You are here

Home » API reference » Lightweight Directory Access Protocol (LDAP) 8.3 » LDAPAuthorizationProvider.php » LDAPAuthorizationProvider

public function LDAPAuthorizationProvider::getProposals in Lightweight Directory Access Protocol (LDAP) 8.3

Same name and namespace in other branches
  1. 8.4 ldap_authorization/src/Plugin/authorization/Provider/LDAPAuthorizationProvider.php \Drupal\ldap_authorization\Plugin\authorization\Provider\LDAPAuthorizationProvider::getProposals()

Get the proposals for this users.

Parameters

\Drupal\user\UserInterface $user: The user to act upon.

Return value

array Relevant proposals.

Overrides ProviderInterface::getProposals

File

ldap_authorization/src/Plugin/authorization/Provider/LDAPAuthorizationProvider.php, line 151

Class

LDAPAuthorizationProvider
The LDAP authorization provider for authorization module.

Namespace

Drupal\ldap_authorization\Plugin\authorization\Provider

Code

public function getProposals(UserInterface $user) {

  // Do not continue if user should be excluded from LDAP authentication.
  if (ExternalAuthenticationHelper::excludeUser($user)) {
    throw new AuthorizationSkipAuthorization();
  }

  /** @var \Drupal\authorization\Entity\AuthorizationProfile $profile */
  $profile = $this->configuration['profile'];
  $config = $profile
    ->getProviderConfig();

  // Load the correct server.
  $server_id = $config['status']['server'];

  /** @var \Drupal\ldap_servers\ServerFactory $factory */
  $factory = \Drupal::service('ldap.servers');

  /** @var \Drupal\ldap_servers\Entity\Server $server */
  $server = $factory
    ->getServerByIdEnabled($server_id);
  $ldapUserData = $factory
    ->getUserDataFromServerByAccount($user, $server_id);
  if (!$ldapUserData && $user
    ->isNew()) {

    // If we don't have a real user yet, fall back to the account name.
    $ldapUserData = $factory
      ->getUserDataFromServerByIdentifier($user
      ->getAccountName(), $server_id);
  }
  if (!$ldapUserData && $this->configuration['status']['only_ldap_authenticated'] == TRUE) {
    throw new AuthorizationSkipAuthorization();
  }

  // Get user groups from DN.
  $derive_from_dn_authorizations = $server
    ->groupUserMembershipsFromDn($user);
  if (!$derive_from_dn_authorizations) {
    $derive_from_dn_authorizations = [];
  }

  // Get user groups from membership.
  $group_dns = $server
    ->groupMembershipsFromUser($user);
  if (!$group_dns) {
    $group_dns = [];
  }
  $proposed_ldap_authorizations = array_merge($derive_from_dn_authorizations, $group_dns);
  $proposed_ldap_authorizations = array_unique($proposed_ldap_authorizations);
  \Drupal::service('ldap.detail_log')
    ->log('Available authorizations to test: @authorizations', [
    '@authorizations' => implode("\n", $proposed_ldap_authorizations),
  ], 'ldap_authorization');
  return count($proposed_ldap_authorizations) ? array_combine($proposed_ldap_authorizations, $proposed_ldap_authorizations) : [];
}