You are here

public function LdapAuthorizationConsumerOG::revokeSingleAuthorization in Lightweight Directory Access Protocol (LDAP) 7

* revoke an authorization * * extends revokeSingleAuthorization() * *

Parameters

drupal user object $user: * @param string $authorization_id (aka consumer id) in form organic group gid-rid such as 7-2 * @param array $user_auth_data is array specific to this consumer_type. Stored in $user->data['ldap_authorizations']['og_group'] * * @return TRUE if revoked or user doesn't have role FALSE if not revoked or failed. * this function does not save the user object or alter $user_auth_data. this is handled in the abstract class.

Overrides LdapAuthorizationConsumerAbstract::revokeSingleAuthorization

File

ldap_authorization/ldap_authorization_og/LdapAuthorizationConsumerOG.class.php, line 225

Class

LdapAuthorizationConsumerOG

Code

public function revokeSingleAuthorization(&$user, $authorization_id, &$user_auth_data) {
  if ($this->ogVersion == 1) {
    list($gid, $rid) = @explode('-', $authorization_id);
  }
  else {
    list($group_type, $gid, $rid) = @explode(':', $authorization_id);
  }

  // CASE 1: Bad Parameters
  if (!$authorization_id || !$gid || !$rid || !is_object($user) || $this->ogVersion == 2 && !$group_type) {
    watchdog('ldap_authorization_og', 'LdapAuthorizationConsumerOG.grantSingleAuthorization()
                improper parameters.', array(), WATCHDOG_ERROR);
    return FALSE;
  }
  $ldap_granted = $this
    ->hasLdapGrantedAuthorization($user, $authorization_id);
  $granted = $this
    ->hasAuthorization($user, $authorization_id);
  if ($this->ogVersion == 1) {

    // og 7.x-1.x
    $users_group_roles = og_get_user_roles($gid, $user->uid);
  }
  else {

    // og 7.x-2.x
    $users_group_roles = og_get_user_roles($group_type, $gid, $user->uid);
  }

  // CASE 2: user doesnt have grant to revoke
  if (!$granted || $granted && !$ldap_granted) {
    return TRUE;

    // don't do anything.  don't log since non-event
  }

  // CASE 3: revoke
  if (count($users_group_roles) == 1) {

    // ungroup if only single role left
    if ($this->ogVersion == 1) {

      // og 7.x-1.x
      $entity = og_ungroup($gid, 'user', $user->uid, TRUE);
    }
    else {

      // og 7.x-2.x
      $entity = og_ungroup($group_type, $gid, 'user', $user->uid);
    }
    $result = (bool) $entity;
    $watchdog_tokens['%action'] = 'og_ungroup';
  }
  else {

    // if more than one role left, just revoke single role.
    if ($this->ogVersion == 1) {

      // og 7.x-1.x
      og_role_revoke($gid, $user->uid, $rid);
    }
    else {

      // og 7.x-2.x
      og_role_revoke($group_type, $gid, $user->uid, $rid);
    }
    $watchdog_tokens['%action'] = 'og_role_revoke';
    return TRUE;
  }
  if ($this->detailedWatchdogLog) {
    watchdog('ldap_authorization_og', 'LdapAuthorizationConsumerOG.revokeSingleAuthorization()
        revoked:  gid=%gid, rid=%rid, action=%action for username=%username', $watchdog_tokens, WATCHDOG_DEBUG);
  }
  return $result;
}