/**
* Grant OG permissions.
*
* @param string $role_name
* OG role machine name.
* @param mixed $permissions
* Array of permissions, each value is a permission string.
* @param object $entity
* Entity object.
* @param string $entity_type
* Entity type.
* @param string $module
* Module machine name the permissions belong to.
*
* @return bool
* TRUE if permission granting was successful, FALSE otherwise.
*/
public function grantOgPermissions($role_name, $permissions, $entity, $entity_type, $module = '')
{
// Due to a race condition problem in og_role_grant_permissions()
// when ran during in installation profile we are forced to
// manually set permissions in the database, also specifying their module.
$role = $this->getOgRole($entity, $entity_type, $role_name);
if ($role) {
foreach ($permissions as $permission) {
db_merge('og_role_permission')->key(array('rid' => $role->rid, 'permission' => $permission, 'module' => $module))->execute();
}
og_invalidate_cache();
return TRUE;
} else {
return FALSE;
}
}
public function flushRelatedCaches($consumers = NULL, $user = NULL)
{
if ($user) {
$this->usersAuthorizations($user, TRUE, FALSE);
// clear user authorizations cache
}
if ($this->ogVersion == 1) {
og_group_membership_invalidate_cache();
} else {
og_membership_invalidate_cache();
}
if ($consumers) {
$gids_to_clear_cache = array();
foreach ($consumers as $i => $consumer_id) {
if ($this->ogVersion == 1) {
// og 7.x-1.x
list($gid, $rid) = $this->og1ConsumerIdParts($consumer_id);
} else {
list($entity_type, $gid, $rid) = $this->og2ConsumerIdParts($consumer_id);
}
$gids_to_clear_cache[$gid] = $gid;
}
og_invalidate_cache(array_keys($gids_to_clear_cache));
} else {
og_invalidate_cache();
}
}
/**
* grant single authorization
*
* @see ldapAuthorizationConsumerAbstract::grantSingleAuthorization()
*
*/
public function grantSingleAuthorization(&$user, $consumer_id, $consumer, &$user_auth_data, $reset = FALSE)
{
$watchdog_tokens = array('%consumer_id' => $consumer_id, '%username' => $user->name, '%ogversion' => $this->ogVersion, '%function' => 'LdapAuthorizationConsumerOG.grantSingleAuthorization()');
if ($this->hasAuthorization($user, $consumer_id)) {
og_invalidate_cache();
// if trying to grant, but things already granted, flush cache
if ($this->hasAuthorization($user, $consumer_id)) {
return TRUE;
}
}
if (empty($consumer['exists'])) {
if ($this->detailedWatchdogLog) {
watchdog('ldap_auth_og', '%function consumer_id %consumer_id does not exist', $watchdog_tokens, WATCHDOG_DEBUG);
}
return FALSE;
}
if ($this->ogVersion == 1) {
list($gid, $rid) = @explode('-', $consumer_id);
} else {
list($group_entity_type, $gid, $rid) = @explode(':', $consumer_id);
$watchdog_tokens['%entity_type'] = $group_entity_type;
}
$watchdog_tokens['%gid'] = $gid;
$watchdog_tokens['%rid'] = $rid;
$watchdog_tokens['%uid'] = $user->uid;
$watchdog_tokens['%entity_type'] = $group_entity_type;
// CASE: grant role
if ($this->detailedWatchdogLog) {
watchdog('ldap_auth_og', '%function calling og_role_grant(%entity_type, %gid, %uid, %rid). og version=%ogversion', $watchdog_tokens, WATCHDOG_DEBUG);
}
if ($this->ogVersion == 1) {
$values = array('entity type' => 'user', 'entity' => $user, 'state' => OG_STATE_ACTIVE, 'membership type' => OG_MEMBERSHIP_TYPE_DEFAULT);
$user_entity = og_group($gid, $values);
og_role_grant($gid, $user->uid, $rid);
if ($reset) {
og_invalidate_cache();
}
} else {
$values = array('entity_type' => 'user', 'entity' => $user->uid, 'field_name' => FALSE, 'state' => OG_STATE_ACTIVE);
$og_membership = og_group($group_entity_type, $gid, $values);
og_role_grant($group_entity_type, $gid, $user->uid, $rid);
if ($reset) {
og_invalidate_cache(array($gid));
}
}
if ($this->detailedWatchdogLog) {
watchdog('ldap_auth_og', '%function <hr />granted: entity_type=%entity_type gid=%gid, rid=%rid for username=%username', $watchdog_tokens, WATCHDOG_DEBUG);
}
return TRUE;
}
