class LdapAuthorizationOg2Tests in Lightweight Directory Access Protocol (LDAP) 8.2
Same name and namespace in other branches
- 7.2 ldap_authorization/tests/Og2Tests.test \LdapAuthorizationOg2Tests
- 7 ldap_authorization/tests/Og/Og2.test \LdapAuthorizationOg2Tests
Hierarchy
- class \LdapTestCase extends \DrupalWebTestCase
- class \LdapAuthorizationOg2Tests
Expanded class hierarchy of LdapAuthorizationOg2Tests
File
- ldap_authorization/
tests/ Og2Tests.test, line 16
View source
class LdapAuthorizationOg2Tests extends LdapTestCase {
public $groupEntityType = 'node';
public $groupBundle = 'group';
public $groupType = 'node';
public $group_content_type = NULL;
public $group_nodes = array();
public $user1;
public $consumerType = 'og_group';
public $module_name = 'ldap_authorization_og';
protected $ldap_test_data;
public $customOgRoles = array(
'dungeon-master' => array(
'entity_type' => 'node',
'bundle_type' => 'group',
),
'time-keeper' => array(
'entity_type' => 'node',
'bundle_type' => 'group',
),
);
public static function getInfo() {
return array(
'group' => 'LDAP Authorization',
'name' => 'OG 7.x-2.x Tests.',
'description' => 'Test ldap authorization og 2.',
);
}
function __construct($test_id = NULL) {
parent::__construct($test_id);
}
function setUp($addl_modules = array()) {
parent::setUp(array(
'ldap_authentication',
'ldap_authorization',
'ldap_authorization_og',
));
variable_set('ldap_simpletest', 2);
if (ldap_authorization_og_og_version() != 2) {
debug('LdapAuthorizationOg2Tests must be run with OG 7.x-2.x');
return;
}
$this->user1 = $this
->drupalCreateUser();
$this->groups = array();
$this
->prepTestData(LDAP_TEST_LDAP_NAME, array(
'activedirectory1',
));
// Create group and group content node types.
$this->groupBundle = $this
->drupalCreateContentType(array(
'type' => 'group',
'name' => 'OG Group',
))->type;
og_create_field(OG_GROUP_FIELD, $this->groupEntityType, $this->groupBundle);
og_create_field(OG_AUDIENCE_FIELD, $this->groupEntityType, $this->groupBundle);
// create og group for each group in group csv
$this->testFunctions
->populateFakeLdapServerData(LDAP_TEST_LDAP_NAME, 'activedirectory1');
$this->testFunctions
->getCsvLdapData(LDAP_TEST_LDAP_NAME);
foreach ($this->testFunctions->csvTables['groups'] as $guid => $group) {
$label = $group['cn'];
$settings = array();
$settings['type'] = $this->groupBundle;
$settings[OG_GROUP_FIELD][LANGUAGE_NONE][0]['value'] = 1;
$settings['uid'] = $this->user1->uid;
$settings['title'] = $label;
$settings['type'] = 'group';
$this->group_nodes[$label] = $this
->drupalCreateNode($settings);
}
}
public function createCustomRoles() {
foreach ($this->customOgRoles as $og_role_name => $og_role) {
$role = new stdClass();
$role->gid = 0;
$role->group_type = $og_role['entity_type'];
$role->group_bundle = $og_role['bundle_type'];
$role->name = $og_role_name;
$status = og_role_save($role);
}
}
/**
* get test data in convenient format, so tests are easier to read and write
*/
public function getTestData($debug = FALSE) {
$group_nodes = array();
$group_nids = array();
$group_entity_ids = array();
$roles = array();
$roles_by_name = array();
$consumer_ids = array();
foreach (array(
'gryffindor',
'students',
'faculty',
'users',
'hufflepuff',
'slytherin',
) as $i => $group_name) {
list($group_nodes[$group_name], $group_entity_ids[$group_name]) = ldap_authorization_og2_get_group_from_name($this->groupEntityType, $group_name);
