/**
* Wrapper for og_membership deletion
*
* @param integer $ogID Organic Group ID
* @param integer $drupalID drupal User ID
*/
function og_membership_delete($ogID, $drupalID)
{
if (function_exists('og_entity_query_alter')) {
// sort-of-randomly chose a function that only exists in the 7.x-2.x branch
// TODO: Find a more solid way to make this test
// Also, since we don't know how to get the entity type of the group, we'll assume it's 'node'
og_ungroup('node', $ogID, 'user', user_load($drupalID));
} else {
// Works for the OG 7.x-1.x branch
og_ungroup($ogID, 'user', user_load($drupalID));
}
}
/**
* revoke an authorization
*
* extends revokeSingleAuthorization()
*
* @param drupal user object $user
* @param string $authorization_id (aka consumer id) in form organic group gid-rid such as 7-2
* @param array $user_auth_data is array specific to this consumer_type. Stored in $user->data['ldap_authorizations']['og_group']
*
* @return TRUE if revoked or user doesn't have role FALSE if not revoked or failed.
*
* this function does not save the user object or alter $user_auth_data.
* this is handled in the abstract class.
*/
public function revokeSingleAuthorization(&$user, $authorization_id, &$user_auth_data)
{
if ($this->ogVersion == 1) {
list($gid, $rid) = @explode('-', $authorization_id);
} else {
list($group_type, $gid, $rid) = @explode(':', $authorization_id);
}
// CASE 1: Bad Parameters
if (!$authorization_id || !$gid || !$rid || !is_object($user) || $this->ogVersion == 2 && !$group_type) {
watchdog('ldap_authorization_og', 'LdapAuthorizationConsumerOG.grantSingleAuthorization()
improper parameters.', array(), WATCHDOG_ERROR);
return FALSE;
}
$ldap_granted = $this->hasLdapGrantedAuthorization($user, $authorization_id);
$granted = $this->hasAuthorization($user, $authorization_id);
if ($this->ogVersion == 1) {
// og 7.x-1.x
$users_group_roles = og_get_user_roles($gid, $user->uid);
} else {
// og 7.x-2.x
$users_group_roles = og_get_user_roles($group_type, $gid, $user->uid);
}
// CASE 2: user doesnt have grant to revoke
if (!$granted || $granted && !$ldap_granted) {
return TRUE;
// don't do anything. don't log since non-event
}
// CASE 3: revoke
if (count($users_group_roles) == 1) {
// ungroup if only single role left
if ($this->ogVersion == 1) {
// og 7.x-1.x
$entity = og_ungroup($gid, 'user', $user->uid, TRUE);
} else {
// og 7.x-2.x
$entity = og_ungroup($group_type, $gid, 'user', $user->uid);
}
$result = (bool) $entity;
$watchdog_tokens['%action'] = 'og_ungroup';
} else {
// if more than one role left, just revoke single role.
if ($this->ogVersion == 1) {
// og 7.x-1.x
og_role_revoke($gid, $user->uid, $rid);
} else {
// og 7.x-2.x
og_role_revoke($group_type, $gid, $user->uid, $rid);
}
$watchdog_tokens['%action'] = 'og_role_revoke';
return TRUE;
}
if ($this->detailedWatchdogLog) {
watchdog('ldap_authorization_og', 'LdapAuthorizationConsumerOG.revokeSingleAuthorization()
revoked: gid=%gid, rid=%rid, action=%action for username=%username', $watchdog_tokens, WATCHDOG_DEBUG);
}
return $result;
}
/**
* Remove/add the courses for s given values.
*
* @param $group
* Determine if we need to group or un group the courses.
*/
public static function __RemoveCourses($group = TRUE)
{
$fields = array('field_faculty', 'field_department_id');
$search_values = array('field_faculty' => "Harvard Graduate School of Design", 'field_department_id' => 'Architecture');
// Un-grouping removed courses from the group.
