You are here

Home » API reference » Lightweight Directory Access Protocol (LDAP) 8.2 » LdapAuthorizationConsumerOG.class.php » LdapAuthorizationConsumerOG

public function LdapAuthorizationConsumerOG::og2Revokes in Lightweight Directory Access Protocol (LDAP) 8.2

Same name and namespace in other branches
  1. 7.2 ldap_authorization/ldap_authorization_og/LdapAuthorizationConsumerOG.class.php \LdapAuthorizationConsumerOG::og2Revokes()
1 call to LdapAuthorizationConsumerOG::og2Revokes()
LdapAuthorizationConsumerOG::grantsAndRevokes in ldap_authorization/ldap_authorization_og/LdapAuthorizationConsumerOG.class.php

File

ldap_authorization/ldap_authorization_og/LdapAuthorizationConsumerOG.class.php, line 683

Class

LdapAuthorizationConsumerOG

Code

public function og2Revokes($og_actions, &$user, &$user_auth_data) {
  foreach ($og_actions['revokes'] as $group_entity_type => $gids) {
    foreach ($gids as $gid => $revoking_rids) {

      // $revoking_rids are all rids to be removed.  may include authen rids
      $all_group_roles = og_roles($group_entity_type, FALSE, $gid, FALSE, TRUE);

      // all roles rid => role_name array w/ authen or anon roles
      $all_group_rids = array_keys($all_group_roles);

      // all rids array w/ authen or anon rids
      $users_group_rids = array_keys(og_get_user_roles($group_entity_type, $gid, $user->uid, TRUE));

      // users current rids w/authen or anon roles returned
      $remaining_rids = array_diff($users_group_rids, $revoking_rids);

      // rids to be left at end of revoke process
      $authenticated_rid = array_search(OG_AUTHENTICATED_ROLE, $all_group_roles);

      // remove autenticated and anon rids here
      foreach ($revoking_rids as $i => $rid) {

        // revoke if user has role
        if (in_array($rid, $users_group_rids)) {
          og_role_revoke($group_entity_type, $gid, $user->uid, $rid);
        }

        // unattribute to ldap even if user does not currently have role
        unset($user_auth_data[ldap_authorization_og_authorization_id($gid, $rid, $group_entity_type)]);
      }

      // define('OG_ANONYMOUS_ROLE', 'non-member'); define('OG_AUTHENTICATED_ROLE', 'member');
      if (in_array($authenticated_rid, $revoking_rids) || count($remaining_rids) == 0) {

        // ungroup if only authenticated and anonymous role left
        $entity = og_ungroup($group_entity_type, $gid, 'user', $user->uid);
        $result = (bool) $entity;
      }
    }
  }
}