/**
* @Given /^groups memberships:$/
*/
public function groupsMemberships(TableNode $table)
{
$memberships = $table->getHash();
foreach ($memberships as $membership) {
// Find group node.
$group_node = $membership['group'];
foreach ($this->nodes as $node) {
if ($node->type == 'group' && $node->title == $group_node) {
$group_node = $node;
}
}
// Subscribe nodes and users to group.
if (isset($membership['members'])) {
$members = explode(",", $membership['members']);
foreach ($this->users as $user) {
if (in_array($user->name, $members)) {
og_group('node', $group_node->nid, array('entity' => $user, 'entity_type' => 'user', "membership type" => OG_MEMBERSHIP_TYPE_DEFAULT));
// Patch till i figure out why rules are not firing.
if ($user->name == 'editor') {
og_role_grant('node', $group_node->nid, $user->uid, 4);
}
}
}
}
if (isset($membership['nodes'])) {
$content = explode(",", $membership['nodes']);
foreach ($this->nodes as $node) {
if ($node->type != 'group' && in_array($node->title, $content)) {
og_group('node', $group_node->nid, array('entity' => $node, 'entity_type' => 'node', 'state' => OG_STATE_ACTIVE));
}
}
}
}
}
/**
* add user to group and grant a role.
*
* extends grantSingleAuthorization()
*
* @param drupal user objet $user
* @param string $authorization_id in form organic group gid-rid such as 7-2
* @param array $user_auth_data is array specific to this consumer_type. Stored in $user->data['ldap_authorizations']['og_group']
*
* @return TRUE if granted or grant exists, FALSE if not grantable or failed.
*/
public function grantSingleAuthorization(&$user, $authorization_id, &$user_auth_data)
{
$result = FALSE;
$watchdog_tokens = array('%authorization_id' => $authorization_id, '%username' => $user->name, '%ogversion' => $this->ogVersion);
if ($this->detailedWatchdogLog) {
watchdog('ldap_auth_og', 'LdapAuthorizationConsumerOG.grantSingleAuthorization()
beginning to grant authorization for $group_name=%group_name to user %username', $watchdog_tokens, WATCHDOG_DEBUG);
}
if ($this->ogVersion == 1) {
list($gid, $rid) = @explode('-', $authorization_id);
} else {
list($group_type, $gid, $rid) = @explode(':', $authorization_id);
$watchdog_tokens['%group_type'] = $group_type;
}
$watchdog_tokens['%gid'] = $gid;
$watchdog_tokens['%rid'] = $rid;
$watchdog_tokens['%uid'] = $user->uid;
$available_consumer_ids = $this->availableConsumerIDs(TRUE);
// CASE 1: Bad Parameters
if (!$authorization_id || !$gid || !$rid || !is_object($user) || $this->ogVersion == 2 && !$group_type) {
watchdog('ldap_auth_og', 'LdapAuthorizationConsumerOG.grantSingleAuthorization()
improper parameters.', $watchdog_tokens, WATCHDOG_ERROR);
return FALSE;
}
// CASE 2: gid-rid does not exist
if (!in_array($authorization_id, $available_consumer_ids)) {
$result = FALSE;
watchdog('ldap_authorization_og', 'LdapAuthorizationConsumerOG.grantSingleAuthorization()
failed to grant %username the group-role %authorization_id because group-role does not exist', $watchdog_tokens, WATCHDOG_ERROR);
return FALSE;
}
$ldap_granted = $this->hasLdapGrantedAuthorization($user, $authorization_id);
$granted = $this->hasAuthorization($user, $authorization_id);
// CASE 3: user already granted permissions via ldap grant
if ($ldap_granted && $granted) {
watchdog('ldap_auth_og', 'LdapAuthorizationConsumerOG.grantSingleAuthorization()
<hr />not granted: gid=%gid, for username=%username,
<br />because user already belongs to group', $watchdog_tokens, WATCHDOG_DEBUG);
return TRUE;
}
// CASE 4: user already granted permissions, but NOT via ldap grant
if ($granted && !$ldap_granted) {
// need to make ldap granted
watchdog('ldap_authorization_og', 'LdapAuthorizationConsumerOG.grantSingleAuthorization()
<hr />membership already exists for: gid=%gid, rid=%rid, for username=%username,
<br />but made ldap granted.', $watchdog_tokens, WATCHDOG_DEBUG);
return TRUE;
// return true so is made ldap granted, even though membership is not created.
