Exemplo n.º 1
0
 /**
  * Wrapper for og_membership deletion
  *
  * @param integer $ogID Organic Group ID
  * @param integer $drupalID drupal User ID
  */
 function og_membership_delete($ogID, $drupalID)
 {
     if (function_exists('og_entity_query_alter')) {
         // sort-of-randomly chose a function that only exists in the 7.x-2.x branch
         // TODO: Find a more solid way to make this test
         // Also, since we don't know how to get the entity type of the group, we'll assume it's 'node'
         og_ungroup('node', $ogID, 'user', user_load($drupalID));
     } else {
         // Works for the OG 7.x-1.x branch
         og_ungroup($ogID, 'user', user_load($drupalID));
     }
 }
 /**
  * revoke an authorization
  *
  * extends revokeSingleAuthorization()
  *
  * @param drupal user object $user
  * @param string $authorization_id (aka consumer id) in form organic group gid-rid such as 7-2
  * @param array $user_auth_data is array specific to this consumer_type.  Stored in $user->data['ldap_authorizations']['og_group']
  *
  * @return TRUE if revoked or user doesn't have role FALSE if not revoked or failed.
  *
  * this function does not save the user object or alter $user_auth_data.
  * this is handled in the abstract class.
  */
 public function revokeSingleAuthorization(&$user, $authorization_id, &$user_auth_data)
 {
     if ($this->ogVersion == 1) {
         list($gid, $rid) = @explode('-', $authorization_id);
     } else {
         list($group_type, $gid, $rid) = @explode(':', $authorization_id);
     }
     // CASE 1: Bad Parameters
     if (!$authorization_id || !$gid || !$rid || !is_object($user) || $this->ogVersion == 2 && !$group_type) {
         watchdog('ldap_authorization_og', 'LdapAuthorizationConsumerOG.grantSingleAuthorization()
             improper parameters.', array(), WATCHDOG_ERROR);
         return FALSE;
     }
     $ldap_granted = $this->hasLdapGrantedAuthorization($user, $authorization_id);
     $granted = $this->hasAuthorization($user, $authorization_id);
     if ($this->ogVersion == 1) {
         // og 7.x-1.x
         $users_group_roles = og_get_user_roles($gid, $user->uid);
     } else {
         // og 7.x-2.x
         $users_group_roles = og_get_user_roles($group_type, $gid, $user->uid);
     }
     // CASE 2: user doesnt have grant to revoke
     if (!$granted || $granted && !$ldap_granted) {
         return TRUE;
         // don't do anything.  don't log since non-event
     }
     // CASE 3: revoke
     if (count($users_group_roles) == 1) {
         // ungroup if only single role left
         if ($this->ogVersion == 1) {
             // og 7.x-1.x
             $entity = og_ungroup($gid, 'user', $user->uid, TRUE);
         } else {
             // og 7.x-2.x
             $entity = og_ungroup($group_type, $gid, 'user', $user->uid);
         }
         $result = (bool) $entity;
         $watchdog_tokens['%action'] = 'og_ungroup';
     } else {
         // if more than one role left, just revoke single role.
         if ($this->ogVersion == 1) {
             // og 7.x-1.x
             og_role_revoke($gid, $user->uid, $rid);
         } else {
             // og 7.x-2.x
             og_role_revoke($group_type, $gid, $user->uid, $rid);
         }
         $watchdog_tokens['%action'] = 'og_role_revoke';
         return TRUE;
     }
     if ($this->detailedWatchdogLog) {
         watchdog('ldap_authorization_og', 'LdapAuthorizationConsumerOG.revokeSingleAuthorization()
     revoked:  gid=%gid, rid=%rid, action=%action for username=%username', $watchdog_tokens, WATCHDOG_DEBUG);
     }
     return $result;
 }
Exemplo n.º 3
0
 /**
  * Remove/add the courses for s given values.
  *
  * @param $group
  *   Determine if we need to group or un group the courses.
  */
 public static function __RemoveCourses($group = TRUE)
 {
     $fields = array('field_faculty', 'field_department_id');
     $search_values = array('field_faculty' => "Harvard Graduate School of Design", 'field_department_id' => 'Architecture');
     // Un-grouping removed courses from the group.
