public function LdapAuthorizationConsumerOG::grantSingleAuthorization in Lightweight Directory Access Protocol (LDAP) 7
add user to group and grant a role.
extends grantSingleAuthorization()
Parameters
drupal user objet $user:
string $authorization_id in form organic group gid-rid such as 7-2:
array $user_auth_data is array specific to this consumer_type. Stored in $user->data['ldap_authorizations']['og_group']:
Return value
TRUE if granted or grant exists, FALSE if not grantable or failed.
File
- ldap_authorization/
ldap_authorization_og/ LdapAuthorizationConsumerOG.class.php, line 302
Class
Code
public function grantSingleAuthorization(&$user, $authorization_id, &$user_auth_data) {
$result = FALSE;
$watchdog_tokens = array(
'%authorization_id' => $authorization_id,
'%username' => $user->name,
'%ogversion' => $this->ogVersion,
);
if ($this->detailedWatchdogLog) {
watchdog('ldap_auth_og', 'LdapAuthorizationConsumerOG.grantSingleAuthorization()
beginning to grant authorization for $group_name=%group_name to user %username', $watchdog_tokens, WATCHDOG_DEBUG);
}
if ($this->ogVersion == 1) {
list($gid, $rid) = @explode('-', $authorization_id);
}
else {
list($group_type, $gid, $rid) = @explode(':', $authorization_id);
$watchdog_tokens['%group_type'] = $group_type;
}
$watchdog_tokens['%gid'] = $gid;
$watchdog_tokens['%rid'] = $rid;
$watchdog_tokens['%uid'] = $user->uid;
$available_consumer_ids = $this
->availableConsumerIDs(TRUE);
// CASE 1: Bad Parameters
if (!$authorization_id || !$gid || !$rid || !is_object($user) || $this->ogVersion == 2 && !$group_type) {
watchdog('ldap_auth_og', 'LdapAuthorizationConsumerOG.grantSingleAuthorization()
improper parameters.', $watchdog_tokens, WATCHDOG_ERROR);
return FALSE;
}
// CASE 2: gid-rid does not exist
if (!in_array($authorization_id, $available_consumer_ids)) {
$result = FALSE;
watchdog('ldap_authorization_og', 'LdapAuthorizationConsumerOG.grantSingleAuthorization()
failed to grant %username the group-role %authorization_id because group-role does not exist', $watchdog_tokens, WATCHDOG_ERROR);
return FALSE;
}
$ldap_granted = $this
->hasLdapGrantedAuthorization($user, $authorization_id);
$granted = $this
->hasAuthorization($user, $authorization_id);
// CASE 3: user already granted permissions via ldap grant
if ($ldap_granted && $granted) {
watchdog('ldap_auth_og', 'LdapAuthorizationConsumerOG.grantSingleAuthorization()
<hr />not granted: gid=%gid, for username=%username,
<br />because user already belongs to group', $watchdog_tokens, WATCHDOG_DEBUG);
return TRUE;
}
// CASE 4: user already granted permissions, but NOT via ldap grant
if ($granted && !$ldap_granted) {
// need to make ldap granted
watchdog('ldap_authorization_og', 'LdapAuthorizationConsumerOG.grantSingleAuthorization()
<hr />membership already exists for: gid=%gid, rid=%rid, for username=%username,
<br />but made ldap granted.', $watchdog_tokens, WATCHDOG_DEBUG);
return TRUE;
// return true so is made ldap granted, even though membership is not created.
}
// CASE 5: grant role
if ($this->detailedWatchdogLog) {
watchdog('ldap_auth_og', 'LdapAuthorizationConsumerOG.grantSingleAuthorization()
calling og_role_grant(%group_type, %gid, %uid, %rid).
og version=%ogversion', $watchdog_tokens, WATCHDOG_DEBUG);
}
if ($this->ogVersion == 2) {
$values = array(
'entity_type' => 'user',
'entity' => $user->uid,
'field_name' => FALSE,
'state' => OG_STATE_ACTIVE,
);
$og_membership = og_group($group_type, $gid, $values);
og_role_grant($group_type, $gid, $user->uid, $rid);
}
else {
$values = array(
'entity type' => 'user',
'entity' => $user,
'state' => OG_STATE_ACTIVE,
'membership type' => OG_MEMBERSHIP_TYPE_DEFAULT,
);
watchdog('ldap_auth_og', 'og_group1', $watchdog_tokens, WATCHDOG_DEBUG);
$user_entity = og_group($gid, $values);
watchdog('ldap_auth_og', 'og_role_grant1', $watchdog_tokens, WATCHDOG_DEBUG);
og_role_grant($gid, $user->uid, $rid);
}
if ($this->detailedWatchdogLog) {
watchdog('ldap_auth_og', 'LdapAuthorizationConsumerOG.grantSingleAuthorization()
<hr />granted: group_type=%group_type gid=%gid, rid=%rid for username=%username', $watchdog_tokens, WATCHDOG_DEBUG);
}
return TRUE;
}