public function LdapAuthorizationConsumerOG::og2Grants in Lightweight Directory Access Protocol (LDAP) 8.2
Same name and namespace in other branches
- 7.2 ldap_authorization/ldap_authorization_og/LdapAuthorizationConsumerOG.class.php \LdapAuthorizationConsumerOG::og2Grants()
1 call to LdapAuthorizationConsumerOG::og2Grants()
- LdapAuthorizationConsumerOG::grantsAndRevokes in ldap_authorization/
ldap_authorization_og/ LdapAuthorizationConsumerOG.class.php
File
- ldap_authorization/
ldap_authorization_og/ LdapAuthorizationConsumerOG.class.php, line 605
Class
Code
public function og2Grants($og_actions, &$user, &$user_auth_data) {
foreach ($og_actions['grants'] as $group_entity_type => $gids) {
foreach ($gids as $gid => $granting_rids) {
// all rids ldap believes user should be granted and attributed to ldap
$all_group_roles = og_roles($group_entity_type, FALSE, $gid, FALSE, TRUE);
// all roles rid => role_name array w/ authen or anon roles
$authenticated_rid = array_search(OG_AUTHENTICATED_ROLE, $all_group_roles);
$anonymous_rid = array_search(OG_ANONYMOUS_ROLE, $all_group_roles);
$all_group_rids = array_keys($all_group_roles);
// all rids array w/ authen or anon rids
$users_group_rids = array_keys(og_get_user_roles($group_entity_type, $gid, $user->uid, TRUE));
// users current rids w/authen or anon roles returned
$users_group_rids = array_diff($users_group_rids, array(
$anonymous_rid,
));
$new_rids = array_diff($granting_rids, $users_group_rids, array(
$anonymous_rid,
));
// rids to be added without anonymous rid
// debug("new rids"); debug($new_rids);debug("granting_rids"); debug($granting_rids);debug("users_group_rids"); debug($users_group_rids);
// if adding OG_AUTHENTICATED_ROLE or any other role and does not currently have OG_AUTHENTICATED_ROLE, group
if (!in_array($authenticated_rid, $users_group_rids) && count($new_rids) > 0) {
$values = array(
'entity_type' => 'user',
'entity' => $user->uid,
'field_name' => FALSE,
'state' => OG_STATE_ACTIVE,
);
$og_membership = og_group($group_entity_type, $gid, $values);
// debug("consumer_id=$consumer_id, og group called( $group_entity_type, $gid, values:"); debug($values); debug("response og_membership"); debug($og_membership);
$consumer_id = join(':', array(
$group_entity_type,
$gid,
$authenticated_rid,
));
$user_auth_data[$consumer_id] = array(
'date_granted' => time(),
'consumer_id_mixed_case' => $consumer_id,
);
$new_rids = array_diff($new_rids, array(
$authenticated_rid,
));
// granted on membership creation
}
foreach ($new_rids as $i => $rid) {
// debug("role grant $group_entity_type $gid $user->uid $rid");
og_role_grant($group_entity_type, $gid, $user->uid, $rid);
}
foreach ($granting_rids as $i => $rid) {
// attribute to ldap regardless of if is being granted.
$consumer_id = join(':', array(
$group_entity_type,
$gid,
$rid,
));
$user_auth_data[$consumer_id] = array(
'date_granted' => time(),
'consumer_id_mixed_case' => $consumer_id,
);
}
}
}
}