You are here

public function LdapAuthorizationConsumerOG::og2Grants in Lightweight Directory Access Protocol (LDAP) 7.2

Same name and namespace in other branches
  1. 8.2 ldap_authorization/ldap_authorization_og/LdapAuthorizationConsumerOG.class.php \LdapAuthorizationConsumerOG::og2Grants()
1 call to LdapAuthorizationConsumerOG::og2Grants()
LdapAuthorizationConsumerOG::grantsAndRevokes in ldap_authorization/ldap_authorization_og/LdapAuthorizationConsumerOG.class.php

File

ldap_authorization/ldap_authorization_og/LdapAuthorizationConsumerOG.class.php, line 426

Class

LdapAuthorizationConsumerOG

Code

public function og2Grants($og_actions, &$user, &$user_auth_data) {
  foreach ($og_actions['grants'] as $group_entity_type => $gids) {

    // All rids ldap believes user should be granted and attributed to ldap.
    foreach ($gids as $gid => $granting_rids) {

      // All roles rid => role_name array w/ authen or anon roles.
      $all_group_roles = og_roles($group_entity_type, FALSE, $gid, FALSE, TRUE);
      $authenticated_rid = array_search(OG_AUTHENTICATED_ROLE, $all_group_roles);
      $anonymous_rid = array_search(OG_ANONYMOUS_ROLE, $all_group_roles);

      // All rids array w/ authen or anon rids.
      $all_group_rids = array_keys($all_group_roles);

      // Users current rids w/authen or anon roles returned.
      $users_group_rids = array_keys(og_get_user_roles($group_entity_type, $gid, $user->uid, TRUE));
      $users_group_rids = array_diff($users_group_rids, [
        $anonymous_rid,
      ]);

      // Rids to be added without anonymous rid.
      $new_rids = array_diff($granting_rids, $users_group_rids, [
        $anonymous_rid,
      ]);

      // If adding OG_AUTHENTICATED_ROLE or any other role and does not currently have OG_AUTHENTICATED_ROLE, group.
      if (!in_array($authenticated_rid, $users_group_rids) && count($new_rids) > 0) {
        $values = [
          'entity_type' => 'user',
          'entity' => $user->uid,
          'field_name' => FALSE,
          'state' => OG_STATE_ACTIVE,
        ];
        $og_membership = og_group($group_entity_type, $gid, $values);
        $consumer_id = join(':', [
          $group_entity_type,
          $gid,
          $authenticated_rid,
        ]);
        $user_auth_data[$consumer_id] = [
          'date_granted' => time(),
          'consumer_id_mixed_case' => $consumer_id,
        ];

        // Granted on membership creation.
        $new_rids = array_diff($new_rids, [
          $authenticated_rid,
        ]);
      }
      foreach ($new_rids as $i => $rid) {
        og_role_grant($group_entity_type, $gid, $user->uid, $rid);
      }
      foreach ($granting_rids as $i => $rid) {

        // Attribute to ldap regardless of if is being granted.
        $consumer_id = join(':', [
          $group_entity_type,
          $gid,
          $rid,
        ]);
        $user_auth_data[$consumer_id] = [
          'date_granted' => time(),
          'consumer_id_mixed_case' => $consumer_id,
        ];
      }
    }
  }
}