/**
* @see LdapAuthorizationConsumerAbstract::createConsumer
*/
public function createConsumer($consumer_id, $consumer)
{
$roles_by_consumer_id = $this->existingRolesByRoleName();
$existing_role = isset($roles_by_consumer_id[$consumer_id]) ? $roles_by_consumer_id[$consumer_id] : FALSE;
if ($existing_role) {
return FALSE;
// role exists
} elseif (drupal_strlen($consumer_id) > 63) {
watchdog('ldap_authorization_drupal_role', 'Tried to create drupal role
with name of over 63 characters (%group_name). Please correct your
drupal ldap_authorization settings', array('%group_name' => $consumer_id));
return FALSE;
}
$new_role = new stdClass();
$new_role->name = empty($consumer['value']) ? $consumer_id : $consumer['value'];
if (!($status = user_role_save($new_role))) {
// if role is not created, remove from array to user object doesn't have it stored as granted
watchdog('user', 'failed to create drupal role %role in ldap_authorizations module', array('%role' => $new_role->name));
return FALSE;
} else {
$roles_by_consumer_id = $this->existingRolesByRoleName(TRUE);
// flush existingRolesByRoleName cache after creating new role
watchdog('user', 'created drupal role %role in ldap_authorizations module', array('%role' => $new_role->name));
}
return TRUE;
}
/**
* extends createConsumer method of base class
*
* creates of drupal roles may be mixed case. drupal doesn't
* differentiate, so case is ignored in comparing, but preserved
* for the actual created role name saved.
*
* **/
public function createConsumers($creates_mixed_case)
{
// 1. determins difference between existing drupal roles and ones that are requested to be created
$existing_roles_mixed_case = $this->availableConsumerIDs();
$creates_lower_case = array_map('drupal_strtolower', $creates_mixed_case);
$existing_roles_lower_case = array_map('drupal_strtolower', $existing_roles_mixed_case);
$roles_map_lc_to_mixed_case = array_combine($creates_lower_case, $creates_mixed_case);
$roles_to_create = array_unique(array_diff($creates_lower_case, $existing_roles_lower_case));
// 2. create each role that is needed
foreach ($roles_to_create as $i => $role_name_lowercase) {
if (strlen($role_name_lowercase) > 63) {
watchdog('ldap_authorization_drupal_role', 'Tried to create drupal role with name of over 63 characters (%group_name). Please correct your drupal ldap_authorization settings', array('%group_name' => $role_name_lowercase));
continue;
}
$role = new stdClass();
$role->name = $roles_map_lc_to_mixed_case[$role_name_lowercase];
if (!($status = user_role_save($role))) {
// if role is not created, remove from array to user object doesn't have it stored as granted
watchdog('user', 'failed to create drupal role %role in ldap_authorizations module', array('%role' => $role->name));
} else {
$created[] = $role->name;
watchdog('user', 'drupal role %role in ldap_authorizations module', array('%role' => $role->name));
}
}
// 3. return all existing user roles and flush cache of consumer ids.
$refreshed_available_consumer_ids = $this->availableConsumerIDs(TRUE);
if ($this->detailedWatchdogLog) {
$watchdog_tokens = array('%roles_to_create' => join(", ", $roles_to_create));
$watchdog_tokens = array('%existing_roles' => join(", ", $existing_roles_mixed_case));
$watchdog_tokens = array('%refreshed_available_consumer_ids' => join(", ", $refreshed_available_consumer_ids));
watchdog('ldap_authorization', 'LdapAuthorizationConsumerDrupalRole.createConsumers()
roles to create: %roles_to_create;
existing roles: %existing_roles;
available roles after createConsumers call: %refreshed_available_consumer_ids;', $watchdog_tokens, WATCHDOG_DEBUG);
}
return $refreshed_available_consumer_ids;
// return actual roles that exist, in case of failure
}
/**
* Creates a role with specified permissions.
*
* @param $permissions
* Array of permission names to assign to role.
* @param $name
* (optional) String for the name of the role. Defaults to a random string.
* @return
* Role name of newly created role, or FALSE if role creation failed.
*/
protected function backdropCreateRole(array $permissions, $name = NULL)
{
// Generate random name if it was not passed.
if (!$name) {
$name = $this->randomName();
}
// Check the all the permissions strings are valid.
if (!$this->checkPermissions($permissions)) {
return FALSE;
}
// Create new role.
$role = new stdClass();
$role->name = $name;
$role->label = $name;
user_role_save($role);
user_role_grant_permissions($role->name, $permissions);
$role = user_role_load($role->name);
$this->assertTrue(isset($role->name), t('Created role of name: @name', array('@name' => $name)), t('Role'));
if ($role && !empty($role->name)) {
$this->assertTrue(count($role->permissions) == count($permissions), t('Created permissions: @perms', array('@perms' => implode(', ', $permissions))), t('Role'));
return $role->name;
} else {
return FALSE;
}
}
/**
* Internal helper function; Create a role with specified permissions.