$nid = $group_nodes[$group_name]->nid;
$group_nids[$group_name] = $nid;
$roles[$group_name] = og_roles($this->groupEntityType, $this->groupBundle, $nid, FALSE, TRUE);
$roles_by_name[$group_name] = array_flip($roles[$group_name]);
foreach ($roles[$group_name] as $rid => $role_name) {
$consumer_ids[$group_name][$role_name] = ldap_authorization_og_authorization_id($nid, $rid, 'node');
$consumer_ids[$group_name][$rid] = ldap_authorization_og_authorization_id($nid, $rid, 'node');
}
}
if ($debug) {
debug("group_nids");
debug($group_nids);
debug("group_entity_ids");
debug($group_entity_ids);
debug("roles");
debug($roles);
debug("roles_by_name");
debug($roles_by_name);
}
return array(
$group_nodes,
$group_nids,
$group_entity_ids,
$roles_by_name,
$consumer_ids,
);
}
/**
* just make sure install succeeds and
*/
function testBasicFunctionsAndApi() {
if (ldap_authorization_og_og_version() != 2) {
debug('LdapAuthorizationOg2Tests must be run with OG 7.x-2.x');
return;
}
$this
->createCustomRoles();
$all_roles = og_roles($this->groupEntityType, $this->groupBundle, 0, FALSE, TRUE);
$this->ldapTestId = $this->module_name . ': setup success';
// just to give warning if setup doesn't succeed. may want to take these out at some point.
$setup_success = module_exists('ldap_authentication') && module_exists('ldap_servers') && module_exists('ldap_user') && module_exists('ldap_authorization') && module_exists('ldap_authorization_og') && config('ldap_test.settings')
->get('simpletest') == 2;
$this
->assertTrue($setup_success, ' ldap_authorizations og setup successful', $this->ldapTestId);
$this->ldapTestId = $this->module_name . ': cron test';
$this
->assertTrue(drupal_cron_run(), t('Cron can run with ldap authorization og enabled.'), $this->ldapTestId);
/***
* I. some basic tests to make sure og module's apis are working before testing ldap_authorization_og
* if these aren't working as expected, no ldap authorization og functionality will work.
*/
$web_user = $this
->drupalCreateUser();
$this->ldapTestId = $this->module_name . ': og2 functions';
list($group_nodes, $group_nids, $group_entity_ids, $roles_by_name, $consumer_ids) = $this
->getTestData(TRUE);
/**
* II.0 basic granting tests to make sure og_role_grant, ldap_authorization_og_rid_from_role_name,
* and ldap_authorization_og2_get_group functions work
* og_is_member($group_type, $gid, $entity_type = 'user', $entity = NULL, $states = array(OG_STATE_ACTIVE))
*/
$values = array(
'entity_type' => 'user',
'entity' => $web_user->uid,
'field_name' => FALSE,
'state' => OG_STATE_ACTIVE,
);
$og_gryffindor_membership = og_group($this->groupType, $group_nids['gryffindor'], $values);
$og_faculty_membership = og_group($this->groupType, $group_nids['faculty'], $values);
og_role_grant($this->groupType, $group_nids['gryffindor'], $web_user->uid, $roles_by_name['gryffindor'][OG_AUTHENTICATED_ROLE]);
og_role_grant($this->groupType, $group_nids['faculty'], $web_user->uid, $roles_by_name['faculty'][OG_ADMINISTRATOR_ROLE]);
og_role_grant($this->groupType, $group_nids['faculty'], $web_user->uid, $roles_by_name['faculty']['dungeon-master']);
og_role_grant($this->groupType, $group_nids['faculty'], $web_user->uid, $roles_by_name['faculty'][OG_AUTHENTICATED_ROLE]);
$web_user = user_load($web_user->uid, TRUE);
// need to reload because of issue with og_group and og_role_grant
$ids = array(
$web_user->uid,
);
$user_entity = entity_load('user', $ids);
