You are here

protected function LdapAuthorizationConsumerAbstract::grantsAndRevokes in Lightweight Directory Access Protocol (LDAP) 7

Same name and namespace in other branches
  1. 8.2 ldap_authorization/LdapAuthorizationConsumerAbstract.class.php \LdapAuthorizationConsumerAbstract::grantsAndRevokes()
  2. 7.2 ldap_authorization/LdapAuthorizationConsumerAbstract.class.php \LdapAuthorizationConsumerAbstract::grantsAndRevokes()

Parameters

string $op 'grant' or 'revoke' signifying what to do with the $consumer_ids:

drupal user object $object:

array $user_auth_data is array specific to this consumer_type. Stored at $user->data['ldap_authorizations'][<consumer_type>]:

array $consumer_ids (aka $authorization_ids) e.g. array(id1, id2, ...):

array $ldap_entry, when available user's ldap entry.:

boolean $user_save indicates is user data array should be saved or not. this depends on the implementation calling this function:

2 calls to LdapAuthorizationConsumerAbstract::grantsAndRevokes()
LdapAuthorizationConsumerAbstract::authorizationGrant in ldap_authorization/LdapAuthorizationConsumerAbstract.class.php
grant authorizations to a user
LdapAuthorizationConsumerAbstract::authorizationRevoke in ldap_authorization/LdapAuthorizationConsumerAbstract.class.php
revoke authorizations to a user

File

ldap_authorization/LdapAuthorizationConsumerAbstract.class.php, line 213
abstract class to represent an ldap_authorization consumer such as drupal_role, og_group, etc. each authorization comsumer will extend this class with its own class named LdapAuthorizationConsumer<consumer type> such as…

Class

LdapAuthorizationConsumerAbstract
@file abstract class to represent an ldap_authorization consumer such as drupal_role, og_group, etc. each authorization comsumer will extend this class with its own class named LdapAuthorizationConsumer<consumer type> such as…

Code

protected function grantsAndRevokes($op, &$user, &$user_auth_data, $consumer_ids, &$ldap_entry = NULL, $user_save = TRUE) {
  if (!is_array($user_auth_data)) {
    $user_auth_data = array();
  }
  $detailed_watchdog_log = variable_get('ldap_help_watchdog_detail', 0);
  $this
    ->sortConsumerIds($op, $consumer_ids);
  $results = array();
  $watchdog_tokens = array();
  if (!is_array($consumer_ids)) {
    $consumer_ids = array(
      $consumer_ids,
    );
  }
  $watchdog_tokens['%username'] = $user->name;
  $watchdog_tokens['%action'] = $op;
  $watchdog_tokens['%user_save'] = $user_save;
  $consumer_ids_log = array();
  $users_authorization_ids = $this
    ->usersAuthorizations($user);
  $watchdog_tokens['%users_authorization_ids'] = join(', ', $users_authorization_ids);
  if ($detailed_watchdog_log) {
    watchdog('ldap_authorization', "on call of grantsAndRevokes: user_auth_data=" . print_r($user_auth_data, TRUE), $watchdog_tokens, WATCHDOG_DEBUG);
  }
  foreach ($consumer_ids as $consumer_id) {
    if ($detailed_watchdog_log) {
      watchdog('ldap_authorization', "consumer_id={$consumer_id}, user_save={$user_save}, op={$op}", $watchdog_tokens, WATCHDOG_DEBUG);
    }
    $log = "consumer_id={$consumer_id}, op={$op},";
    $results[$consumer_id] = TRUE;
    if ($op == 'grant' && in_array($consumer_id, $users_authorization_ids) && !isset($user_auth_data[$consumer_id])) {

      // authorization id already exists for user, but is not ldap provisioned.  mark as ldap provisioned, but don't regrant
      $user_auth_data[$consumer_id] = array(
        'date_granted' => time(),
      );
    }
    elseif ($op == 'grant' && !in_array($consumer_id, $users_authorization_ids)) {
      $log .= " grant existing consumer id ({$consumer_id}), ";
      if (!in_array($consumer_id, $this
        ->availableConsumerIDs(TRUE))) {
        $log .= "consumer id not available for {$op}, ";
        if ($this->allowConsumerObjectCreation) {
          $this
            ->createConsumers(array(
            $consumer_id,
          ));
          if (in_array($consumer_id, $this
            ->availableConsumerIDs(TRUE))) {
            if ($detailed_watchdog_log) {
              watchdog('ldap_authorization', "grantSingleAuthorization : consumer_id={$consumer_id}, op={$op}", $watchdog_tokens, WATCHDOG_DEBUG);
            }
            $this
              ->grantSingleAuthorization($user, $consumer_id, $user_auth_data);

            // allow consuming module to add additional data to $user_auth_data
            $user_auth_data[$consumer_id] = array(
              'date_granted' => time(),
            );
            $log .= "created consumer object, ";
          }
          else {
            $log .= "tried and failed to create consumer object, ";
            $results[$consumer_id] = FALSE;

            // out of luck, failed to create consumer id
          }
        }
        else {
          $log .= "consumer does not support creating consumer object, ";

          // out of luck. can't create new consumer id.
          $results[$consumer_id] = FALSE;
        }
      }
      if ($results[$consumer_id]) {
        if ($detailed_watchdog_log) {
          watchdog('ldap_authorization', "grantSingleAuthorization : consumer_id={$consumer_id}, op={$op}", $watchdog_tokens, WATCHDOG_DEBUG);
        }
        $log .= "granting existing consumer object, ";
        $results[$consumer_id] = $this
          ->grantSingleAuthorization($user, $consumer_id, $user_auth_data);

        // allow consuming module to add additional data to $user_auth_data
        if ($results[$consumer_id]) {
          $user_auth_data[$consumer_id] = array(
            'date_granted' => time(),
          );
        }
        $log .= t(',result=') . (bool) $results[$consumer_id];
      }
    }
    elseif ($op == 'revoke') {
      if (isset($user_auth_data[$consumer_id])) {
        $log .= "revoking existing consumer object, ";
        if (in_array($consumer_id, $users_authorization_ids)) {
          $results[$consumer_id] = $this
            ->revokeSingleAuthorization($user, $consumer_id, $user_auth_data);

          // defer to default for $user_save param
          if ($results[$consumer_id]) {
            unset($user_auth_data[$consumer_id]);
          }
          $log .= t(',result=') . (bool) $results[$consumer_id];
        }
        else {
          unset($user_auth_data[$consumer_id]);
        }
      }
    }
    $consumer_ids_log[] = $log;
    if ($detailed_watchdog_log) {
      watchdog('ldap_authorization', "user_auth_data after consumer {$consumer_id}" . print_r($user_auth_data, TRUE), $watchdog_tokens, WATCHDOG_DEBUG);
    }
    $watchdog_tokens['%consumer_ids_log'] = count($consumer_ids_log) ? join('<hr/>', $consumer_ids_log) : t('no actions');
  }
  if ($user_save) {
    $user = user_load($user->uid, TRUE);
    $user_edit = $user->data;
    $user_edit['data']['ldap_authorizations'][$this->consumerType] = $user_auth_data;
    $user = user_save($user, $user_edit);
  }
  watchdog('ldap_authorization', '%username:
      <hr/>LdapAuthorizationConsumerAbstract grantsAndRevokes() method log.  action=%action:<br/> %consumer_ids_log
      ', $watchdog_tokens, WATCHDOG_DEBUG);
}