}
// CASE 5: grant role
if ($this->detailedWatchdogLog) {
watchdog('ldap_auth_og', 'LdapAuthorizationConsumerOG.grantSingleAuthorization()
calling og_role_grant(%group_type, %gid, %uid, %rid).
og version=%ogversion', $watchdog_tokens, WATCHDOG_DEBUG);
}
if ($this->ogVersion == 2) {
$values = array('entity_type' => 'user', 'entity' => $user->uid, 'field_name' => FALSE, 'state' => OG_STATE_ACTIVE);
$og_membership = og_group($group_type, $gid, $values);
og_role_grant($group_type, $gid, $user->uid, $rid);
} else {
$values = array('entity type' => 'user', 'entity' => $user, 'state' => OG_STATE_ACTIVE, 'membership type' => OG_MEMBERSHIP_TYPE_DEFAULT);
watchdog('ldap_auth_og', 'og_group1', $watchdog_tokens, WATCHDOG_DEBUG);
$user_entity = og_group($gid, $values);
watchdog('ldap_auth_og', 'og_role_grant1', $watchdog_tokens, WATCHDOG_DEBUG);
og_role_grant($gid, $user->uid, $rid);
}
if ($this->detailedWatchdogLog) {
watchdog('ldap_auth_og', 'LdapAuthorizationConsumerOG.grantSingleAuthorization()
<hr />granted: group_type=%group_type gid=%gid, rid=%rid for username=%username', $watchdog_tokens, WATCHDOG_DEBUG);
}
return TRUE;
}
/**
* Creates multiple group memberships.
*
* Provide group membership data in the following format:
*
* | user | group | role on group | membership status |
* | Foo | The Group | administrator member | Active |
*
* @Given group memberships:
*/
public function addGroupMemberships(TableNode $groupMembershipsTable)
{
foreach ($groupMembershipsTable->getHash() as $groupMembershipHash) {
if (isset($groupMembershipHash['group']) && isset($groupMembershipHash['user'])) {
$group = $this->getGroupByName($groupMembershipHash['group']);
$user = user_load_by_name($groupMembershipHash['user']);
// Add user to group with the proper group permissions and status
if ($group && $user) {
// Add the user to the group
og_group("node", $group->nid, array("entity type" => "user", "entity" => $user, "membership type" => OG_MEMBERSHIP_TYPE_DEFAULT, "state" => $this->getMembershipStatusByName($groupMembershipHash['membership status'])));
// Grant user roles
$group_role = $this->getGroupRoleByName($groupMembershipHash['role on group']);
og_role_grant("node", $group->nid, $user->uid, $group_role);
} else {
if (!$group) {
throw new Exception(sprintf("No group was found with name %s.", $groupMembershipHash['group']));
}
if (!$user) {
throw new Exception(sprintf("No user was found with name %s.", $groupMembershipHash['user']));
}
}
} else {
throw new Exception(sprintf("The group and user information is required."));
}
}
}
public function og2Grants($og_actions, &$user, &$user_auth_data)
{
foreach ($og_actions['grants'] as $group_entity_type => $gids) {
foreach ($gids as $gid => $granting_rids) {
// all rids ldap believes user should be granted and attributed to ldap
$all_group_roles = og_roles($group_entity_type, FALSE, $gid, FALSE, TRUE);
// all roles rid => role_name array w/ authen or anon roles
$authenticated_rid = array_search(OG_AUTHENTICATED_ROLE, $all_group_roles);
$anonymous_rid = array_search(OG_ANONYMOUS_ROLE, $all_group_roles);
$all_group_rids = array_keys($all_group_roles);
// all rids array w/ authen or anon rids
$users_group_rids = array_keys(og_get_user_roles($group_entity_type, $gid, $user->uid, TRUE));
// users current rids w/authen or anon roles returned
$users_group_rids = array_diff($users_group_rids, array($anonymous_rid));
$new_rids = array_diff($granting_rids, $users_group_rids, array($anonymous_rid));
// rids to be added without anonymous rid
// debug("new rids"); debug($new_rids);debug("granting_rids"); debug($granting_rids);debug("users_group_rids"); debug($users_group_rids);
// if adding OG_AUTHENTICATED_ROLE or any other role and does not currently have OG_AUTHENTICATED_ROLE, group
if (!in_array($authenticated_rid, $users_group_rids) && count($new_rids) > 0) {
$values = array('entity_type' => 'user', 'entity' => $user->uid, 'field_name' => FALSE, 'state' => OG_STATE_ACTIVE);
$og_membership = og_group($group_entity_type, $gid, $values);
// debug("consumer_id=$consumer_id, og group called( $group_entity_type, $gid, values:"); debug($values); debug("response og_membership"); debug($og_membership);
$consumer_id = join(':', array($group_entity_type, $gid, $authenticated_rid));
$user_auth_data[$consumer_id] = array('date_granted' => time(), 'consumer_id_mixed_case' => $consumer_id);
$new_rids = array_diff($new_rids, array($authenticated_rid));
// granted on membership creation
}
foreach ($new_rids as $i => $rid) {
// debug("role grant $group_entity_type $gid $user->uid $rid");
og_role_grant($group_entity_type, $gid, $user->uid, $rid);
}
foreach ($granting_rids as $i => $rid) {
// attribute to ldap regardless of if is being granted.
