public static function removeUserFromBastionProject($user, &$group)
{
global $wgOpenStackManagerRemoveUserFromBastionProjectOnShellDisable;
global $wgOpenStackManagerRemoveUserFromAllProjectsOnShellDisable;
global $wgOpenStackManagerBastionProjectName;
// Check whether after removing the group the user would still
// have the loginviashell permission.
foreach ($user->getEffectiveGroups() as $g) {
// Ignore the group that will be removed.
if ($g === $group) {
continue;
}
// If the user still has the loginviashell permission, we
// can immediately return.
if (User::groupHasPermission($g, 'loginviashell')) {
return true;
}
}
// At this point we know that the user will not have the
// loginviashell permission after the group is removed so we
// can remove him from the bastion projects if the
// configuration requires that.
$username = $user->getName();
if ($wgOpenStackManagerRemoveUserFromAllProjectsOnShellDisable) {
// Get a users projects
$userLDAP = new OpenStackNovaUser($username);
foreach ($userLDAP->getProjects() as $projectName) {
// Remove the user from the project
$project = new OpenStackNovaProject($projectName);
$project->deleteMember($username);
}
} elseif ($wgOpenStackManagerRemoveUserFromBastionProjectOnShellDisable) {
// Remove the user from the bastion project
$project = new OpenStackNovaProject($wgOpenStackManagerBastionProjectName);
if (in_array($username, $project->getMembers())) {
$project->deleteMember($username);
}
}
return true;
}