$this
->assertTrue(og_is_member($this->groupType, $group_nids['gryffindor'], 'user', $web_user), 'User is member of Group gryffindor without LDAP (based on og_is_member() function)', $this->ldapTestId);
$this
->assertTrue(og_is_member($this->groupType, $group_nids['faculty'], 'user', $web_user), 'User is member of Group faculty without LDAP (based on og_is_member() function)', $this->ldapTestId);
$this
->assertTrue(ldap_authorization_og2_has_role($this->groupType, $group_nids['gryffindor'], $web_user->uid, OG_AUTHENTICATED_ROLE), 'User is member of Group gryffindor without LDAP (based on dap_authorization_og_has_role() function)', $this->ldapTestId);
$this
->assertTrue(ldap_authorization_og2_has_role($this->groupType, $group_nids['faculty'], $web_user->uid, OG_AUTHENTICATED_ROLE), 'User is member of Group faculty without LDAP (based on ldap_authorization_og2_has_role() function)', $this->ldapTestId);
$this
->assertTrue(ldap_authorization_og2_has_role($this->groupType, $group_nids['faculty'], $web_user->uid, OG_ADMINISTRATOR_ROLE), 'User is administrator member of Group faculty without LDAP (based on dap_authorization_og_has_role() function)', $this->ldapTestId);
/***
* II.A. construct ldapauthorization og object and test methods.
* (unit tests for methods and class without any ldap user context).
*/
//
$this->ldapTestId = $this->module_name . ': LdapAuthorizationConsumerOG class';
$og_auth = new LdapAuthorizationConsumerOG('og_group');
$this
->assertTrue(is_object($og_auth), 'Successfully instantiated LdapAuthorizationConsumerOG', $this->ldapTestId);
$this
->assertTrue($og_auth->consumerType == 'og_group', 'LdapAuthorizationConsumerOG ConsumerType set properly', $this->ldapTestId);
$this
->assertTrue($og_auth
->hasAuthorization($web_user, ldap_authorization_og_authorization_id($group_nids['faculty'], $roles_by_name['faculty'][OG_ADMINISTRATOR_ROLE], 'node')), 'hasAuthorization() method works for non LDAP provisioned og authorization, faculty admin role', $this->ldapTestId);
$should_haves = array(
$consumer_ids['gryffindor'][OG_AUTHENTICATED_ROLE] => 'gryffindor member',
$consumer_ids['faculty'][OG_AUTHENTICATED_ROLE] => 'faculty member',
$consumer_ids['faculty'][OG_ADMINISTRATOR_ROLE] => 'faculty admin',
$consumer_ids['faculty']['dungeon-master'] => 'faculty dungeon master',
);
foreach ($should_haves as $consumer_id => $descriptor) {
$this
->assertTrue(ldap_authorization_og2_has_consumer_id($consumer_id, $web_user->uid), "LdapAuthorizationConsumerOG usersAuthorizations() for {$descriptor} - {$consumer_id}", $this->ldapTestId);
}
$ldap_entry = NULL;
$user_data = array();
$web_user = user_load($web_user->uid, TRUE);
$this
->assertTrue(ldap_authorization_og2_has_consumer_id($consumer_ids['faculty']['dungeon-master'], $web_user->uid), "LdapAuthorizationConsumerOG has faculty member role BEFORE authorizationRevoke() test revoke on member role " . $consumer_ids['faculty']['dungeon-master'], $this->ldapTestId);
$web_user = user_load($web_user->uid, TRUE);
$consumers = array(
$consumer_ids['faculty']['dungeon-master'] => $og_auth->emptyConsumer,
);
$og_auth
->authorizationRevoke($web_user, $user_data, $consumers, $ldap_entry, TRUE);
$result = ldap_authorization_og2_has_consumer_id($consumer_ids['faculty']['dungeon-master'], $web_user->uid);
$this
->assertFalse($result, "LdapAuthorizationConsumerOG authorizationRevoke() test revoke on member role " . $consumer_ids['faculty']['dungeon-master'], $this->ldapTestId);