     $courses = harvard_courses_related_nodes($fields, $search_values);
     if (!empty($courses)) {
         foreach ($courses as $course_id) {
             if ($group) {
                 og_group('node', 2, array('entity_type' => 'node', 'entity' => $course_id));
             } else {
                 og_ungroup('node', 2, 'node', $course_id);
             }
         }
     }
 }
 public function og2Revokes($og_actions, &$user, &$user_auth_data)
 {
     foreach ($og_actions['revokes'] as $group_entity_type => $gids) {
         foreach ($gids as $gid => $revoking_rids) {
             // $revoking_rids are all rids to be removed.  may include authen rids
             $all_group_roles = og_roles($group_entity_type, FALSE, $gid, FALSE, TRUE);
             // all roles rid => role_name array w/ authen or anon roles
             $all_group_rids = array_keys($all_group_roles);
             // all rids array w/ authen or anon rids
             $users_group_rids = array_keys(og_get_user_roles($group_entity_type, $gid, $user->uid, TRUE));
             // users current rids w/authen or anon roles returned
             $remaining_rids = array_diff($users_group_rids, $revoking_rids);
             // rids to be left at end of revoke process
             $authenticated_rid = array_search(OG_AUTHENTICATED_ROLE, $all_group_roles);
             // remove autenticated and anon rids here
             foreach ($revoking_rids as $i => $rid) {
                 // revoke if user has role
                 if (in_array($rid, $users_group_rids)) {
                     og_role_revoke($group_entity_type, $gid, $user->uid, $rid);
                 }
                 // unattribute to ldap even if user does not currently have role
                 unset($user_auth_data[ldap_authorization_og_authorization_id($gid, $rid, $group_entity_type)]);
             }
             // define('OG_ANONYMOUS_ROLE', 'non-member'); define('OG_AUTHENTICATED_ROLE', 'member');
             if (in_array($authenticated_rid, $revoking_rids) || count($remaining_rids) == 0) {
                 // ungroup if only authenticated and anonymous role left
                 $entity = og_ungroup($group_entity_type, $gid, 'user', $user->uid);
                 $result = (bool) $entity;
             }
         }
     }
 }
 /**
  * revoke an authorization
  *
  * @see ldapAuthorizationConsumerAbstract::revokeSingleAuthorization()
  *
  */
 public function revokeSingleAuthorization(&$user, $consumer_id, $consumer, &$user_auth_data, $reset = FALSE)
 {
     if (!$this->hasAuthorization($user, $consumer_id)) {
         og_invalidate_cache();
         // if trying to revoke, but thinks not granted, flush cache
         if (!$this->hasAuthorization($user, $consumer_id)) {
             return TRUE;
         }
     }
     $watchdog_tokens = array('%consumer_id' => $consumer_id, '%username' => $user->name, '%ogversion' => $this->ogVersion, '%function' => 'LdapAuthorizationConsumerOG.revokeSingleAuthorization()');
     if ($this->ogVersion == 1) {
         list($gid, $rid) = @explode('-', $consumer_id);
     } else {
         list($group_entity_type, $gid, $rid) = @explode(':', $consumer_id);
     }
     // make sure group exists, since og doesn't do much error catching.
     if (!empty($consumer['value'])) {
         $og_group = $consumer['value'];
     } else {
         $og_group = @entity_load_single($group_entity_type, $gid);
         if (!$og_group) {
             return FALSE;
             // group cannot be found
         }
     }
     if ($this->ogVersion == 1) {
         // og 7.x-1.x
         $users_group_roles = og_get_user_roles($gid, $user->uid);
     } else {
         // og 7.x-2.x
         $users_group_roles = og_get_user_roles($group_entity_type, $gid, $user->uid);
     }
     // CASE: revoke
     if (count($users_group_roles) == 1) {
         // ungroup if only single role left
         if ($this->ogVersion == 1) {
             // og 7.x-1.x
             $entity = og_ungroup($gid, 'user', $user->uid, TRUE);
             if ($reset) {
                 og_invalidate_cache();
             }
         } else {
             // og 7.x-2.x
             $entity = og_ungroup($group_entity_type, $gid, 'user', $user->uid);
             if ($reset) {
                 og_invalidate_cache(array($gid));
             }
         }
         $result = (bool) $entity;
         $watchdog_tokens['%action'] = 'og_ungroup';
     } else {
         // if more than one role left, just revoke single role.
         if ($this->ogVersion == 1) {
             // og 7.x-1.x
             og_role_revoke($gid, $user->uid, $rid);
             if ($reset) {
                 og_invalidate_cache();
             }
         } else {
             // og 7.x-2.x
             og_role_revoke($group_entity_type, $gid, $user->uid, $rid);
             if ($reset) {
                 og_invalidate_cache(array($gid));
             }
         }
         $watchdog_tokens['%action'] = 'og_role_revoke';
         $result = TRUE;
     }
     $watchdog_tokens['%result'] = '$result';
     if ($this->detailedWatchdogLog) {
         watchdog('ldap_authorization_og', '%function revoked: result=%result, gid=%gid, rid=%rid, action=%action for username=%username', $watchdog_tokens, WATCHDOG_DEBUG);
     }
     return $result;
 }