You are here

public function LdapAuthorizationConsumerOG::grantSingleAuthorization in Lightweight Directory Access Protocol (LDAP) 7

add user to group and grant a role.

extends grantSingleAuthorization()

Parameters

drupal user objet $user:

string $authorization_id in form organic group gid-rid such as 7-2:

array $user_auth_data is array specific to this consumer_type. Stored in $user->data['ldap_authorizations']['og_group']:

Return value

TRUE if granted or grant exists, FALSE if not grantable or failed.

File

ldap_authorization/ldap_authorization_og/LdapAuthorizationConsumerOG.class.php, line 302

Class

LdapAuthorizationConsumerOG

Code

public function grantSingleAuthorization(&$user, $authorization_id, &$user_auth_data) {
  $result = FALSE;
  $watchdog_tokens = array(
    '%authorization_id' => $authorization_id,
    '%username' => $user->name,
    '%ogversion' => $this->ogVersion,
  );
  if ($this->detailedWatchdogLog) {
    watchdog('ldap_auth_og', 'LdapAuthorizationConsumerOG.grantSingleAuthorization()
                beginning to grant authorization for $group_name=%group_name to user %username', $watchdog_tokens, WATCHDOG_DEBUG);
  }
  if ($this->ogVersion == 1) {
    list($gid, $rid) = @explode('-', $authorization_id);
  }
  else {
    list($group_type, $gid, $rid) = @explode(':', $authorization_id);
    $watchdog_tokens['%group_type'] = $group_type;
  }
  $watchdog_tokens['%gid'] = $gid;
  $watchdog_tokens['%rid'] = $rid;
  $watchdog_tokens['%uid'] = $user->uid;
  $available_consumer_ids = $this
    ->availableConsumerIDs(TRUE);

  // CASE 1: Bad Parameters
  if (!$authorization_id || !$gid || !$rid || !is_object($user) || $this->ogVersion == 2 && !$group_type) {
    watchdog('ldap_auth_og', 'LdapAuthorizationConsumerOG.grantSingleAuthorization()
                improper parameters.', $watchdog_tokens, WATCHDOG_ERROR);
    return FALSE;
  }

  // CASE 2: gid-rid does not exist
  if (!in_array($authorization_id, $available_consumer_ids)) {
    $result = FALSE;
    watchdog('ldap_authorization_og', 'LdapAuthorizationConsumerOG.grantSingleAuthorization()
                failed to grant %username the group-role %authorization_id because group-role does not exist', $watchdog_tokens, WATCHDOG_ERROR);
    return FALSE;
  }
  $ldap_granted = $this
    ->hasLdapGrantedAuthorization($user, $authorization_id);
  $granted = $this
    ->hasAuthorization($user, $authorization_id);

  // CASE 3: user already granted permissions via ldap grant
  if ($ldap_granted && $granted) {
    watchdog('ldap_auth_og', 'LdapAuthorizationConsumerOG.grantSingleAuthorization()
								<hr />not granted: gid=%gid, for username=%username,
								<br />because user already belongs to group', $watchdog_tokens, WATCHDOG_DEBUG);
    return TRUE;
  }

  // CASE 4:  user already granted permissions, but NOT via ldap grant
  if ($granted && !$ldap_granted) {

    // need to make ldap granted
    watchdog('ldap_authorization_og', 'LdapAuthorizationConsumerOG.grantSingleAuthorization()
								<hr />membership already exists for: gid=%gid, rid=%rid, for username=%username,
								<br />but made ldap granted.', $watchdog_tokens, WATCHDOG_DEBUG);
    return TRUE;

    // return true so is made ldap granted, even though membership is not created.
  }

  // CASE 5:  grant role
  if ($this->detailedWatchdogLog) {
    watchdog('ldap_auth_og', 'LdapAuthorizationConsumerOG.grantSingleAuthorization()
                calling og_role_grant(%group_type, %gid, %uid, %rid).
								og version=%ogversion', $watchdog_tokens, WATCHDOG_DEBUG);
  }
  if ($this->ogVersion == 2) {
    $values = array(
      'entity_type' => 'user',
      'entity' => $user->uid,
      'field_name' => FALSE,
      'state' => OG_STATE_ACTIVE,
    );
    $og_membership = og_group($group_type, $gid, $values);
    og_role_grant($group_type, $gid, $user->uid, $rid);
  }
  else {
    $values = array(
      'entity type' => 'user',
      'entity' => $user,
      'state' => OG_STATE_ACTIVE,
      'membership type' => OG_MEMBERSHIP_TYPE_DEFAULT,
    );
    watchdog('ldap_auth_og', 'og_group1', $watchdog_tokens, WATCHDOG_DEBUG);
    $user_entity = og_group($gid, $values);
    watchdog('ldap_auth_og', 'og_role_grant1', $watchdog_tokens, WATCHDOG_DEBUG);
    og_role_grant($gid, $user->uid, $rid);
  }
  if ($this->detailedWatchdogLog) {
    watchdog('ldap_auth_og', 'LdapAuthorizationConsumerOG.grantSingleAuthorization()
								<hr />granted: group_type=%group_type gid=%gid, rid=%rid for username=%username', $watchdog_tokens, WATCHDOG_DEBUG);
  }
  return TRUE;
}