$courses = harvard_courses_related_nodes($fields, $search_values);
if (!empty($courses)) {
foreach ($courses as $course_id) {
if ($group) {
og_group('node', 2, array('entity_type' => 'node', 'entity' => $course_id));
} else {
og_ungroup('node', 2, 'node', $course_id);
}
}
}
}
public function og2Revokes($og_actions, &$user, &$user_auth_data)
{
foreach ($og_actions['revokes'] as $group_entity_type => $gids) {
foreach ($gids as $gid => $revoking_rids) {
// $revoking_rids are all rids to be removed. may include authen rids
$all_group_roles = og_roles($group_entity_type, FALSE, $gid, FALSE, TRUE);
// all roles rid => role_name array w/ authen or anon roles
$all_group_rids = array_keys($all_group_roles);
// all rids array w/ authen or anon rids
$users_group_rids = array_keys(og_get_user_roles($group_entity_type, $gid, $user->uid, TRUE));
// users current rids w/authen or anon roles returned
$remaining_rids = array_diff($users_group_rids, $revoking_rids);
// rids to be left at end of revoke process
$authenticated_rid = array_search(OG_AUTHENTICATED_ROLE, $all_group_roles);
// remove autenticated and anon rids here
foreach ($revoking_rids as $i => $rid) {
// revoke if user has role
if (in_array($rid, $users_group_rids)) {
og_role_revoke($group_entity_type, $gid, $user->uid, $rid);
}
// unattribute to ldap even if user does not currently have role
unset($user_auth_data[ldap_authorization_og_authorization_id($gid, $rid, $group_entity_type)]);
}
// define('OG_ANONYMOUS_ROLE', 'non-member'); define('OG_AUTHENTICATED_ROLE', 'member');
if (in_array($authenticated_rid, $revoking_rids) || count($remaining_rids) == 0) {
// ungroup if only authenticated and anonymous role left
$entity = og_ungroup($group_entity_type, $gid, 'user', $user->uid);
$result = (bool) $entity;
}
}
}
}
/**
* revoke an authorization
*
* @see ldapAuthorizationConsumerAbstract::revokeSingleAuthorization()
*
*/
public function revokeSingleAuthorization(&$user, $consumer_id, $consumer, &$user_auth_data, $reset = FALSE)
{
if (!$this->hasAuthorization($user, $consumer_id)) {
og_invalidate_cache();
// if trying to revoke, but thinks not granted, flush cache
if (!$this->hasAuthorization($user, $consumer_id)) {
return TRUE;
}
}
$watchdog_tokens = array('%consumer_id' => $consumer_id, '%username' => $user->name, '%ogversion' => $this->ogVersion, '%function' => 'LdapAuthorizationConsumerOG.revokeSingleAuthorization()');
if ($this->ogVersion == 1) {
list($gid, $rid) = @explode('-', $consumer_id);
} else {
list($group_entity_type, $gid, $rid) = @explode(':', $consumer_id);
}
// make sure group exists, since og doesn't do much error catching.
if (!empty($consumer['value'])) {
$og_group = $consumer['value'];
} else {
$og_group = @entity_load_single($group_entity_type, $gid);
if (!$og_group) {
return FALSE;
// group cannot be found
}
}
if ($this->ogVersion == 1) {
// og 7.x-1.x
$users_group_roles = og_get_user_roles($gid, $user->uid);
} else {
// og 7.x-2.x
$users_group_roles = og_get_user_roles($group_entity_type, $gid, $user->uid);
}
// CASE: revoke
if (count($users_group_roles) == 1) {
// ungroup if only single role left
if ($this->ogVersion == 1) {
// og 7.x-1.x
$entity = og_ungroup($gid, 'user', $user->uid, TRUE);
if ($reset) {
og_invalidate_cache();
}
} else {
// og 7.x-2.x
$entity = og_ungroup($group_entity_type, $gid, 'user', $user->uid);
if ($reset) {
og_invalidate_cache(array($gid));
}
}
$result = (bool) $entity;
$watchdog_tokens['%action'] = 'og_ungroup';
} else {
// if more than one role left, just revoke single role.
if ($this->ogVersion == 1) {
// og 7.x-1.x
og_role_revoke($gid, $user->uid, $rid);
if ($reset) {
og_invalidate_cache();
}
} else {
// og 7.x-2.x
og_role_revoke($group_entity_type, $gid, $user->uid, $rid);
if ($reset) {
og_invalidate_cache(array($gid));
}
}
$watchdog_tokens['%action'] = 'og_role_revoke';
$result = TRUE;
}
$watchdog_tokens['%result'] = '$result';
if ($this->detailedWatchdogLog) {
watchdog('ldap_authorization_og', '%function revoked: result=%result, gid=%gid, rid=%rid, action=%action for username=%username', $watchdog_tokens, WATCHDOG_DEBUG);
}
return $result;
}