$web_user = user_load($web_user->uid, TRUE);
$consumers = array(
$consumer_ids['faculty']['dungeon-master'] => $og_auth->emptyConsumer,
);
$og_auth
->authorizationRevoke($web_user, $user_data, $consumers, $ldap_entry, TRUE);
$this
->assertFalse(ldap_authorization_og2_has_consumer_id($consumer_ids['faculty']['dungeon-master'], $web_user->uid), "LdapAuthorizationConsumerOG authorizationRevoke() test revoke on custom member role role " . $consumer_ids['faculty']['dungeon-master'], $this->ldapTestId);
$web_user = user_load($web_user->uid, TRUE);
$initial_user_authorizations = $og_auth
->usersAuthorizations($web_user, TRUE, TRUE);
debug("initial_user_authorizations authorizations:");
debug($initial_user_authorizations);
debug("initial_user data:");
debug($web_user->data);
$og_auth
->authorizationGrant($web_user, $user_data, array(
$consumer_ids['students'][OG_AUTHENTICATED_ROLE] => $og_auth->emptyConsumer,
), $ldap_entry, TRUE);
$success = ldap_authorization_og2_has_consumer_id($consumer_ids['students'][OG_AUTHENTICATED_ROLE], $web_user->uid);
$this
->assertTrue($success, "LdapAuthorizationConsumerOG authorizationGrant() test grant on member role " . $consumer_ids['students'][OG_AUTHENTICATED_ROLE], $this->ldapTestId);
if (!$success) {
debug(array(
$user_data,
array(
$consumer_ids['students'][OG_AUTHENTICATED_ROLE] => $og_auth->emptyConsumer,
),
));
debug("user authorizations:");
debug($og_auth
->usersAuthorizations($web_user, TRUE));
}
$web_user = user_load($web_user->uid, TRUE);
$result = $og_auth
->authorizationRevoke($web_user, $user_data, array(
'node:454:44334' => $og_auth->emptyConsumer,
), $ldap_entry, TRUE);
$this
->assertFalse($result, 'LdapAuthorizationConsumerOG authorizationRevoke() test revoke of bogus authorization', $this->ldapTestId);
$web_user = user_load($web_user->uid, TRUE);
$result = $og_auth
->authorizationGrant($web_user, $user_data, array(
'node:454:44334' => $og_auth->emptyConsumer,
), $ldap_entry, TRUE);
$this
->assertFalse($result, 'LdapAuthorizationConsumerOG authorizationGrant() test grant of bogus authorization', $this->ldapTestId);
$web_user = user_load($web_user->uid, TRUE);
$result = $og_auth
->authorizationRevoke($web_user, $user_data, array(
'bogusformat',
), $ldap_entry, TRUE);
$this
->assertFalse($result, 'LdapAuthorizationConsumerOG authorizationRevoke() test revoke malformed params', $this->ldapTestId);
$web_user = user_load($web_user->uid, TRUE);
$result = $og_auth
->authorizationGrant($web_user, $user_data, array(
'bogusformat',
), $ldap_entry, TRUE);
$this
->assertFalse($result, 'LdapAuthorizationConsumerOG authorizationGrant() test grant malformed params', $this->ldapTestId);
/***
* II.B. Also test function in ldap_authorization_og.module
*/
list($students_group, $group_entity_id) = ldap_authorization_og2_get_group_from_name('node', 'students');
//debug("ldap_authorization_og2_get_group_from_name: students_group"); debug($students_group);
$this
->assertTrue($students_group->title == 'students', 'ldap_authorization_og2_get_group_from_name() function works', $this->ldapTestId);
$test = ldap_authorization_og2_has_role($this->groupType, $group_nids['gryffindor'], $web_user->uid, OG_ADMINISTRATOR_ROLE);
$this
->assertTrue($test, 'ldap_authorization_og2_has_role() function works', $this->ldapTestId);
