You are here

Home » API reference » Lightweight Directory Access Protocol (LDAP) 8.3 » LDAPAuthorizationProvider.php » LDAPAuthorizationProvider

public function LDAPAuthorizationProvider::buildConfigurationForm in Lightweight Directory Access Protocol (LDAP) 8.3

Same name and namespace in other branches
  1. 8.4 ldap_authorization/src/Plugin/authorization/Provider/LDAPAuthorizationProvider.php \Drupal\ldap_authorization\Plugin\authorization\Provider\LDAPAuthorizationProvider::buildConfigurationForm()

Form constructor.

Plugin forms are embedded in other forms. In order to know where the plugin form is located in the parent form, #parents and #array_parents must be known, but these are not available during the initial build phase. In order to have these properties available when building the plugin form's elements, let this method return a form element that has a #process callback and build the rest of the form in the callback. By the time the callback is executed, the element's #parents and #array_parents properties will have been set by the form API. For more documentation on #parents and #array_parents, see \Drupal\Core\Render\Element\FormElement.

Parameters

array $form: An associative array containing the initial structure of the plugin form.

\Drupal\Core\Form\FormStateInterface $form_state: The current state of the form. Calling code should pass on a subform state created through \Drupal\Core\Form\SubformState::createForSubform().

Return value

array The form structure.

Overrides ConfigurableAuthorizationPluginBase::buildConfigurationForm

File

ldap_authorization/src/Plugin/authorization/Provider/LDAPAuthorizationProvider.php, line 41

Class

LDAPAuthorizationProvider
The LDAP authorization provider for authorization module.

Namespace

Drupal\ldap_authorization\Plugin\authorization\Provider

Code

public function buildConfigurationForm(array $form, FormStateInterface $form_state) {

  /** @var \Drupal\authorization\Entity\AuthorizationProfile $profile */
  $profile = $this->configuration['profile'];
  $tokens = $this
    ->getTokens();
  $tokens += $profile
    ->getTokens();
  if ($profile
    ->hasValidConsumer() && method_exists($profile
    ->getConsumer(), 'getTokens')) {
    $tokens += $profile
      ->getConsumer()
      ->getTokens();
  }
  $factory = \Drupal::service('ldap.servers');
  $servers = $factory
    ->getEnabledServers();
  $form['status'] = [
    '#type' => 'fieldset',
    '#title' => t('Base configuration'),
    '#collapsible' => TRUE,
    '#collapsed' => FALSE,
  ];
  if (count($servers) == 0) {
    $form['status']['server'] = [
      '#type' => 'markup',
      '#markup' => t('<strong>Warning</strong>: You must create an LDAP Server first.'),
    ];
    drupal_set_message(t('You must create an LDAP Server first.'), 'warning');
  }
  else {
    $server_options = [];
    foreach ($servers as $id => $server) {

      /** @var \Drupal\ldap_servers\Entity\Server $server */
      $server_options[$id] = $server
        ->label() . ' (' . $server
        ->get('address') . ')';
    }
  }
  $provider_config = $profile
    ->getProviderConfig();
  if (!empty($server_options)) {
    if (isset($provider_config['status'])) {
      $default_server = $provider_config['status']['server'];
    }
    elseif (count($server_options) == 1) {
      $default_server = key($server_options);
    }
    else {
      $default_server = '';
    }
    $form['status']['server'] = [
      '#type' => 'radios',
      '#title' => t('LDAP Server used in @profile_name configuration.', $tokens),
      '#required' => 1,
      '#default_value' => $default_server,
      '#options' => $server_options,
    ];
  }
  $form['status']['only_ldap_authenticated'] = [
    '#type' => 'checkbox',
    '#title' => t('Only apply the following <strong>LDAP</strong> to <strong>@consumer_name</strong> configuration to users authenticated via LDAP', $tokens),
    '#description' => t('One uncommon reason for disabling this is when you are using Drupal authentication, but want to leverage LDAP for authorization; for this to work the Drupal username still has to map to an LDAP entry.'),
    '#default_value' => isset($provider_config['status'], $provider_config['status']['only_ldap_authenticated']) ? $provider_config['status']['only_ldap_authenticated'] : '',
  ];
  $form['filter_and_mappings'] = [
    '#type' => 'fieldset',
    '#title' => t('LDAP to @consumer_name mapping and filtering', $tokens),
    '#description' => t('Representations of groups derived from LDAP might initially look like:
        <ul>
        <li><code>cn=students,ou=groups,dc=hogwarts,dc=edu</code></li>
        <li><code>cn=gryffindor,ou=groups,dc=hogwarts,dc=edu</code></li>
        <li><code>cn=faculty,ou=groups,dc=hogwarts,dc=edu</code></li>
        </ul>
        <strong>Warning: If you enable "Create <em>@consumer_name</em> targets if they do not exist" under conditions, all LDAP groups will be synced!</strong>', $tokens),
    '#collapsible' => TRUE,
  ];
  $form['filter_and_mappings']['use_first_attr_as_groupid'] = [
    '#type' => 'checkbox',
    '#title' => t('Convert full DN to value of first attribute before mapping'),
    '#description' => t('Example: <code>cn=students,ou=groups,dc=hogwarts,dc=edu</code> would be converted to <code>students</code>'),
    '#default_value' => isset($provider_config['filter_and_mappings'], $provider_config['filter_and_mappings']['use_first_attr_as_groupid']) ? $provider_config['filter_and_mappings']['use_first_attr_as_groupid'] : '',
  ];
  return $form;
}