*
* @param $permissions
* Array of permission names to assign to role.
* @param $name
* (optional) String for the name of the role. Defaults to a random string.
* @return
* Role ID of newly created role, or FALSE if role creation failed.
*/
protected function drupalCreateRole(array $permissions, $name = NULL)
{
// Generate random name if it was not passed.
if (!$name) {
$name = $this->randomName();
}
// Check the all the permissions strings are valid.
if (!$this->checkPermissions($permissions)) {
return FALSE;
}
// Create new role.
$role = new stdClass();
$role->name = $name;
user_role_save($role);
user_role_grant_permissions($role->rid, $permissions);
$this->assertTrue(isset($role->rid), t('Created role of name: @name, id: @rid', array('@name' => $name, '@rid' => isset($role->rid) ? $role->rid : t('-n/a-'))), t('Role'));
if ($role && !empty($role->rid)) {
$count = db_query('SELECT COUNT(*) FROM {role_permission} WHERE rid = :rid', array(':rid' => $role->rid))->fetchField();
$this->assertTrue($count == count($permissions), t('Created permissions: @perms', array('@perms' => implode(', ', $permissions))), t('Role'));
return $role->rid;
} else {
return FALSE;
}
}
/**
* Create user role, given its name and weight.
*
* @param string $name
* Role machine name.
* @param int $weight
* Role weight.
*
* @return \stdClass
* Role object.
*/
public function createRole($name, $weight = 0)
{
$role = new \stdClass();
$role->name = $name;
$role->weight = $weight;
user_role_save($role);
return $role;
}
/**
* {@inheritDoc}
*/
public function roleCreate(array $permissions)
{
// Both machine name and permission title are allowed.
$all_permissions = $this->getAllPermissions();
foreach ($permissions as $key => $name) {
if (!isset($all_permissions[$name])) {
$search = array_search($name, $all_permissions);
if (!$search) {
throw new \RuntimeException(sprintf("No permission '%s' exists.", $name));
}
$permissions[$key] = $search;
}
}
// Create new role.
$role = new \stdClass();
$role->name = $this->random->name(8);
user_role_save($role);
user_role_grant_permissions($role->rid, $permissions);
if ($role && !empty($role->rid)) {
$count = db_query('SELECT COUNT(*) FROM {role_permission} WHERE rid = :rid', array(':rid' => $role->rid))->fetchField();
if ($count == count($permissions)) {
return $role->rid;
} else {
return FALSE;
}
} else {
return FALSE;
}
}
public function role_create($role_machine_name, $role_human_readable_name = '') {
return user_role_save((object)array('name' => $role_machine_name));
}
/**
* Implements Drupal\configuration\Config\Configuration::saveToActiveStore().
*/
public function saveToActiveStore(ConfigIteratorSettings &$settings)
{
$role = $this->getData();
if (!empty($role->machine_name) && ($existing = db_query("SELECT rid FROM {role} WHERE machine_name = :machine_name", array(':machine_name' => $role->machine_name))->fetchField())) {
$role->rid = $existing;
}
user_role_save($role);
$settings->addInfo('imported', $this->getUniqueId());
}
public function role_create($role_machine_name, $role_human_readable_name = '')
{
// In D6 and D7, when we create a new role, the role
// machine name is specified, and the numeric rid is
// auto-assigned (next available id); in D8, when we
// create a new role, we need to specify both the rid,
// which is now the role machine name, and also a human-readable
// role name. If the client did not provide a human-readable
// name, then we'll use the role machine name in its place.
if (empty($role_human_readable_name)) {
$role_human_readable_name = ucfirst($role_machine_name);
}
return user_role_save((object) array('name' => $role_human_readable_name, 'rid' => $role_machine_name));
}
/**
* {@inheritdoc}
*/
public function roleCreate(array $permissions)
{
// Both machine name and permission title are allowed.
$all_permissions = $this->getAllPermissions();
foreach ($permissions as $key => $name) {
if (!isset($all_permissions[$name])) {
$search = array_search($name, $all_permissions);
if (!$search) {
throw new \RuntimeException(sprintf("No permission '%s' exists.", $name));
}
$permissions[$key] = $search;
}
}
// Create new role.
$role = new \stdClass();
$role->name = $this->random->name(8);
user_role_save($role);
user_role_grant_permissions($role->rid, $permissions);
if ($role && !empty($role->rid)) {
return $role->name;
}
throw new \RuntimeException(sprintf('Failed to create a role with "" permission(s).', implode(', ', $permissions)));
}