$test = ldap_authorization_og2_has_role($this->groupType, $group_nids['students'], $web_user->uid, OG_ADMINISTRATOR_ROLE);
$this
->assertTrue($test === FALSE, 'ldap_authorization_og2_has_role() function fails with FALSE', $this->ldapTestId);
}
/**
* authorization configuration flags tests clumped together
*/
function testFlags() {
$sid = 'activedirectory1';
$this
->prepTestData(LDAP_TEST_LDAP_NAME, array(
$sid,
), 'provisionToDrupal', 'default', 'og_group2');
$og_group_consumer = ldap_authorization_get_consumers('og_group', TRUE, TRUE);
/**
* LDAP_authorz.Flags.status=0: Disable ldap_authorization_drupal_role configuration and make sure no authorizations performed
*/
list($props_set_display, $props_set_correctly) = $this
->checkConsumerConfSetup('og_group2');
$this
->assertTrue($props_set_correctly, 'Authorization Configuration set correctly in test setup', 'LDAP_authorz.Flags.setup.0');
if (!$props_set_correctly) {
debug('LDAP_authorz.Flags.setup.0 properties not set correctly');
debug($props_set_display);
}
$this->consumerAdminConf['og_group']->useFirstAttrAsGroupId = 0;
$this->consumerAdminConf['og_group']->status = 0;
$this->consumerAdminConf['og_group']
->save();
$user = $this
->drupalCreateUser(array());
$hpotter = $this->testFunctions
->drupalLdapUpdateUser(array(
'name' => 'hpotter',
'mail' => 'hpotter@hogwarts.edu',
), TRUE, $user);
list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($hpotter, 'query');
// just see if the correct ones are derived.
$groups1 = $new_authorizations['og_group'];
// debug('ldap_authorizations_user_authorizations disabled:'); debug($new_authorizations); debug($notifications);
$this
->assertTrue(count($new_authorizations['og_group']) == 0, 'disabled consumer configuration disallows authorizations.', 'LDAP_authorz.Flags.status.0');
list($group_nodes, $group_nids, $group_entity_ids, $roles_by_name, $consumer_ids) = $this
->getTestData(TRUE);
$this->consumerAdminConf['og_group']->status = 1;
$this->consumerAdminConf['og_group']
->save();
list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($hpotter, 'query', 'og_group');
// just see if the correct ones are derived.
//debug('ldap_authorizations_user_authorizations enabled: '); debug($new_authorizations); debug($notifications);
$correct_groups = !empty($new_authorizations['og_group'][$consumer_ids['students'][OG_AUTHENTICATED_ROLE]]) && !empty($new_authorizations['og_group'][$consumer_ids['gryffindor'][OG_AUTHENTICATED_ROLE]]);
$this
->assertTrue($correct_groups, 'enabled consumer configuration allows authorizations.', 'LDAP_authorz.Flags.status.1');
if (!$correct_groups) {
debug('LDAP_authorz.Flags.enable.1 roles with enabled');
debug($new_authorizations);
}
/**
* LDAP_authorz.onlyLdapAuthenticated=1: create normal user and
* apply authorization query. should return no roles
*/
$this->consumerAdminConf['og_group']->onlyApplyToLdapAuthenticated = 1;
$this->consumerAdminConf['og_group']->status = 1;
$this->consumerAdminConf['og_group']
->save();
$user = $this
->drupalCreateUser(array());
$hgrainger = $this->testFunctions
->drupalLdapUpdateUser(array(
'name' => 'hgrainger',
'mail' => 'hgrainger@hogwarts.edu',
), TRUE, $user);
// remove old authmap in case it exists so test will work
db_delete('authmap')
->condition('uid', $user->uid)
->condition('module', 'ldap_user')
->execute();
list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($hgrainger, 'query');
// just see if the correct ones are derived.
