AuthorizationProfile.php in Authorization 8
Namespace
Drupal\authorization\EntityFile
src/Entity/AuthorizationProfile.phpView source
<?php
declare (strict_types=1);
namespace Drupal\authorization\Entity;
use Drupal\authorization\consumer\ConsumerInterface;
use Drupal\authorization\provider\ProviderInterface;
use Drupal\authorization\AuthorizationResponse;
use Drupal\authorization\AuthorizationSkipAuthorization;
use Drupal\Core\Config\Entity\ConfigEntityBase;
use Drupal\Core\StringTranslation\StringTranslationTrait;
use Drupal\user\UserInterface;
/**
* Defines the Authorization profile entity.
*
* @ConfigEntityType(
* id = "authorization_profile",
* label = @Translation("Authorization profile"),
* handlers = {
* "list_builder" = "Drupal\authorization\AuthorizationProfileListBuilder",
* "form" = {
* "add" = "Drupal\authorization\Form\AuthorizationProfileForm",
* "edit" = "Drupal\authorization\Form\AuthorizationProfileForm",
* "delete" = "Drupal\authorization\Form\AuthorizationProfileDeleteForm"
* }
* },
* config_prefix = "authorization_profile",
* config_export = {
* "id",
* "label",
* "description",
* "provider",
* "consumer",
* "provider",
* "provider_config",
* "provider_mappings",
* "consumer",
* "consumer_config",
* "consumer_mappings",
* "synchronization_modes",
* "synchronization_actions",
* },
* admin_permission = "administer site configuration",
* entity_keys = {
* "id" = "id",
* "label" = "label",
* "uuid" = "uuid"
* },
* links = {
* "canonical" = "/admin/config/people/authorization/{authorization_profile}",
* "edit-form" = "/admin/config/people/authorization/profile/{authorization_profile}/edit",
* "delete-form" = "/admin/config/people/authorization/profile/{authorization_profile}/delete",
* "collection" = "/admin/config/people/authorization/profile"
* }
* )
*/
class AuthorizationProfile extends ConfigEntityBase {
use StringTranslationTrait;
/**
* The Authorization profile ID.
*
* @var string
*/
protected $id;
/**
* The Authorization profile label.
*
* @var string
*/
protected $label;
/**
* A description of the profile.
*
* @var string
*/
protected $description;
/**
* The id of the Authorization provider.
*
* @var string
*/
protected $provider;
/**
* The id of the Authorization consumer.
*
* @var string
*/
protected $consumer;
/**
* The provider plugin configuration.
*
* @var array
*/
protected $provider_config = [];
/**
* The provider plugin mappings.
*
* @var array
*/
protected $provider_mappings = [];
/**
* The provider plugin instance.
*
* @var \Drupal\authorization\provider\ProviderInterface
*/
protected $provider_plugin;
/**
* The consumer plugin configuration.
*
* @var array
*/
protected $consumer_config = [];
/**
* The consumer plugin mappings.
*
* @var array
*/
protected $consumer_mappings = [];
/**
* The consumer plugin instance.
*
* @var \Drupal\authorization\consumer\ConsumerInterface
*/
protected $consumer_plugin;
/**
* The provider plugin manager.
*
* @var \Drupal\authorization\Provider\ProviderPluginManager
*/
protected $provider_plugin_manager;
/**
* The consumer plugin maanger.
*
* @var \Drupal\authorization\Consumer\ConsumerPluginManager
*/
protected $consumer_plugin_manager;
/**
* The authorization logger channel.
*
* @var \Psr\Log\LoggerInterface
*/
protected $logger;
/**
* {@inheritdoc}
*/
public function __construct($values, $entity_type) {
parent::__construct($values, $entity_type);
// Cannot inject those without moving the logic to a controller class, (see
// https://www.drupal.org/node/2913224).
$this->provider_plugin_manager = \Drupal::service('plugin.manager.authorization.provider');
$this->consumer_plugin_manager = \Drupal::service('plugin.manager.authorization.consumer');
$this->logger = \Drupal::service('logger.channel.authorization');
}
/**
* Get description.
*
* @return string
* Description.
*/
public function getDescription() : string {
return $this->description;
}
/**
* Get the Provider ID.
*
* @return string
* Provider ID.
*/
public function getProviderId() : ?string {
return $this->provider;
}
/**
* Get the Consumer ID.
*
* @return string
* Consumer ID.
*/
public function getConsumerId() : ?string {
return $this->consumer;
}
/**
* Does the profile have valid providers?
*
* @return bool
* Provider valid.
*/
public function hasValidProvider() : bool {
if ($this->provider_plugin_manager
->getDefinition($this
->getProviderId(), FALSE)) {
return TRUE;
}
return FALSE;
}
/**
* Does the consumer have valid providers?
*
* @return bool
* Consumer valid.
*/
public function hasValidConsumer() : bool {
if ($this->consumer_plugin_manager
->getDefinition($this
->getconsumerId(), FALSE)) {
return TRUE;
}
return FALSE;
}
/**
* Get the active provider.
*
* @return \Drupal\authorization\provider\ProviderInterface|null
* The active provider.
*/
public function getProvider() : ?ProviderInterface {
if (!$this->provider_plugin || $this
->getProviderId() !== $this->provider_plugin
->getPluginId()) {
$this
->loadProviderPlugin();
}
return $this->provider_plugin;
}
/**
* Get the active consumer.
*
* @return \Drupal\authorization\consumer\ConsumerInterface|null
* The active consumer.
