LDAP Authorization Organic Groups: OG 7.x-2.x Support

I made a first run through of this. The code has not been tested at all and likely throws at least syntax errors. Here is a summary and patch is attached:

- og version (1 or 2) is set by reflection in LdapAuthorizationConsumerOg.class.php

$reflector = new ReflectionFunction('og_role_grant');
$ogVersion = ($reflector->getNumberOfRequiredParameters() == 3) ? 1 : 2;

- assumption is made that group id (gid) is unique across entity types and bundles. I'm not 100% sure if this is the case yet, but the db schema indicates it. The function ldap_authorization_og_gid_to_group_type($gid) in ldap_authorization_og is used for conversion.

-- assumption is made that gid is retrievable from database without invoking any hooks (see ldap_authorization_og_gid_to_group_type() function). I need to confirm that there are not any hooks that might alter gid to group type or provide them.

-- to see the code changes in the 7.x-1.x-dev a grep for "ogVersion" should show you all of then. Attached is a the patch, which I have not committed.

- design questions:
-- should the authorization id simply be in the form for og 1.x (group id-role id) or would it be more usable to be (group type-group id-role id). I think the latter would be more intuitive and in line with the yet-to-be written og 2.x documentation.

Next Steps:

• - get the code functioning
• - make sure unit tests still work with og 1.x
• - commit to 7.x-1.x
• - rework unit tests to work with og 2.x
• - functional testing
• - push to 7.x-2.x

I was quite a bit off on this. The uninstall hadn't removed the 'og' table and I assumed it was in og 2.x schema and it threw me off.

The identifiers are:

• group id (gid) is not unique, but gid x group type is. which is entity_type x etid. such as node:17
• membership identifier is: group_type:gid:entity_type:etid such as node:17:user:2 or the join of 2 entities.
• role identifier is: rid; but rids are different across different "group bundles"

so an ldap authorization has to map to group type x gid x rid such as node:17:3

I'm not sure how to make this work with "friendly" mapping names like in ldap au og for og 1.x. So I'll have the UI just list examples and admins can just cut and paste staff|node:17:3 in the filter dialog. We can work something fancy out later. Attached is a screenshot.

The changes for og 7.x-2.x don't break the tests for ldap authorization og 7.x.-1.x and og 7.x-1.x. I still have to rewrite some of the calls and remove the code the relies on gid as a unique identifier. Shouldn't be more than a day or 2 from now.

Made some progress on this. Everything seems to work except user gets the white screen of death on logon. On the second logon, all og memberships are correctly assigned. Since ldap_authorization_og didn't seem to work for either og 7.x-1.x or 7.x-2.x, I pushed these out to 7.x-1.x-dev. A step through of it is at: http://screencast.com/t/ZvXheELBM

Will debug the fatal error later. Looks like infinite recursion in the entityreference module related to a field being attached. Kinda fuzzy in the logs.

Most of the changes in ldap_authorization_og are just to get it working with og 7.x-2.x. The only change that will affect og 7.x-1.x users is in ldapAuthrorizationConsumerOG.class.php, which may get it to work, but I haven't tested it.

		if ($this->ogVersion == 2) {
			$values = array(
				'entity_type' => 'user',
				'entity' => $user->uid,
				'field_name' => FALSE,
				'state' => OG_STATE_ACTIVE,
			);
			$og_membership = og_group($group_type, $gid, $values);
			og_role_grant($group_type, $gid, $user->uid, $rid);
		}
		else {
			$values = array(
				'entity type' => 'user',
				'entity' => $user,
				'state' => OG_STATE_ACTIVE,
				'membership type' => OG_MEMBERSHIP_TYPE_DEFAULT,
			);
			$user_entity = og_group($gid, $values);
			og_role_grant($gid, $user->uid, $rid);
		}

I found, fixed, and committed the but related to the wsod and non functionality of granting.

Both LDAP Authorization OG 7.x-1.x AND LDAP Authorization Roles were broken when OG 7.x-2.x-dev is installed. Even if LDAP Authorization OG wasn't enabled the empty og fields in the $user object (see #1573052: user object with empty arrays in $user->og_user_group_ref or $user->og_other_user_group_ref casues user save issues) would cause WSOD. I added a workaround to remove the og properties/fields when they were empty and all seems well now on the granting part. This has only been tested agains og 7.x-2.x, but may fix some bugs in ldap authorization og when used with og 1.x.

The last commit had a bug where the $user->data['ldap_authorizations'] array was not being saved correctly when more than one authorization type is used. So it was granting the authorizations, but not tracking them in the user object. This is fixed and committed to 7.x-1.x-dev.

The simpletest for og2 support are still not finished, but the revokes and grants are manually tested and work well in conjunction with drupal role authorization.

I'd like feedback on og2 and would like to get another beta out after:
- have had some testing/feedback on og2 support (the video in comment #3 is still a valid example of setting it up)
- have the og2 simpletests working

All the other simpletests are working again.

This looks correct. I committed this to 7.x-1.x-dev. Thanks. I'm working through some other og 2.0 issues and a problem with the simpletests.