public function LdapAuthorizationConsumerOG::og2Revokes in Lightweight Directory Access Protocol (LDAP) 8.2
Same name and namespace in other branches
- 7.2 ldap_authorization/ldap_authorization_og/LdapAuthorizationConsumerOG.class.php \LdapAuthorizationConsumerOG::og2Revokes()
1 call to LdapAuthorizationConsumerOG::og2Revokes()
- LdapAuthorizationConsumerOG::grantsAndRevokes in ldap_authorization/
ldap_authorization_og/ LdapAuthorizationConsumerOG.class.php
File
- ldap_authorization/
ldap_authorization_og/ LdapAuthorizationConsumerOG.class.php, line 683
Class
Code
public function og2Revokes($og_actions, &$user, &$user_auth_data) {
foreach ($og_actions['revokes'] as $group_entity_type => $gids) {
foreach ($gids as $gid => $revoking_rids) {
// $revoking_rids are all rids to be removed. may include authen rids
$all_group_roles = og_roles($group_entity_type, FALSE, $gid, FALSE, TRUE);
// all roles rid => role_name array w/ authen or anon roles
$all_group_rids = array_keys($all_group_roles);
// all rids array w/ authen or anon rids
$users_group_rids = array_keys(og_get_user_roles($group_entity_type, $gid, $user->uid, TRUE));
// users current rids w/authen or anon roles returned
$remaining_rids = array_diff($users_group_rids, $revoking_rids);
// rids to be left at end of revoke process
$authenticated_rid = array_search(OG_AUTHENTICATED_ROLE, $all_group_roles);
// remove autenticated and anon rids here
foreach ($revoking_rids as $i => $rid) {
// revoke if user has role
if (in_array($rid, $users_group_rids)) {
og_role_revoke($group_entity_type, $gid, $user->uid, $rid);
}
// unattribute to ldap even if user does not currently have role
unset($user_auth_data[ldap_authorization_og_authorization_id($gid, $rid, $group_entity_type)]);
}
// define('OG_ANONYMOUS_ROLE', 'non-member'); define('OG_AUTHENTICATED_ROLE', 'member');
if (in_array($authenticated_rid, $revoking_rids) || count($remaining_rids) == 0) {
// ungroup if only authenticated and anonymous role left
$entity = og_ungroup($group_entity_type, $gid, 'user', $user->uid);
$result = (bool) $entity;
}
}
}
}