public static function removeUserFromBastionProject($user, &$group) { global $wgOpenStackManagerRemoveUserFromBastionProjectOnShellDisable; global $wgOpenStackManagerRemoveUserFromAllProjectsOnShellDisable; global $wgOpenStackManagerBastionProjectName; // Check whether after removing the group the user would still // have the loginviashell permission. foreach ($user->getEffectiveGroups() as $g) { // Ignore the group that will be removed. if ($g === $group) { continue; } // If the user still has the loginviashell permission, we // can immediately return. if (User::groupHasPermission($g, 'loginviashell')) { return true; } } // At this point we know that the user will not have the // loginviashell permission after the group is removed so we // can remove him from the bastion projects if the // configuration requires that. $username = $user->getName(); if ($wgOpenStackManagerRemoveUserFromAllProjectsOnShellDisable) { // Get a users projects $userLDAP = new OpenStackNovaUser($username); foreach ($userLDAP->getProjects() as $projectName) { // Remove the user from the project $project = new OpenStackNovaProject($projectName); $project->deleteMember($username); } } elseif ($wgOpenStackManagerRemoveUserFromBastionProjectOnShellDisable) { // Remove the user from the bastion project $project = new OpenStackNovaProject($wgOpenStackManagerBastionProjectName); if (in_array($username, $project->getMembers())) { $project->deleteMember($username); } } return true; }