public function LdapAuthorizationConsumerOG::normalizeMappings in Lightweight Directory Access Protocol (LDAP) 8.2

Same name and namespace in other branches

1. 7.2 ldap_authorization/ldap_authorization_og/LdapAuthorizationConsumerOG.class.php \LdapAuthorizationConsumerOG::normalizeMappings()
2. 7 ldap_authorization/ldap_authorization_og/LdapAuthorizationConsumerOG.class.php \LdapAuthorizationConsumerOG::normalizeMappings()

Overrides LdapAuthorizationConsumerAbstract::normalizeMappings

See also

LdapAuthorizationConsumerAbstract::normalizeMappings

File

ldap_authorization/ldap_authorization_og/LdapAuthorizationConsumerOG.class.php, line 84

Class

LdapAuthorizationConsumerOG

Code

public function normalizeMappings($mappings) {
  $new_mappings = array();
  if ($this->ogVersion == 2) {
    $group_entity_types = og_get_all_group_bundle();
    foreach ($mappings as $i => $mapping) {
      $from = $mapping[0];
      $to = $mapping[1];
      $to_parts = explode('(raw: ', $to);
      $user_entered = $to_parts[0];
      $new_mapping = array(
        'from' => $from,
        'user_entered' => $user_entered,
        'valid' => TRUE,
        'error_message' => '',
      );
      if (count($to_parts) == 2) {

        // has simplified and normalized part in (). update normalized part as validation
        $to_normalized = trim($to_parts[1], ')');

        /**
         * users (node:35:1)
         * node:students (node:21:1)
         * faculty (node:33:2)
         * node:35:1 (node:35:1)
         * node:35 (node:35:1)
         */
        $to_simplified = $to_parts[0];
        $to_simplified_parts = explode(':', trim($to_simplified));
        $entity_type = count($to_simplified_parts) == 1 ? 'node' : $to_simplified_parts[0];
        $role = count($to_simplified_parts) < 3 ? OG_AUTHENTICATED_ROLE : $to_simplified_parts[2];
        $group_name = count($to_simplified_parts) == 1 ? $to_simplified_parts[0] : $to_simplified_parts[1];
        list($group_entity, $group_entity_id) = ldap_authorization_og2_get_group_from_name($entity_type, $group_name);
        $to_simplified = join(':', array(
          $entity_type,
          $group_name,
        ));
      }
      else {

        // may be simplified or normalized, but not both

        /**
         * users
         * node:students
         * faculty
         * node:35:1
         * node:35
         */
        $to_parts = explode(':', trim($to));
        $entity_type = count($to_parts) == 1 ? 'node' : $to_parts[0];
        $role = count($to_parts) < 3 ? OG_AUTHENTICATED_ROLE : $to_parts[2];
        $group_name_or_entity_id = count($to_parts) == 1 ? $to_parts[0] : $to_parts[1];
        list($group_entity, $group_entity_id) = ldap_authorization_og2_get_group_from_name($entity_type, $group_name_or_entity_id);
        if ($group_entity) {

          // if load by name works, $group_name_or_entity_id is group title
          $to_simplified = join(':', array(
            $entity_type,
            $group_name_or_entity_id,
          ));
        }
        else {
          $to_simplified = FALSE;
        }
        $simplified = (bool) $group_entity;
        if (!$group_entity && ($group_entity = @entity_load_single($entity_type, $group_name_or_entity_id))) {
          $group_entity_id = $group_name_or_entity_id;
        }
      }
      if (!$group_entity) {
        $new_mapping['normalized'] = FALSE;
        $new_mapping['simplified'] = FALSE;
        $new_mapping['valid'] = FALSE;
        $new_mapping['error_message'] = t("cannot find matching group: !to", array(
          '!to' => $to,
        ));
      }
      else {
        $role_id = is_numeric($role) ? $role : ldap_authorization_og2_rid_from_role_name($entity_type, $group_entity->type, $group_entity_id, $role);
        $roles = og_roles($entity_type, isset($group_entity->type) ? $group_entity->type : NULL, 0, FALSE, TRUE);
        $role_name = is_numeric($role) ? $roles[$role] : $role;
        $to_normalized = join(':', array(
          $entity_type,
          $group_entity_id,
          $role_id,
        ));
        $to_simplified = $to_simplified ? $to_simplified . ':' . $role_name : $to_normalized;
        $new_mapping['normalized'] = $to_normalized;
        $new_mapping['simplified'] = $to_simplified;
        if ($to == $to_normalized) {

