/** * Grant OG permissions. * * @param string $role_name * OG role machine name. * @param mixed $permissions * Array of permissions, each value is a permission string. * @param object $entity * Entity object. * @param string $entity_type * Entity type. * @param string $module * Module machine name the permissions belong to. * * @return bool * TRUE if permission granting was successful, FALSE otherwise. */ public function grantOgPermissions($role_name, $permissions, $entity, $entity_type, $module = '') { // Due to a race condition problem in og_role_grant_permissions() // when ran during in installation profile we are forced to // manually set permissions in the database, also specifying their module. $role = $this->getOgRole($entity, $entity_type, $role_name); if ($role) { foreach ($permissions as $permission) { db_merge('og_role_permission')->key(array('rid' => $role->rid, 'permission' => $permission, 'module' => $module))->execute(); } og_invalidate_cache(); return TRUE; } else { return FALSE; } }
public function flushRelatedCaches($consumers = NULL, $user = NULL) { if ($user) { $this->usersAuthorizations($user, TRUE, FALSE); // clear user authorizations cache } if ($this->ogVersion == 1) { og_group_membership_invalidate_cache(); } else { og_membership_invalidate_cache(); } if ($consumers) { $gids_to_clear_cache = array(); foreach ($consumers as $i => $consumer_id) { if ($this->ogVersion == 1) { // og 7.x-1.x list($gid, $rid) = $this->og1ConsumerIdParts($consumer_id); } else { list($entity_type, $gid, $rid) = $this->og2ConsumerIdParts($consumer_id); } $gids_to_clear_cache[$gid] = $gid; } og_invalidate_cache(array_keys($gids_to_clear_cache)); } else { og_invalidate_cache(); } }
/** * grant single authorization * * @see ldapAuthorizationConsumerAbstract::grantSingleAuthorization() * */ public function grantSingleAuthorization(&$user, $consumer_id, $consumer, &$user_auth_data, $reset = FALSE) { $watchdog_tokens = array('%consumer_id' => $consumer_id, '%username' => $user->name, '%ogversion' => $this->ogVersion, '%function' => 'LdapAuthorizationConsumerOG.grantSingleAuthorization()'); if ($this->hasAuthorization($user, $consumer_id)) { og_invalidate_cache(); // if trying to grant, but things already granted, flush cache if ($this->hasAuthorization($user, $consumer_id)) { return TRUE; } } if (empty($consumer['exists'])) { if ($this->detailedWatchdogLog) { watchdog('ldap_auth_og', '%function consumer_id %consumer_id does not exist', $watchdog_tokens, WATCHDOG_DEBUG); } return FALSE; } if ($this->ogVersion == 1) { list($gid, $rid) = @explode('-', $consumer_id); } else { list($group_entity_type, $gid, $rid) = @explode(':', $consumer_id); $watchdog_tokens['%entity_type'] = $group_entity_type; } $watchdog_tokens['%gid'] = $gid; $watchdog_tokens['%rid'] = $rid; $watchdog_tokens['%uid'] = $user->uid; $watchdog_tokens['%entity_type'] = $group_entity_type; // CASE: grant role if ($this->detailedWatchdogLog) { watchdog('ldap_auth_og', '%function calling og_role_grant(%entity_type, %gid, %uid, %rid). og version=%ogversion', $watchdog_tokens, WATCHDOG_DEBUG); } if ($this->ogVersion == 1) { $values = array('entity type' => 'user', 'entity' => $user, 'state' => OG_STATE_ACTIVE, 'membership type' => OG_MEMBERSHIP_TYPE_DEFAULT); $user_entity = og_group($gid, $values); og_role_grant($gid, $user->uid, $rid); if ($reset) { og_invalidate_cache(); } } else { $values = array('entity_type' => 'user', 'entity' => $user->uid, 'field_name' => FALSE, 'state' => OG_STATE_ACTIVE); $og_membership = og_group($group_entity_type, $gid, $values); og_role_grant($group_entity_type, $gid, $user->uid, $rid); if ($reset) { og_invalidate_cache(array($gid)); } } if ($this->detailedWatchdogLog) { watchdog('ldap_auth_og', '%function <hr />granted: entity_type=%entity_type gid=%gid, rid=%rid for username=%username', $watchdog_tokens, WATCHDOG_DEBUG); } return TRUE; }