*/
public function getConsumer() : ?ConsumerInterface {
if (!$this->consumer_plugin || $this
->getConsumerId() !== $this->consumer_plugin
->getPluginId()) {
$this
->loadConsumerPlugin();
}
return $this->consumer_plugin;
}
/**
* Load the provider plugin.
*/
private function loadProviderPlugin() : void {
$config = $this
->getProviderConfig();
$config['profile'] = $this;
try {
$this->provider_plugin = $this->provider_plugin_manager
->createInstance($this
->getProviderId(), $config);
} catch (\Exception $e) {
$this->logger
->critical('The provider with ID "@provider" could not be retrieved for profile %profile.', [
'@provider' => $this
->getProviderId(),
'%profile' => $this
->label(),
]);
}
}
/**
* Load the consumer plugin.
*/
private function loadConsumerPlugin() : void {
$config = $this
->getConsumerConfig();
$config['profile'] = $this;
try {
$this->consumer_plugin = $this->consumer_plugin_manager
->createInstance($this
->getConsumerId(), $config);
} catch (\Exception $e) {
$this->logger
->critical('The consumer with ID "@consumer" could not be retrieved for profile %profile.', [
'@provider' => $this
->getProviderId(),
'%profile' => $this
->label(),
]);
}
}
/**
* Get the configuration of the provider.
*
* @return array
* General configuration of the provider in the profile.
*/
public function getProviderConfig() : array {
return $this->provider_config;
}
/**
* Get the configuration of the consumer.
*
* @return array
* General configuration of the consumer in the profile.
*/
public function getConsumerConfig() : array {
return $this->consumer_config;
}
/**
* Returns the currently set provider mappings.
*
* @return array
* Provider mappings.
*/
public function getProviderMappings() : array {
return $this->provider_mappings;
}
/**
* Get the consumer mappings.
*
* @return array
* Consumer mappings.
*/
public function getConsumerMappings() : array {
return $this->consumer_mappings;
}
/**
* Set the configuration of the provider.
*
* Function not in use, declared by the form directly.
*
* @param array $provider_config
* Provider config to set.
*/
public function setProviderConfig(array $provider_config) : void {
$this->provider_config = $provider_config;
}
/**
* Set the consumer configuration.
*
* Function not in use, declared by the form directly.
*
* @param array $consumer_config
* General configuration of the consumer in the profile.
*/
public function setConsumerConfig(array $consumer_config) : void {
$this->consumer_config = $consumer_config;
}
/**
* Set the provider mappings.
*
* @param array $provider_mappings
* Provider mappings.
*/
public function setProviderMappings(array $provider_mappings) : void {
$this->provider_mappings = $provider_mappings;
}
/**
* Set the consumer mappings.
*
* @param array $consumer_mappings
* Consumer mappings.
*/
public function setConsumerMappings(array $consumer_mappings) : void {
$this->consumer_mappings = $consumer_mappings;
}
/**
* Return global tokens for output regarding this profile.
*
* @return array
* Token strings.
*/
public function getTokens() : array {
$tokens = [];
$tokens['@profile_name'] = $this->label;
return $tokens;
}
/**
* Check if the profile is available.
*
* @return bool
* Profile valid.
*/
public function checkConditions() : bool {
if (!$this
->get('status')) {
return FALSE;
}
if (!$this
->getProvider()) {
return FALSE;
}
if (!$this
->getConsumer()) {
return FALSE;
}
return TRUE;
}
/**
* Perform grant and revokes.
*
* @param \Drupal\user\UserInterface $user
* The user to work on.
* @param bool $user_save
* Whether to directly save the user. Note that the object itself, passed
* by reference, can still be save outside of this scope by later code.
*
* @return \Drupal\authorization\AuthorizationResponse
* Responses.
*/
public function grantsAndRevokes(UserInterface $user, $user_save = FALSE) : AuthorizationResponse {
$provider = $this
->getProvider();
$consumer = $this
->getConsumer();
try {
$proposals = $provider
->getProposals($user);
} catch (AuthorizationSkipAuthorization $e) {
return new AuthorizationResponse((string) $this
->t('@name (skipped)', [
'@name' => $this->label,
]), TRUE, []);
}
$proposals = $provider
->sanitizeProposals($proposals);
$applied_grants = [];
// @todo This could be made more elegant with methods on this class checking
// for support on this and not checking here the array key directly.
$create_consumers = $this
->get('synchronization_actions')['create_consumers'] ?? FALSE;
$revoke_provision = $this
->get('synchronization_actions')['revoke_provider_provisioned'] ?? FALSE;
foreach ($this
->getProviderMappings() as $provider_key => $provider_mapping) {
$provider_proposals = $provider
->filterProposals($proposals, $provider_mapping);
$filtered_proposals = $consumer
->filterProposals($provider_proposals, $this
->getConsumerMappings()[$provider_key]);
if (!empty($filtered_proposals)) {
foreach ($filtered_proposals as $filtered_proposal) {
if ($create_consumers) {
$consumer
->createConsumerTarget($filtered_proposal);
}
$consumer
->grantSingleAuthorization($user, $filtered_proposal);
$applied_grants[$filtered_proposal] = $filtered_proposal;
}
}
}
if ($revoke_provision) {
$consumer
->revokeGrants($user, $applied_grants);
}
if ($user_save === TRUE) {
$user
->save();
}
return new AuthorizationResponse($this->label, FALSE, $applied_grants);
}
}
Classes
Name | Description |
---|---|
AuthorizationProfile | Defines the Authorization profile entity. |