You are here

Home » API reference » Lightweight Directory Access Protocol (LDAP) 8.4 » LDAPAuthorizationProvider.php » LDAPAuthorizationProvider

public function LDAPAuthorizationProvider::getProposals in Lightweight Directory Access Protocol (LDAP) 8.4

Same name and namespace in other branches
  1. 8.3 ldap_authorization/src/Plugin/authorization/Provider/LDAPAuthorizationProvider.php \Drupal\ldap_authorization\Plugin\authorization\Provider\LDAPAuthorizationProvider::getProposals()

Get the proposals for this users.

Parameters

\Drupal\user\UserInterface $user: The user to act upon.

Return value

array Relevant proposals.

Overrides ProviderInterface::getProposals

File

ldap_authorization/src/Plugin/authorization/Provider/LDAPAuthorizationProvider.php, line 226

Class

LDAPAuthorizationProvider
The LDAP authorization provider for authorization module.

Namespace

Drupal\ldap_authorization\Plugin\authorization\Provider

Code

public function getProposals(UserInterface $user) : array {

  // Do not continue if user should be excluded from LDAP authentication.
  if ($this->drupalUserProcessor
    ->excludeUser($user)) {
    throw new AuthorizationSkipAuthorization('User in list of excluded users');
  }

  /** @var \Drupal\authorization\Entity\AuthorizationProfile $profile */
  $profile = $this->configuration['profile'];
  $config = $profile
    ->getProviderConfig();

  // Load the correct server.
  $server_id = $config['status']['server'];

  /** @var \Drupal\ldap_servers\Entity\Server $server */
  $server = \Drupal::service('entity_type.manager')
    ->getStorage('ldap_server')
    ->load($server_id);
  if (!$server
    ->status()) {
    return [];
  }

  /** @var \Drupal\ldap_servers\LdapUserManager $ldap_user_manager */
  $ldap_user_manager = \Drupal::service('ldap.user_manager');
  $ldap_user_manager
    ->setServer($server);
  $ldap_user_data = $ldap_user_manager
    ->getUserDataByAccount($user);
  if (!$ldap_user_data && $user
    ->isNew()) {

    // If we don't have a real user yet, fall back to the account name.
    $ldap_user_data = $ldap_user_manager
      ->getUserDataByIdentifier($user
      ->getAccountName());
  }
  if (!$ldap_user_data && $this->configuration['status']['only_ldap_authenticated'] === TRUE) {
    throw new AuthorizationSkipAuthorization('Not LDAP authenticated');
  }

  /** @var \Drupal\ldap_servers\LdapGroupManager $group_manager */
  $group_manager = \Drupal::service('ldap.group_manager');
  $group_manager
    ->setServerById($server_id);

  // Get user groups from DN.
  $derive_from_dn_authorizations = $group_manager
    ->groupUserMembershipsFromDn($user
    ->getAccountName());
  if (!$derive_from_dn_authorizations) {
    $derive_from_dn_authorizations = [];
  }

  // Get user groups from membership.
  $group_dns = $group_manager
    ->groupMembershipsFromUser($user
    ->getAccountName());
  if (!$group_dns) {
    $group_dns = [];
  }
  $proposed_ldap_authorizations = array_merge($derive_from_dn_authorizations, $group_dns);
  $proposed_ldap_authorizations = array_unique($proposed_ldap_authorizations);
  \Drupal::service('ldap.detail_log')
    ->log('Available authorizations to test: @authorizations', [
    '@authorizations' => implode("\n", $proposed_ldap_authorizations),
  ], 'ldap_authorization');
  if (count($proposed_ldap_authorizations)) {
    return array_combine($proposed_ldap_authorizations, $proposed_ldap_authorizations);
  }
  return [];
}