/** * @Given /^groups memberships:$/ */ public function groupsMemberships(TableNode $table) { $memberships = $table->getHash(); foreach ($memberships as $membership) { // Find group node. $group_node = $membership['group']; foreach ($this->nodes as $node) { if ($node->type == 'group' && $node->title == $group_node) { $group_node = $node; } } // Subscribe nodes and users to group. if (isset($membership['members'])) { $members = explode(",", $membership['members']); foreach ($this->users as $user) { if (in_array($user->name, $members)) { og_group('node', $group_node->nid, array('entity' => $user, 'entity_type' => 'user', "membership type" => OG_MEMBERSHIP_TYPE_DEFAULT)); // Patch till i figure out why rules are not firing. if ($user->name == 'editor') { og_role_grant('node', $group_node->nid, $user->uid, 4); } } } } if (isset($membership['nodes'])) { $content = explode(",", $membership['nodes']); foreach ($this->nodes as $node) { if ($node->type != 'group' && in_array($node->title, $content)) { og_group('node', $group_node->nid, array('entity' => $node, 'entity_type' => 'node', 'state' => OG_STATE_ACTIVE)); } } } } }
/** * add user to group and grant a role. * * extends grantSingleAuthorization() * * @param drupal user objet $user * @param string $authorization_id in form organic group gid-rid such as 7-2 * @param array $user_auth_data is array specific to this consumer_type. Stored in $user->data['ldap_authorizations']['og_group'] * * @return TRUE if granted or grant exists, FALSE if not grantable or failed. */ public function grantSingleAuthorization(&$user, $authorization_id, &$user_auth_data) { $result = FALSE; $watchdog_tokens = array('%authorization_id' => $authorization_id, '%username' => $user->name, '%ogversion' => $this->ogVersion); if ($this->detailedWatchdogLog) { watchdog('ldap_auth_og', 'LdapAuthorizationConsumerOG.grantSingleAuthorization() beginning to grant authorization for $group_name=%group_name to user %username', $watchdog_tokens, WATCHDOG_DEBUG); } if ($this->ogVersion == 1) { list($gid, $rid) = @explode('-', $authorization_id); } else { list($group_type, $gid, $rid) = @explode(':', $authorization_id); $watchdog_tokens['%group_type'] = $group_type; } $watchdog_tokens['%gid'] = $gid; $watchdog_tokens['%rid'] = $rid; $watchdog_tokens['%uid'] = $user->uid; $available_consumer_ids = $this->availableConsumerIDs(TRUE); // CASE 1: Bad Parameters if (!$authorization_id || !$gid || !$rid || !is_object($user) || $this->ogVersion == 2 && !$group_type) { watchdog('ldap_auth_og', 'LdapAuthorizationConsumerOG.grantSingleAuthorization() improper parameters.', $watchdog_tokens, WATCHDOG_ERROR); return FALSE; } // CASE 2: gid-rid does not exist if (!in_array($authorization_id, $available_consumer_ids)) { $result = FALSE; watchdog('ldap_authorization_og', 'LdapAuthorizationConsumerOG.grantSingleAuthorization() failed to grant %username the group-role %authorization_id because group-role does not exist', $watchdog_tokens, WATCHDOG_ERROR); return FALSE; } $ldap_granted = $this->hasLdapGrantedAuthorization($user, $authorization_id); $granted = $this->hasAuthorization($user, $authorization_id); // CASE 3: user already granted permissions via ldap grant if ($ldap_granted && $granted) { watchdog('ldap_auth_og', 'LdapAuthorizationConsumerOG.grantSingleAuthorization() <hr />not granted: gid=%gid, for username=%username, <br />because user already belongs to group', $watchdog_tokens, WATCHDOG_DEBUG); return TRUE; } // CASE 4: user already granted permissions, but NOT via ldap grant if ($granted && !$ldap_granted) { // need to make ldap granted watchdog('ldap_authorization_og', 'LdapAuthorizationConsumerOG.grantSingleAuthorization() <hr />membership already exists for: gid=%gid, rid=%rid, for username=%username, <br />but made ldap granted.', $watchdog_tokens, WATCHDOG_DEBUG); return TRUE; // return true so is made ldap granted, even though membership is not created. } // CASE 5: grant role if ($this->detailedWatchdogLog) { watchdog('ldap_auth_og', 'LdapAuthorizationConsumerOG.grantSingleAuthorization() calling og_role_grant(%group_type, %gid, %uid, %rid). og version=%ogversion', $watchdog_tokens, WATCHDOG_DEBUG); } if ($this->ogVersion == 2) { $values = array('entity_type' => 'user', 'entity' => $user->uid, 'field_name' => FALSE, 'state' => OG_STATE_ACTIVE); $og_membership = og_group($group_type, $gid, $values); og_role_grant($group_type, $gid, $user->uid, $rid); } else { $values = array('entity type' => 'user', 'entity' => $user, 'state' => OG_STATE_ACTIVE, 'membership type' => OG_MEMBERSHIP_TYPE_DEFAULT); watchdog('ldap_auth_og', 'og_group1', $watchdog_tokens, WATCHDOG_DEBUG); $user_entity = og_group($gid, $values); watchdog('ldap_auth_og', 'og_role_grant1', $watchdog_tokens, WATCHDOG_DEBUG); og_role_grant($gid, $user->uid, $rid); } if ($this->detailedWatchdogLog) { watchdog('ldap_auth_og', 'LdapAuthorizationConsumerOG.grantSingleAuthorization() <hr />granted: group_type=%group_type gid=%gid, rid=%rid for username=%username', $watchdog_tokens, WATCHDOG_DEBUG); } return TRUE; }
/** * Creates multiple group memberships. * * Provide group membership data in the following format: * * | user | group | role on group | membership status | * | Foo | The Group | administrator member | Active | * * @Given group memberships: */ public function addGroupMemberships(TableNode $groupMembershipsTable) { foreach ($groupMembershipsTable->getHash() as $groupMembershipHash) { if (isset($groupMembershipHash['group']) && isset($groupMembershipHash['user'])) { $group = $this->getGroupByName($groupMembershipHash['group']); $user = user_load_by_name($groupMembershipHash['user']); // Add user to group with the proper group permissions and status if ($group && $user) { // Add the user to the group og_group("node", $group->nid, array("entity type" => "user", "entity" => $user, "membership type" => OG_MEMBERSHIP_TYPE_DEFAULT, "state" => $this->getMembershipStatusByName($groupMembershipHash['membership status']))); // Grant user roles $group_role = $this->getGroupRoleByName($groupMembershipHash['role on group']); og_role_grant("node", $group->nid, $user->uid, $group_role); } else { if (!$group) { throw new Exception(sprintf("No group was found with name %s.", $groupMembershipHash['group'])); } if (!$user) { throw new Exception(sprintf("No user was found with name %s.", $groupMembershipHash['user'])); } } } else { throw new Exception(sprintf("The group and user information is required.")); } } }
public function og2Grants($og_actions, &$user, &$user_auth_data) { foreach ($og_actions['grants'] as $group_entity_type => $gids) { foreach ($gids as $gid => $granting_rids) { // all rids ldap believes user should be granted and attributed to ldap $all_group_roles = og_roles($group_entity_type, FALSE, $gid, FALSE, TRUE); // all roles rid => role_name array w/ authen or anon roles $authenticated_rid = array_search(OG_AUTHENTICATED_ROLE, $all_group_roles); $anonymous_rid = array_search(OG_ANONYMOUS_ROLE, $all_group_roles); $all_group_rids = array_keys($all_group_roles); // all rids array w/ authen or anon rids $users_group_rids = array_keys(og_get_user_roles($group_entity_type, $gid, $user->uid, TRUE)); // users current rids w/authen or anon roles returned $users_group_rids = array_diff($users_group_rids, array($anonymous_rid)); $new_rids = array_diff($granting_rids, $users_group_rids, array($anonymous_rid)); // rids to be added without anonymous rid // debug("new rids"); debug($new_rids);debug("granting_rids"); debug($granting_rids);debug("users_group_rids"); debug($users_group_rids); // if adding OG_AUTHENTICATED_ROLE or any other role and does not currently have OG_AUTHENTICATED_ROLE, group if (!in_array($authenticated_rid, $users_group_rids) && count($new_rids) > 0) { $values = array('entity_type' => 'user', 'entity' => $user->uid, 'field_name' => FALSE, 'state' => OG_STATE_ACTIVE); $og_membership = og_group($group_entity_type, $gid, $values); // debug("consumer_id=$consumer_id, og group called( $group_entity_type, $gid, values:"); debug($values); debug("response og_membership"); debug($og_membership); $consumer_id = join(':', array($group_entity_type, $gid, $authenticated_rid)); $user_auth_data[$consumer_id] = array('date_granted' => time(), 'consumer_id_mixed_case' => $consumer_id); $new_rids = array_diff($new_rids, array($authenticated_rid)); // granted on membership creation } foreach ($new_rids as $i => $rid) { // debug("role grant $group_entity_type $gid $user->uid $rid"); og_role_grant($group_entity_type, $gid, $user->uid, $rid); } foreach ($granting_rids as $i => $rid) { // attribute to ldap regardless of if is being granted. $consumer_id = join(':', array($group_entity_type, $gid, $rid)); $user_auth_data[$consumer_id] = array('date_granted' => time(), 'consumer_id_mixed_case' => $consumer_id); } } } }
