You are here

Home » API reference » Authorization 8 » AuthorizationProfile.php » AuthorizationProfile

public function AuthorizationProfile::grantsAndRevokes in Authorization 8

Perform grant and revokes.

Parameters

\Drupal\user\UserInterface $user: The user to work on.

bool $user_save: Whether to directly save the user. Note that the object itself, passed by reference, can still be save outside of this scope by later code.

Return value

\Drupal\authorization\AuthorizationResponse Responses.

File

src/Entity/AuthorizationProfile.php, line 425

Class

AuthorizationProfile
Defines the Authorization profile entity.

Namespace

Drupal\authorization\Entity

Code

public function grantsAndRevokes(UserInterface $user, $user_save = FALSE) : AuthorizationResponse {
  $provider = $this
    ->getProvider();
  $consumer = $this
    ->getConsumer();
  try {
    $proposals = $provider
      ->getProposals($user);
  } catch (AuthorizationSkipAuthorization $e) {
    return new AuthorizationResponse((string) $this
      ->t('@name (skipped)', [
      '@name' => $this->label,
    ]), TRUE, []);
  }
  $proposals = $provider
    ->sanitizeProposals($proposals);
  $applied_grants = [];

  // @todo This could be made more elegant with methods on this class checking
  // for support on this and not checking here the array key directly.
  $create_consumers = $this
    ->get('synchronization_actions')['create_consumers'] ?? FALSE;
  $revoke_provision = $this
    ->get('synchronization_actions')['revoke_provider_provisioned'] ?? FALSE;
  foreach ($this
    ->getProviderMappings() as $provider_key => $provider_mapping) {
    $provider_proposals = $provider
      ->filterProposals($proposals, $provider_mapping);
    $filtered_proposals = $consumer
      ->filterProposals($provider_proposals, $this
      ->getConsumerMappings()[$provider_key]);
    if (!empty($filtered_proposals)) {
      foreach ($filtered_proposals as $filtered_proposal) {
        if ($create_consumers) {
          $consumer
            ->createConsumerTarget($filtered_proposal);
        }
        $consumer
          ->grantSingleAuthorization($user, $filtered_proposal);
        $applied_grants[$filtered_proposal] = $filtered_proposal;
      }
    }
  }
  if ($revoke_provision) {
    $consumer
      ->revokeGrants($user, $applied_grants);
  }
  if ($user_save === TRUE) {
    $user
      ->save();
  }
  return new AuthorizationResponse($this->label, FALSE, $applied_grants);
}