protected function LdapAuthorizationConsumerAbstract::grantsAndRevokes in Lightweight Directory Access Protocol (LDAP) 7
Same name and namespace in other branches
- 8.2 ldap_authorization/LdapAuthorizationConsumerAbstract.class.php \LdapAuthorizationConsumerAbstract::grantsAndRevokes()
- 7.2 ldap_authorization/LdapAuthorizationConsumerAbstract.class.php \LdapAuthorizationConsumerAbstract::grantsAndRevokes()
Parameters
string $op 'grant' or 'revoke' signifying what to do with the $consumer_ids:
drupal user object $object:
array $user_auth_data is array specific to this consumer_type. Stored at $user->data['ldap_authorizations'][<consumer_type>]:
array $consumer_ids (aka $authorization_ids) e.g. array(id1, id2, ...):
array $ldap_entry, when available user's ldap entry.:
boolean $user_save indicates is user data array should be saved or not. this depends on the implementation calling this function:
2 calls to LdapAuthorizationConsumerAbstract::grantsAndRevokes()
- LdapAuthorizationConsumerAbstract::authorizationGrant in ldap_authorization/
LdapAuthorizationConsumerAbstract.class.php - grant authorizations to a user
- LdapAuthorizationConsumerAbstract::authorizationRevoke in ldap_authorization/
LdapAuthorizationConsumerAbstract.class.php - revoke authorizations to a user
File
- ldap_authorization/
LdapAuthorizationConsumerAbstract.class.php, line 213 - abstract class to represent an ldap_authorization consumer such as drupal_role, og_group, etc. each authorization comsumer will extend this class with its own class named LdapAuthorizationConsumer<consumer type> such as…
Class
- LdapAuthorizationConsumerAbstract
- @file abstract class to represent an ldap_authorization consumer such as drupal_role, og_group, etc. each authorization comsumer will extend this class with its own class named LdapAuthorizationConsumer<consumer type> such as…
Code
protected function grantsAndRevokes($op, &$user, &$user_auth_data, $consumer_ids, &$ldap_entry = NULL, $user_save = TRUE) {
if (!is_array($user_auth_data)) {
$user_auth_data = array();
}
$detailed_watchdog_log = variable_get('ldap_help_watchdog_detail', 0);
$this
->sortConsumerIds($op, $consumer_ids);
$results = array();
$watchdog_tokens = array();
if (!is_array($consumer_ids)) {
$consumer_ids = array(
$consumer_ids,
);
}
$watchdog_tokens['%username'] = $user->name;
$watchdog_tokens['%action'] = $op;
$watchdog_tokens['%user_save'] = $user_save;
$consumer_ids_log = array();
$users_authorization_ids = $this
->usersAuthorizations($user);
$watchdog_tokens['%users_authorization_ids'] = join(', ', $users_authorization_ids);
if ($detailed_watchdog_log) {
watchdog('ldap_authorization', "on call of grantsAndRevokes: user_auth_data=" . print_r($user_auth_data, TRUE), $watchdog_tokens, WATCHDOG_DEBUG);
}
foreach ($consumer_ids as $consumer_id) {
if ($detailed_watchdog_log) {
watchdog('ldap_authorization', "consumer_id={$consumer_id}, user_save={$user_save}, op={$op}", $watchdog_tokens, WATCHDOG_DEBUG);
}
$log = "consumer_id={$consumer_id}, op={$op},";
$results[$consumer_id] = TRUE;
if ($op == 'grant' && in_array($consumer_id, $users_authorization_ids) && !isset($user_auth_data[$consumer_id])) {
// authorization id already exists for user, but is not ldap provisioned. mark as ldap provisioned, but don't regrant
$user_auth_data[$consumer_id] = array(
'date_granted' => time(),
);
}
elseif ($op == 'grant' && !in_array($consumer_id, $users_authorization_ids)) {
$log .= " grant existing consumer id ({$consumer_id}), ";
if (!in_array($consumer_id, $this
->availableConsumerIDs(TRUE))) {
$log .= "consumer id not available for {$op}, ";
if ($this->allowConsumerObjectCreation) {
$this
->createConsumers(array(
$consumer_id,
));
if (in_array($consumer_id, $this
->availableConsumerIDs(TRUE))) {
if ($detailed_watchdog_log) {
watchdog('ldap_authorization', "grantSingleAuthorization : consumer_id={$consumer_id}, op={$op}", $watchdog_tokens, WATCHDOG_DEBUG);
}
$this
->grantSingleAuthorization($user, $consumer_id, $user_auth_data);
// allow consuming module to add additional data to $user_auth_data
$user_auth_data[$consumer_id] = array(
'date_granted' => time(),
);
$log .= "created consumer object, ";
}
else {
$log .= "tried and failed to create consumer object, ";
$results[$consumer_id] = FALSE;
// out of luck, failed to create consumer id
}
}
else {
$log .= "consumer does not support creating consumer object, ";
// out of luck. can't create new consumer id.
$results[$consumer_id] = FALSE;
}
}
if ($results[$consumer_id]) {
if ($detailed_watchdog_log) {
watchdog('ldap_authorization', "grantSingleAuthorization : consumer_id={$consumer_id}, op={$op}", $watchdog_tokens, WATCHDOG_DEBUG);
}
$log .= "granting existing consumer object, ";
$results[$consumer_id] = $this
->grantSingleAuthorization($user, $consumer_id, $user_auth_data);
// allow consuming module to add additional data to $user_auth_data
if ($results[$consumer_id]) {
$user_auth_data[$consumer_id] = array(
'date_granted' => time(),
);
}
$log .= t(',result=') . (bool) $results[$consumer_id];
}
}
elseif ($op == 'revoke') {
if (isset($user_auth_data[$consumer_id])) {
$log .= "revoking existing consumer object, ";
if (in_array($consumer_id, $users_authorization_ids)) {
$results[$consumer_id] = $this
->revokeSingleAuthorization($user, $consumer_id, $user_auth_data);
// defer to default for $user_save param
if ($results[$consumer_id]) {
unset($user_auth_data[$consumer_id]);
}
$log .= t(',result=') . (bool) $results[$consumer_id];
}
else {
unset($user_auth_data[$consumer_id]);
}
}
}
$consumer_ids_log[] = $log;
if ($detailed_watchdog_log) {
watchdog('ldap_authorization', "user_auth_data after consumer {$consumer_id}" . print_r($user_auth_data, TRUE), $watchdog_tokens, WATCHDOG_DEBUG);
}
$watchdog_tokens['%consumer_ids_log'] = count($consumer_ids_log) ? join('<hr/>', $consumer_ids_log) : t('no actions');
}
if ($user_save) {
$user = user_load($user->uid, TRUE);
$user_edit = $user->data;
$user_edit['data']['ldap_authorizations'][$this->consumerType] = $user_auth_data;
$user = user_save($user, $user_edit);
}
watchdog('ldap_authorization', '%username:
<hr/>LdapAuthorizationConsumerAbstract grantsAndRevokes() method log. action=%action:<br/> %consumer_ids_log
', $watchdog_tokens, WATCHDOG_DEBUG);
}