          /**  if not using simplified notation, do not convert to simplified.
                 this would create a situation where an og group
                 can change its title and the authorizations change when the
                 admin specified the group by entity id
               */
          $new_mapping['user_entered'] = $to;
        }
        else {
          $new_mapping['user_entered'] = $to_simplified . ' (raw: ' . $to_normalized . ')';
        }
      }
      $new_mappings[] = $new_mapping;
    }
  }
  else {

    // og 1
    foreach ($mappings as $i => $mapping) {
      $new_mapping = array(
        'from' => $mapping[0],
        'user_entered' => $mapping[1],
        'normalized' => NULL,
        'simplified' => NULL,
        'valid' => TRUE,
        'error_message' => '',
      );
      $gid = NULL;
      $rid = NULL;
      $correct_syntax = "gid=43,rid=2 or group-name=students,role-name=member or node.title=students,role-name=member";
      $incorrect_syntax = t('Incorrect mapping syntax.  Correct examples are:') . $correct_syntax;
      $targets = explode(',', $mapping[1]);
      if (count($targets) != 2) {
        $new_mapping['valid'] = FALSE;
        $new_mapping['error_message'] = $incorrect_syntax;
        continue;
      }
      $group_target_and_value = explode('=', $targets[0]);
      if (count($group_target_and_value) != 2) {
        $new_mapping['valid'] = FALSE;
        $new_mapping['error_message'] = $incorrect_syntax;
        continue;
      }
      list($group_target, $group_target_value) = $group_target_and_value;
      $role_target_and_value = explode('=', $targets[1]);
      if (count($role_target_and_value) != 2) {
        $new_mapping['valid'] = FALSE;
        $new_mapping['error_message'] = $incorrect_syntax;
        continue;
      }
      list($role_target, $role_target_value) = $role_target_and_value;
      $og_group = FALSE;
      if ($group_target == 'gid') {
        $gid = $group_target_value;
      }
      elseif ($group_target == 'group-name') {
        list($og_group, $og_node) = ldap_authorization_og1_get_group($group_target_value, 'group_name', 'object');
        if (is_object($og_group) && property_exists($og_group, 'gid') && $og_group->gid) {
          $gid = $og_group->gid;
        }
      }
      else {
        $entity_type_and_field = explode('.', $group_target);
        if (count($entity_type_and_field) != 2) {
          $new_mapping['valid'] = FALSE;
          $new_mapping['error_message'] = $incorrect_syntax;
          continue;
        }
        list($entity_type, $field) = $entity_type_and_field;
        $query = new EntityFieldQuery();
        $query
          ->entityCondition('entity_type', $entity_type)
          ->fieldCondition($field, 'value', $group_target_value, '=')
          ->addMetaData('account', user_load(1));

        // run the query as user 1
        $result = $query
          ->execute();
        if (is_array($result) && isset($result[$entity_type]) && count($result[$entity_type]) == 1) {
          $entities = array_keys($result[$entity_type]);
          $gid = ldap_authorization_og1_entity_id_to_gid($entities[0]);
        }
      }
      if (!$og_group && $gid) {
        $og_group = og_load($gid);
      }
      if ($role_target == 'rid') {
        $role_name = ldap_authorization_og1_role_name_from_rid($role_target_value);
        $rid = $role_target_value;
      }
      elseif ($role_target == 'role-name') {
        $rid = ldap_authorization_og_rid_from_role_name($role_target_value);
        $role_name = $role_target_value;
      }
      $new_mapping['simplified'] = $og_group->label . ', ' . $role_name;
      $new_mapping['normalized'] = $gid && $rid ? ldap_authorization_og_authorization_id($gid, $rid) : FALSE;
      $new_mappings[] = $new_mapping;
    }
  }
  return $new_mappings;
}