/** * Manage user groups synchronization. * Note that group should be update or created, but never deleted. By the * way, user should be associate with or deassociated from a group. Note that * if one group is not correctly created or updated, then this function will * return false. * @param $user_id The user unique identifier. * @param $domain_id The domain identifier. * @param $groups Groups of user. * @return boolean True is the user groups are correctly created or updated. */ protected function syncUserGroups ($user_id, $domain_id, $groups) { if (!$this->isEnabled()) { return false; } if (!$this->_forceGroupUpdate && sizeof($groups)) { return true; } // // Update or create groups in OBM. The primary default group have not to be // managed by this library. // $sync_succeed = true; $groups_ldap = $groups; foreach ($groups_ldap as $group_name => $group_data) { $group_id = $this->_engine->isGroupExists($group_name, $domain_id); if ($group_id !== false) { $group_id = $this->_engine->updateGroup( $group_name, $group_id, $group_data, $user_id, $domain_id); } else { $group_id = $this->_engine->addGroup( $group_name, $group_data, $user_id, $domain_id); } if ($group_id !== false) { $groups_ldap[$group_name]['group_id'] = $group_id; } else { $sync_succeed = false; } } // // Calculate the intersection between groups in database and groups // in HTTP headers. For all groups that are in HTTP headers but not // in database, the user will be associated. For all groups that are // in database but not in HTTP headers, the user will be disassociated. // If we have only one error during groups synchronization in OBM, // we do not update user information in groups. // $groups_db = $this->_engine->getGroups($user_id, $domain_id); foreach ($groups_ldap as $group_name => $group_data) { if (array_key_exists($group_name, $groups_db)) { continue; } $group_id = $this->_engine->isGroupExists($group_name, $domain_id); if ($group_id === false) { continue; } if (!$this->_engine->addUserInGroup($user_id, $group_id, $domain_id)) { $this->_logger->warn("Fail to add user in group $group_name"); $sync_succeed = false; } } // // Now, remove each DB group which not have a corresponding LDAP group. // This will be applied if and only if the option is set by configuration. // if ($sync_succeed && $this->_forceGroupUpdate) { foreach ($groups_db as $group_name => $group_id) { if ($group_name == DEFAULT_USEROBM_GROUPNAME) { continue; } if (!array_key_exists($group_name, $groups_ldap)) { $this->_engine->removeUserFromGroup($user_id, $group_id, $domain_id); } } } return $sync_succeed; }