_entity = entity_load_single($entity_type, $group_ids[0]);
|
162
|
$group_entity_id = $group_ids[0];
|
163
|
}
|
164
|
}
|
165
|
|
166
|
return array($group_entity, $group_entity_id);
|
167
|
|
168
|
}
|
169
|
|
170
|
|
171
|
function ldap_authorization_og1_has_membership($gid, $uid) {
|
172
|
return (boolean)og_get_group_membership($gid, 'user', $uid);
|
173
|
}
|
174
|
/**
|
175
|
* Test if a user has a particular group role
|
176
|
*
|
177
|
* @param int $gid as og group id
|
178
|
* @param int $uid as user id
|
179
|
* @param string $rid as og role id
|
180
|
*
|
181
|
* @return boolean signifying if user has group x role
|
182
|
*/
|
183
|
function ldap_authorization_og1_has_role($gid, $uid, $rid) {
|
184
|
$roles = og_get_user_roles($gid, $uid);
|
185
|
return (is_array($roles) && in_array($rid, array_values($roles)));
|
186
|
}
|
187
|
|
188
|
/** avoid excessive calls to og_roles() **/
|
189
|
function ldap_authorization_og1_roles($reset = FALSE) {
|
190
|
static $roles;
|
191
|
if ($reset || !is_array($roles)) {
|
192
|
$roles = og_roles();
|
193
|
}
|
194
|
return $roles;
|
195
|
}
|
196
|
|
197
|
function ldap_authorization_og1_role_name_to_role_id($role_name) {
|
198
|
$roles = ldap_authorization_og1_roles();
|
199
|
return array_search($role_name, $roles); //empty($roles[$role_name]) ? FALSE : $roles[$role_name];
|
200
|
}
|
201
|
|
202
|
function ldap_authorization_og2_has_consumer_id($consumer_id, $uid) {
|
203
|
$parts = explode(':', $consumer_id);
|
204
|
$result = FALSE;
|
205
|
$watchdog_tokens = array(
|
206
|
'%consumer_id' => $consumer_id,
|
207
|
'%uid' => $uid,
|
208
|
);
|
209
|
if (count($parts) == 3) {
|
210
|
list($group_type, $gid, $rid) = $parts;
|
211
|
// need to make sure entity exists before calling og_get_user_roles which will throw fatal error
|
212
|
if ($group = entity_load_single($group_type, $gid)) {
|
213
|
if (og_is_group($group_type, $group)) {
|
214
|
$roles = og_get_user_roles($group_type, $gid, $uid, TRUE);
|
215
|
$result = isset($roles[$rid]);
|
216
|
}
|
217
|
else {
|
218
|
watchdog('ldap_authorization_og', "ldap_authorization_og2_has_consumer_id passed value of non og group consumer_id=%consumer_id, uid=%uid", $watchdog_tokens, WATCHDOG_ERROR);
|
219
|
}
|
220
|
}
|
221
|
else {
|
222
|
watchdog('ldap_authorization_og', "ldap_authorization_og2_has_consumer_id could not load entity requested: consumer_id=%consumer_id, uid=%uid", $watchdog_tokens, WATCHDOG_ERROR);
|
223
|
}
|
224
|
}
|
225
|
return $result;
|
226
|
}
|
227
|
|
228
|
// ldap_authorization_og2_has_role($og_students_node->nid, $web_user->uid, OG_AUTHENTICATED_ROLE)
|
229
|
function ldap_authorization_og2_has_role($group_type, $gid, $uid, $role_name) {
|
230
|
$roles = og_get_user_roles($group_type, $gid, $uid, TRUE); // array with rid as key and role name as value
|
231
|
return (is_array($roles) && in_array($role_name, array_values($roles)));
|
232
|
}
|
233
|
|
234
|
|
235
|
|
236
|
/**
|
237
|
* Derive og role id from role name
|
238
|
*
|
239
|
* @param string $role_name as og role name
|
240
|
* @return int og role id
|
241
|
*/
|
242
|
|
243
|
function ldap_authorization_og_rid_from_role_name($role_name) {
|
244
|
$roles = og_roles(0);
|
245
|
$rids = array_flip($roles);
|
246
|
return isset($rids[$role_name]) ? $rids[$role_name] : FALSE;
|
247
|
}
|
248
|
|
249
|
function ldap_authorization_og1_role_name_from_rid($rid) {
|
250
|
$roles = og_roles(0);
|
251
|
return isset($roles[$rid]) ? $roles[$rid] : FALSE;
|
252
|
}
|
253
|
|
254
|
function ldap_authorization_og2_rid_from_role_name($entity_type, $bundle, $gid, $role_name) {
|
255
|
$roles = og_roles($entity_type, $bundle, 0, FALSE, TRUE);
|
256
|
$roles_flipped = array_flip($roles);
|
257
|
return (empty($roles_flipped[$role_name])) ? NULL : $roles_flipped[$role_name];
|
258
|
}
|
259
|
|
260
|
function ldap_authorization_og_get_all_group_entities() {
|
261
|
$entities = array();
|
262
|
$group_entity_types = og_get_all_group_bundle();
|
263
|
foreach ($group_entity_types as $entity_type => $group) {
|
264
|
$entity_ids = og_get_all_group('node');
|
265
|
$entities[$entity_type] = entity_load('node', $entity_ids);
|
266
|
}
|
267
|
return $entities;
|
268
|
}
|
269
|
/**
|
270
|
* Implements hook_form_alter().
|
271
|
*/
|
272
|
function ldap_authorization_og_form_ldap_authorization_admin_form_alter(&$form, $form_state) {
|
273
|
if ($form['status']['consumer_type']['#value'] == 'og_group') {
|
274
|
$form['filter_and_mappings']['use_filter']['#description'] = t('This is a required option for Organic Groups. It is only displayed for consistency with other user interfaces.');
|
275
|
$form['filter_and_mappings']['use_filter']['#disabled'] = TRUE;
|
276
|
}
|
277
|
}
|