$success = isset($new_authorizations['og_group']) && count($new_authorizations['og_group']) == 0;
$this
->assertTrue($success, ' only apply to ldap authenticated grants no roles for non ldap user.', 'LDAP_authorz.onlyLdapAuthenticated.1');
if (!$success) {
debug('LDAP_authorz.onlyLdapAuthenticated.1');
debug($new_authorizations);
debug($this->testFunctions
->ldapUserIsAuthmapped('hgrainger'));
debug($notifications);
}
/**
* LDAP_authorz.Flags.synchOnLogon - execute logon and check that no roles are applied if disabled
*/
$this->consumerAdminConf['og_group']->synchOnLogon = 0;
$this->consumerAdminConf['og_group']
->save();
$edit = array(
'name' => 'hgrainger',
'pass' => 'goodpwd',
);
$this
->drupalPost('user', $edit, t('Log in'));
$this
->assertText(t('Member for'), 'New Ldap user with good password authenticated.', 'LDAP_authorz.Flags.synchOnLogon.0');
$this
->assertTrue($this->testFunctions
->ldapUserIsAuthmapped('hgrainger'), 'Ldap user properly authmapped.', 'LDAP_authorz.Flags.synchOnLogon.0');
$hgrainger = user_load_by_name('hgrainger');
$this
->drupalGet('user/logout');
$this->consumerAdminConf['og_group']->synchOnLogon = 1;
$this->consumerAdminConf['og_group']
->save();
$edit = array(
'name' => 'hgrainger',
'pass' => 'goodpwd',
);
$this
->drupalPost('user', $edit, t('Log in'));
$this
->assertText(t('Member for'), 'New Ldap user with good password authenticated.', 'LDAP_authorz.Flags.synchOnLogon=1');
$hgrainger = user_load_by_name('hgrainger');
$this
->drupalGet('user/logout');
// create a couple roles for next 2 tests
$troublemaker = new stdClass();
$troublemaker->name = 'troublemaker';
user_role_save($troublemaker);
$troublemaker = user_role_load_by_name('troublemaker');
$superadmin = new stdClass();
$superadmin->name = 'superadmin';
user_role_save($superadmin);
$superadmin = user_role_load_by_name('superadmin');
/**
* LDAP_authorz.Flags.revokeLdapProvisioned: test flag for
* removing manually granted roles
*
* $this->revokeLdapProvisioned == 1 : Revoke !consumer_namePlural previously granted by LDAP Authorization but no longer valid.
*
* grant roles via ldap and some not vai ldap manually,
* then alter ldap so they are no longer valid,
* then logon again and make sure the ldap provided roles are revoked and the drupal ones are not revoked
*
*/
$this->consumerAdminConf['og_group']->onlyApplyToLdapAuthenticated = 0;
$this->consumerAdminConf['og_group']->revokeLdapProvisioned = 1;
$this->consumerAdminConf['og_group']->createConsumers = 1;
$this->consumerAdminConf['og_group']
->save();
// set correct roles manually
$hpotter = user_load_by_name('hpotter');
user_delete($hpotter->uid);
$user = $this
->drupalCreateUser(array());
$hpotter = $this->testFunctions
->drupalLdapUpdateUser(array(
'name' => 'hpotter',
'mail' => 'hpotter@hogwarts.edu',
), TRUE, $user);
$edit = array(
'name' => 'hpotter',
'pass' => 'goodpwd',
);
$this
->drupalPost('user', $edit, t('Log in'));
$this
->assertText(t('Member for'), 'New Ldap user with good password authenticated.', 'LDAP_authorz.Flags.revokeLdapProvisioned=1');
$hpotter = user_load_by_name('hpotter');
// add an underserved, ldap granted drupal role superadmin
// and an undeserved, non ldap granted role troublemaker
$hpotter = user_load($hpotter->uid, TRUE);
$roles = $hpotter->roles;
$roles[$troublemaker->rid] = $troublemaker->name;
$roles[$superadmin->rid] = $superadmin->name;
$data = array(
'roles' => $roles,
'data' => array(
'ldap_authorizations' => array(
'og_group' => array(
$superadmin->name => array(
'date_granted' => 1304216778,
),
),
),
),
);
$hpotter = user_save($hpotter, $data);
// apply correct authorizations. should remove the administrator role but not the manually created 'troublemaker' role
list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($hpotter, 'set', 'og_group', 'logon');
$hpotter = user_load($hpotter->uid, TRUE);
$this
->assertTrue(!isset($new_authorizations['og_group'][$superadmin->rid]), ' revoke superadmin ldap granted roles when no longer deserved.', 'LDAP_authorz.Flags.revokeLdapProvisioned=1');
/**
* LDAP_authorz.Flags.regrantLdapProvisioned
* $this->regrantLdapProvisioned == 1 :
* Re grant !consumer_namePlural previously granted
* by LDAP Authorization but removed manually.