$consumer_id = join(':', array($group_entity_type, $gid, $rid));
$user_auth_data[$consumer_id] = array('date_granted' => time(), 'consumer_id_mixed_case' => $consumer_id);
}
}
}
}
/**
* @param $user
* @param $course_title
* @throws \Exception
*/
private function makeInstructorOfCourse($user, $course_title)
{
// For now, instructors are all admins of the group
$group_role = 'administrator member';
$group = $this->findNodeByTitle('course', $course_title);
$roles = og_roles('node', $group->type, $group->nid);
$rid = array_search($group_role, $roles);
if (!$rid) {
throw new \Exception(sprintf("'%s' is not a valid group role.", $group_role));
}
og_role_grant('node', $group->nid, $user->uid, $rid);
}
/**
* Grants the given role to the current user, for the given group.
*
* @Given /^I am a "([^"]*)" of the group "([^"]*)"$/
*/
public function iAmAMemberOfTheGroup($role, $group_name)
{
// Get group
$group = $this->getGroupByName($group_name);
$role = $this->getGroupRoleByName($role);
$account = $this->dkanContext->getCurrentUser();
if (isset($account)) {
og_group('node', $group->getIdentifier(), array("entity type" => "user", "entity" => $account, "membership type" => OG_MEMBERSHIP_TYPE_DEFAULT));
og_role_grant('node', $group->getIdentifier(), $account->uid, $role);
} else {
throw new \InvalidArgumentException(sprintf('Could not find current user'));
}
}
/**
* grant single authorization
*
* @see ldapAuthorizationConsumerAbstract::grantSingleAuthorization()
*
*/
public function grantSingleAuthorization(&$user, $consumer_id, $consumer, &$user_auth_data, $reset = FALSE)
{
$watchdog_tokens = array('%consumer_id' => $consumer_id, '%username' => $user->name, '%ogversion' => $this->ogVersion, '%function' => 'LdapAuthorizationConsumerOG.grantSingleAuthorization()');
if ($this->hasAuthorization($user, $consumer_id)) {
og_invalidate_cache();
// if trying to grant, but things already granted, flush cache
if ($this->hasAuthorization($user, $consumer_id)) {
return TRUE;
}
}
if (empty($consumer['exists'])) {
if ($this->detailedWatchdogLog) {
watchdog('ldap_auth_og', '%function consumer_id %consumer_id does not exist', $watchdog_tokens, WATCHDOG_DEBUG);
}
return FALSE;
}
if ($this->ogVersion == 1) {
list($gid, $rid) = @explode('-', $consumer_id);
} else {
list($group_entity_type, $gid, $rid) = @explode(':', $consumer_id);
$watchdog_tokens['%entity_type'] = $group_entity_type;
}
$watchdog_tokens['%gid'] = $gid;
$watchdog_tokens['%rid'] = $rid;
$watchdog_tokens['%uid'] = $user->uid;
$watchdog_tokens['%entity_type'] = $group_entity_type;
// CASE: grant role
if ($this->detailedWatchdogLog) {
watchdog('ldap_auth_og', '%function calling og_role_grant(%entity_type, %gid, %uid, %rid). og version=%ogversion', $watchdog_tokens, WATCHDOG_DEBUG);
}
if ($this->ogVersion == 1) {
$values = array('entity type' => 'user', 'entity' => $user, 'state' => OG_STATE_ACTIVE, 'membership type' => OG_MEMBERSHIP_TYPE_DEFAULT);
$user_entity = og_group($gid, $values);
og_role_grant($gid, $user->uid, $rid);
if ($reset) {
og_invalidate_cache();
}
} else {
$values = array('entity_type' => 'user', 'entity' => $user->uid, 'field_name' => FALSE, 'state' => OG_STATE_ACTIVE);
$og_membership = og_group($group_entity_type, $gid, $values);
og_role_grant($group_entity_type, $gid, $user->uid, $rid);
if ($reset) {
og_invalidate_cache(array($gid));
}
}
if ($this->detailedWatchdogLog) {
watchdog('ldap_auth_og', '%function <hr />granted: entity_type=%entity_type gid=%gid, rid=%rid for username=%username', $watchdog_tokens, WATCHDOG_DEBUG);
}
return TRUE;
}
/**
* Adds a member to an organic group with the specified role.
*
* @param object $account
* The user to be added in group.
* @param string $group_role
* The machine name of the group role.
* @param object $group
* The group node.
* @param string $group_type
* (optional) The group's entity type.
*
* @throws \Exception
* Print out descriptive error message by throwing an exception.
*/
protected function addMembertoGroup($account, $group_role, $group, $group_type = 'node')
{
list($gid, , ) = entity_extract_ids($group_type, $group);
$membership = og_group($group_type, $gid, array('entity type' => 'user', 'entity' => $account));
if (!$membership) {
throw new \Exception("The Organic Group membership could not be created.");
}
// Add role for membership.
$roles = og_roles($group_type, $group->type, $gid);
$rid = array_search($group_role, $roles);
if (!$rid) {
throw new \Exception("'{$group_role}' is not a valid group role.");
}
og_role_grant($group_type, $gid, $account->uid, $rid);
}
