You are here

Home » API reference » Lightweight Directory Access Protocol (LDAP) 7.2 » LdapAuthorizationConsumerRole.class.php » LdapAuthorizationConsumerDrupalRole

public function LdapAuthorizationConsumerDrupalRole::revokeSingleAuthorization in Lightweight Directory Access Protocol (LDAP) 7.2

Same name and namespace in other branches
  1. 8.2 ldap_authorization/ldap_authorization_drupal_role/LdapAuthorizationConsumerRole.class.php \LdapAuthorizationConsumerDrupalRole::revokeSingleAuthorization()
  2. 7 ldap_authorization/ldap_authorization_drupal_role/LdapAuthorizationConsumerRole.class.php \LdapAuthorizationConsumerDrupalRole::revokeSingleAuthorization()

Parameters

drupal user object $user: to have $consumer_id revoked.

string lower case $consumer_id: $consumer_id such as drupal role name, og group name, etc.

mixed $consumer: depends on type of consumer. Drupal roles are strings, og groups are ??

array $user_auth_data: array of $user data specific to this consumer type. stored in $user->data['ldap_authorizations'][<consumer_type>] array.

bool $reset: signifying if caches associated with $consumer_id should be invalidated.

return boolen TRUE on success, FALSE on fail. If user save is FALSE, the user object will not be saved and reloaded, so a returned TRUE may be misleading. $user_auth_data should have successfully revoked consumer id removed.

Overrides LdapAuthorizationConsumerAbstract::revokeSingleAuthorization

File

ldap_authorization/ldap_authorization_drupal_role/LdapAuthorizationConsumerRole.class.php, line 104

Class

LdapAuthorizationConsumerDrupalRole

Code

public function revokeSingleAuthorization(&$user, $consumer_id, $consumer, &$user_auth_data, $user_save = FALSE, $reset = FALSE) {
  $role_name_lcase = $consumer_id;
  $role_name = empty($consumer['value']) ? $consumer_id : $consumer['value'];
  $rid = $this
    ->getDrupalRoleIdFromRoleName($role_name);
  if (!$rid) {

    // Role id not found.
    $result = FALSE;
  }
  elseif (!$user->roles[$rid]) {
    if (isset($user_auth_data[$consumer_id])) {
      unset($user_auth_data[$consumer_id]);
    }
    $result = TRUE;
  }
  else {
    unset($user->roles[$rid]);
    $user_edit = [
      'roles' => $user->roles,
    ];
    $account = user_load($user->uid);
    $user = user_save($account, $user_edit);
    $result = $user && !isset($user->roles[$rid]);
    if ($result && isset($user_auth_data[$consumer_id])) {
      unset($user_auth_data[$consumer_id]);
    }
  }
  if ($this->detailedWatchdogLog) {
    watchdog('ldap_authorization', 'LdapAuthorizationConsumerDrupalRole.revokeSingleAuthorization()
        revoked:  rid=%rid, role_name=%role_name for username=%username, result=%result', [
      '%rid' => $rid,
      '%role_name' => $role_name,
      '%username' => $user->name,
      '%result' => $result,
    ], WATCHDOG_DEBUG);
  }
  return $result;
}