You are here

Home » API reference » Lightweight Directory Access Protocol (LDAP) 8.2 » LdapAuthorizationConsumerOG.class.php » LdapAuthorizationConsumerOG

public function LdapAuthorizationConsumerOG::og2Grants in Lightweight Directory Access Protocol (LDAP) 8.2

Same name and namespace in other branches
  1. 7.2 ldap_authorization/ldap_authorization_og/LdapAuthorizationConsumerOG.class.php \LdapAuthorizationConsumerOG::og2Grants()
1 call to LdapAuthorizationConsumerOG::og2Grants()
LdapAuthorizationConsumerOG::grantsAndRevokes in ldap_authorization/ldap_authorization_og/LdapAuthorizationConsumerOG.class.php

File

ldap_authorization/ldap_authorization_og/LdapAuthorizationConsumerOG.class.php, line 605

Class

LdapAuthorizationConsumerOG

Code

public function og2Grants($og_actions, &$user, &$user_auth_data) {
  foreach ($og_actions['grants'] as $group_entity_type => $gids) {
    foreach ($gids as $gid => $granting_rids) {

      // all rids ldap believes user should be granted and attributed to ldap
      $all_group_roles = og_roles($group_entity_type, FALSE, $gid, FALSE, TRUE);

      // all roles rid => role_name array w/ authen or anon roles
      $authenticated_rid = array_search(OG_AUTHENTICATED_ROLE, $all_group_roles);
      $anonymous_rid = array_search(OG_ANONYMOUS_ROLE, $all_group_roles);
      $all_group_rids = array_keys($all_group_roles);

      // all rids array w/ authen or anon rids
      $users_group_rids = array_keys(og_get_user_roles($group_entity_type, $gid, $user->uid, TRUE));

      // users current rids w/authen or anon roles returned
      $users_group_rids = array_diff($users_group_rids, array(
        $anonymous_rid,
      ));
      $new_rids = array_diff($granting_rids, $users_group_rids, array(
        $anonymous_rid,
      ));

      // rids to be added without anonymous rid
      //  debug("new rids"); debug($new_rids);debug("granting_rids"); debug($granting_rids);debug("users_group_rids"); debug($users_group_rids);
      // if adding OG_AUTHENTICATED_ROLE or any other role and does not currently have OG_AUTHENTICATED_ROLE, group
      if (!in_array($authenticated_rid, $users_group_rids) && count($new_rids) > 0) {
        $values = array(
          'entity_type' => 'user',
          'entity' => $user->uid,
          'field_name' => FALSE,
          'state' => OG_STATE_ACTIVE,
        );
        $og_membership = og_group($group_entity_type, $gid, $values);

        // debug("consumer_id=$consumer_id, og group called( $group_entity_type, $gid, values:"); debug($values); debug("response og_membership"); debug($og_membership);
        $consumer_id = join(':', array(
          $group_entity_type,
          $gid,
          $authenticated_rid,
        ));
        $user_auth_data[$consumer_id] = array(
          'date_granted' => time(),
          'consumer_id_mixed_case' => $consumer_id,
        );
        $new_rids = array_diff($new_rids, array(
          $authenticated_rid,
        ));

        // granted on membership creation
      }
      foreach ($new_rids as $i => $rid) {

        //  debug("role grant $group_entity_type $gid $user->uid $rid");
        og_role_grant($group_entity_type, $gid, $user->uid, $rid);
      }
      foreach ($granting_rids as $i => $rid) {

        // attribute to ldap regardless of if is being granted.
        $consumer_id = join(':', array(
          $group_entity_type,
          $gid,
          $rid,
        ));
        $user_auth_data[$consumer_id] = array(
          'date_granted' => time(),
          'consumer_id_mixed_case' => $consumer_id,
        );
      }
    }
  }
}