You are here

Home » API reference » LDAP integration 5.2 » ldapgroups.module

function ldapgroups_user_login in LDAP integration 5.2

Same name and namespace in other branches
  1. 5 ldapgroups.module \ldapgroups_user_login()
  2. 6 ldapgroups.inc \ldapgroups_user_login()
1 call to ldapgroups_user_login()
ldapgroups_user in ./ldapgroups.module

File

./ldapgroups.module, line 226

Code

function ldapgroups_user_login(&$user) {
  global $ldap_group_role_mappings;
  if (!$user->ldap_authentified) {
    return true;
  }

  // First, we take every mapped role from the user, later below
  // we'll grant back those deserved.
  $user->ldap_drupal_roles = isset($user->ldap_drupal_roles) ? $user->ldap_drupal_roles : array();
  foreach ($user->ldap_drupal_roles as $role) {
    _ldapgroups_deny_role($user, $role);
  }

  // Then, we figure out the appropriate groups
  $groups = _ldapgroups_detect_groups();
  if ($groups === false) {

    // Oh, this means this user didn't even have to be here. Bye!
    return true;
  }

  // Now we give them friendly names
  $roles = array();
  foreach ($groups as $group) {
    if ($role = $ldap_group_role_mappings[$group]) {

      // Just that
    }
    else {
      if (preg_match('/^[^=]*=([^,]*),.*$/', $group, $matches)) {
        $role = $matches[1];
      }
      else {
        $role = $group;
      }
    }
    if ($role) {
      $roles[] = $role;
    }
  }

  // Next, we apply site-specific rules
  if (function_exists('ldapgroups_roles_filter')) {
    $roles = ldapgroups_roles_filter($roles);
  }
  else {

    // grant all the roles
    $roles = $groups;
  }

  // At this point, the roles are in the full DN format
  // Turn them in into friendly names
  // Finally, we grant the roles

  //need to check for empty roles
  if ($roles) {
    foreach ($roles as $role) {
      if ($friendly_role = $ldap_group_role_mappings[$role]) {

        // Just that
      }
      else {
        if (preg_match('/^[^=]*=([^,]*),.*$/', $role, $matches)) {
          $friendly_role = $matches[1];
        }
        else {
          $friendly_role = $role;
        }
      }
      _ldapgroups_create_role($friendly_role);
      _ldapgroups_grant_role($user, $friendly_role);
    }
  }

  // Store roles in the user object so we know which ones
  // were granted here
  user_save($user, array(
    'ldap_drupal_roles' => $roles,
  ));
}