*
* - manually remove ldap granted role
* - logon
* - check if regranted
*/
$this
->drupalGet('user/logout');
$this->consumerAdminConf['og_group']->regrantLdapProvisioned = 1;
$this->consumerAdminConf['og_group']
->save();
$hpotter = user_load($hpotter->uid, TRUE);
$roles = $hpotter->roles;
unset($roles[$superadmin->rid]);
user_save($hpotter, array(
'roles' => $roles,
));
$hpotter = user_load($hpotter->uid, TRUE);
list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($hpotter, 'set', 'og_group', 'logon');
$hpotter = user_load($hpotter->uid, TRUE);
$success = !in_array('administrator', array_values($hpotter->roles));
$this
->assertTrue($success, 'regrant Ldap Provisioned roles that were manually revoked', 'LDAP_authorz.Flags.regrantLdapProvisioned=1');
if (!$success) {
debug('LDAP_authorz.Flags.regrantLdapProvisioned=1');
debug('hpotter roles');
debug($hpotter->roles);
debug('new_authorizations');
debug($new_authorizations);
}
/**
* LDAP_authorz.Flags.createConsumers=1
*/
if (!empty($og_group_consumer['allowConsumerObjectCreation']) && $og_group_consumer['allowConsumerObjectCreation']) {
//@todo. this needs to be finished when creation of og groups is added to ldap authorization og functionality
//add new mapping to and enable create consumers
$this
->prepTestData('hogwarts', array(
$sid,
), 'provisionToDrupal', 'default', 'drupal_role_default');
$this
->drupalGet('user/logout');
$new_role = 'oompa-loompas';
$this->consumerAdminConf['og_group']->createConsumers = 1;
$this->consumerAdminConf['og_group']->mappings[] = array(
'from' => 'cn=students,ou=groups,dc=hogwarts,dc=edu',
'user_entered' => $new_role,
'normalized' => 'node:' . $new_role . ':' . OG_AUTHENTICATED_ROLE,
'simplified' => $new_role,
'valid' => TRUE,
'error_message' => '',
);
$this->consumerAdminConf['og_group']
->save();
$edit = array(
'name' => 'hpotter',
'pass' => 'goodpwd',
);
$this
->drupalPost('user', $edit, t('Log in'));
$new_role_created = in_array($new_role, array_values(user_roles()));
$roles_by_name = array_flip(user_roles());
$hpotter = user_load_by_name('hpotter');
$hpotter = user_load($hpotter->uid, TRUE);
$role_granted = isset($hpotter->roles[$roles_by_name[$new_role]]);
debug('roles');
debug(user_roles());
debug('roles by name');
debug($roles_by_name);
debug('hpotter->roles');
debug($hpotter->roles);
debug("{$new_role_created} AND {$role_granted}");
$this
->assertTrue($new_role_created && $role_granted, 'create consumers (e.g. roles)', 'LDAP_authorz.Flags.createConsumers=1');
}
}
}