/** * @param $user * @param $course_title * @throws \Exception */ private function makeInstructorOfCourse($user, $course_title) { // For now, instructors are all admins of the group $group_role = 'administrator member'; $group = $this->findNodeByTitle('course', $course_title); $roles = og_roles('node', $group->type, $group->nid); $rid = array_search($group_role, $roles); if (!$rid) { throw new \Exception(sprintf("'%s' is not a valid group role.", $group_role)); } og_role_grant('node', $group->nid, $user->uid, $rid); }
/** * Grants the given role to the current user, for the given group. * * @Given /^I am a "([^"]*)" of the group "([^"]*)"$/ */ public function iAmAMemberOfTheGroup($role, $group_name) { // Get group $group = $this->getGroupByName($group_name); $role = $this->getGroupRoleByName($role); $account = $this->dkanContext->getCurrentUser(); if (isset($account)) { og_group('node', $group->getIdentifier(), array("entity type" => "user", "entity" => $account, "membership type" => OG_MEMBERSHIP_TYPE_DEFAULT)); og_role_grant('node', $group->getIdentifier(), $account->uid, $role); } else { throw new \InvalidArgumentException(sprintf('Could not find current user')); } }
/** * grant single authorization * * @see ldapAuthorizationConsumerAbstract::grantSingleAuthorization() * */ public function grantSingleAuthorization(&$user, $consumer_id, $consumer, &$user_auth_data, $reset = FALSE) { $watchdog_tokens = array('%consumer_id' => $consumer_id, '%username' => $user->name, '%ogversion' => $this->ogVersion, '%function' => 'LdapAuthorizationConsumerOG.grantSingleAuthorization()'); if ($this->hasAuthorization($user, $consumer_id)) { og_invalidate_cache(); // if trying to grant, but things already granted, flush cache if ($this->hasAuthorization($user, $consumer_id)) { return TRUE; } } if (empty($consumer['exists'])) { if ($this->detailedWatchdogLog) { watchdog('ldap_auth_og', '%function consumer_id %consumer_id does not exist', $watchdog_tokens, WATCHDOG_DEBUG); } return FALSE; } if ($this->ogVersion == 1) { list($gid, $rid) = @explode('-', $consumer_id); } else { list($group_entity_type, $gid, $rid) = @explode(':', $consumer_id); $watchdog_tokens['%entity_type'] = $group_entity_type; } $watchdog_tokens['%gid'] = $gid; $watchdog_tokens['%rid'] = $rid; $watchdog_tokens['%uid'] = $user->uid; $watchdog_tokens['%entity_type'] = $group_entity_type; // CASE: grant role if ($this->detailedWatchdogLog) { watchdog('ldap_auth_og', '%function calling og_role_grant(%entity_type, %gid, %uid, %rid). og version=%ogversion', $watchdog_tokens, WATCHDOG_DEBUG); } if ($this->ogVersion == 1) { $values = array('entity type' => 'user', 'entity' => $user, 'state' => OG_STATE_ACTIVE, 'membership type' => OG_MEMBERSHIP_TYPE_DEFAULT); $user_entity = og_group($gid, $values); og_role_grant($gid, $user->uid, $rid); if ($reset) { og_invalidate_cache(); } } else { $values = array('entity_type' => 'user', 'entity' => $user->uid, 'field_name' => FALSE, 'state' => OG_STATE_ACTIVE); $og_membership = og_group($group_entity_type, $gid, $values); og_role_grant($group_entity_type, $gid, $user->uid, $rid); if ($reset) { og_invalidate_cache(array($gid)); } } if ($this->detailedWatchdogLog) { watchdog('ldap_auth_og', '%function <hr />granted: entity_type=%entity_type gid=%gid, rid=%rid for username=%username', $watchdog_tokens, WATCHDOG_DEBUG); } return TRUE; }
/** * Adds a member to an organic group with the specified role. * * @param object $account * The user to be added in group. * @param string $group_role * The machine name of the group role. * @param object $group * The group node. * @param string $group_type * (optional) The group's entity type. * * @throws \Exception * Print out descriptive error message by throwing an exception. */ protected function addMembertoGroup($account, $group_role, $group, $group_type = 'node') { list($gid, , ) = entity_extract_ids($group_type, $group); $membership = og_group($group_type, $gid, array('entity type' => 'user', 'entity' => $account)); if (!$membership) { throw new \Exception("The Organic Group membership could not be created."); } // Add role for membership. $roles = og_roles($group_type, $group->type, $gid); $rid = array_search($group_role, $roles); if (!$rid) { throw new \Exception("'{$group_role}' is not a valid group role."); } og_role_grant($group_type, $gid, $account->uid, $rid); }