You are here

Home » API reference » Lightweight Directory Access Protocol (LDAP) 7.2 » LdapAuthorizationConsumerOG.class.php » LdapAuthorizationConsumerOG

public function LdapAuthorizationConsumerOG::og2Revokes in Lightweight Directory Access Protocol (LDAP) 7.2

Same name and namespace in other branches
  1. 8.2 ldap_authorization/ldap_authorization_og/LdapAuthorizationConsumerOG.class.php \LdapAuthorizationConsumerOG::og2Revokes()
1 call to LdapAuthorizationConsumerOG::og2Revokes()
LdapAuthorizationConsumerOG::grantsAndRevokes in ldap_authorization/ldap_authorization_og/LdapAuthorizationConsumerOG.class.php

File

ldap_authorization/ldap_authorization_og/LdapAuthorizationConsumerOG.class.php, line 478

Class

LdapAuthorizationConsumerOG

Code

public function og2Revokes($og_actions, &$user, &$user_auth_data) {
  foreach ($og_actions['revokes'] as $group_entity_type => $gids) {

    // $revoking_rids are all rids to be removed.  may include authen rids.
    foreach ($gids as $gid => $revoking_rids) {

      // All roles rid => role_name array w/ authen or anon roles.
      $all_group_roles = og_roles($group_entity_type, FALSE, $gid, FALSE, TRUE);

      // All rids array w/ authen or anon rids.
      $all_group_rids = array_keys($all_group_roles);

      // Users current rids w/authen or anon roles returned.
      $users_group_rids = array_keys(og_get_user_roles($group_entity_type, $gid, $user->uid, TRUE));

      // Rids to be left at end of revoke process.
      $remaining_rids = array_diff($users_group_rids, $revoking_rids);
      $authenticated_rid = array_search(OG_AUTHENTICATED_ROLE, $all_group_roles);

      // Remove autenticated and anon rids here.
      foreach ($revoking_rids as $i => $rid) {

        // Revoke if user has role.
        if (in_array($rid, $users_group_rids)) {
          og_role_revoke($group_entity_type, $gid, $user->uid, $rid);
        }

        // Unattribute to ldap even if user does not currently have role.
        unset($user_auth_data[ldap_authorization_og_authorization_id($gid, $rid, $group_entity_type)]);
      }

      // Ungroup if only authenticated and anonymous role left.
      if (in_array($authenticated_rid, $revoking_rids) || count($remaining_rids) == 0) {
        $entity = og_ungroup($group_entity_type, $gid, 'user', $user->uid);
        $result = (bool) $entity;
      }
    }
  }
}