The code in LDAP Authorization OG 7.x-1.x and 7.x-2.x is for OG 7.x-1.4. To support 7.x-2.x is for OG, I think the following approach is best (but I haven't used 7.x-2.x OG so am just thinking out loud here):
1. add detection for which version of og is running in ldap_authorization_og.module. A patch to og to implement an og_api like function would be ideal, but function introspection could also be used.
2. create second class LdapAuthorizationConsumerOG7.2.class.php that inherited from LdapAuthorizationConsumerOG.class.php
- in LdapAuthorizationConsumerOG7.2, override some of the following functions to address changes in og from 1.4 to 2.0 and alter some in LdapAuthorizationConsumerOG to behave differently based on OG version. (The alter cases are where a small part of the code is og function dependent and the override are where the majority of the code is og function dependent)
-- __construct (alter)
-- _setConsumerIDs (override)
-- revokeSingleAuthorization (alter)
-- grantSingleAuthorization (alter)
-- usersAuthorizations (override)
-- mappingExamples (alter)
3. alter the functions in ldap_authoriztion_og.module to be aware of the version of og in use. Some of these should be moved into the classes themselves to make overriding/inheritance, and thus maintenance easier down the line.
This is assuming the identifier for an og group authorization is still a group id x role id. If the identifier is now entity id x group id x role id or some other triplet it may produce more readable and maintainable code to clone the ldap authorization og module altogether.
Comment | File | Size | Author |
---|---|---|---|
#8 | ldap-1559388.patch | 860 bytes | jzornig |
#1 | 1559388-1.patch | 10.66 KB | johnbarclay |
Comments
Comment #1
johnbarclay CreditAttribution: johnbarclay commentedI made a first run through of this. The code has not been tested at all and likely throws at least syntax errors. Here is a summary and patch is attached:
- og version (1 or 2) is set by reflection in LdapAuthorizationConsumerOg.class.php
- assumption is made that group id (gid) is unique across entity types and bundles. I'm not 100% sure if this is the case yet, but the db schema indicates it. The function ldap_authorization_og_gid_to_group_type($gid) in ldap_authorization_og is used for conversion.
-- assumption is made that gid is retrievable from database without invoking any hooks (see ldap_authorization_og_gid_to_group_type() function). I need to confirm that there are not any hooks that might alter gid to group type or provide them.
-- to see the code changes in the 7.x-1.x-dev a grep for "ogVersion" should show you all of then. Attached is a the patch, which I have not committed.
- design questions:
-- should the authorization id simply be in the form for og 1.x (group id-role id) or would it be more usable to be (group type-group id-role id). I think the latter would be more intuitive and in line with the yet-to-be written og 2.x documentation.
Next Steps:
Comment #2
johnbarclay CreditAttribution: johnbarclay commentedI was quite a bit off on this. The uninstall hadn't removed the 'og' table and I assumed it was in og 2.x schema and it threw me off.
The identifiers are:
so an ldap authorization has to map to group type x gid x rid such as node:17:3
I'm not sure how to make this work with "friendly" mapping names like in ldap au og for og 1.x. So I'll have the UI just list examples and admins can just cut and paste staff|node:17:3 in the filter dialog. We can work something fancy out later. Attached is a screenshot.
The changes for og 7.x-2.x don't break the tests for ldap authorization og 7.x.-1.x and og 7.x-1.x. I still have to rewrite some of the calls and remove the code the relies on gid as a unique identifier. Shouldn't be more than a day or 2 from now.
Comment #3
johnbarclay CreditAttribution: johnbarclay commentedMade some progress on this. Everything seems to work except user gets the white screen of death on logon. On the second logon, all og memberships are correctly assigned. Since ldap_authorization_og didn't seem to work for either og 7.x-1.x or 7.x-2.x, I pushed these out to 7.x-1.x-dev. A step through of it is at: http://screencast.com/t/ZvXheELBM
Will debug the fatal error later. Looks like infinite recursion in the entityreference module related to a field being attached. Kinda fuzzy in the logs.
Most of the changes in ldap_authorization_og are just to get it working with og 7.x-2.x. The only change that will affect og 7.x-1.x users is in ldapAuthrorizationConsumerOG.class.php, which may get it to work, but I haven't tested it.
Comment #4
johnbarclay CreditAttribution: johnbarclay commentedI found, fixed, and committed the but related to the wsod and non functionality of granting.
Both LDAP Authorization OG 7.x-1.x AND LDAP Authorization Roles were broken when OG 7.x-2.x-dev is installed. Even if LDAP Authorization OG wasn't enabled the empty og fields in the $user object (see #1573052: user object with empty arrays in $user->og_user_group_ref or $user->og_other_user_group_ref casues user save issues) would cause WSOD. I added a workaround to remove the og properties/fields when they were empty and all seems well now on the granting part. This has only been tested agains og 7.x-2.x, but may fix some bugs in ldap authorization og when used with og 1.x.
Comment #5
johnbarclay CreditAttribution: johnbarclay commentedThe last commit had a bug where the $user->data['ldap_authorizations'] array was not being saved correctly when more than one authorization type is used. So it was granting the authorizations, but not tracking them in the user object. This is fixed and committed to 7.x-1.x-dev.
The simpletest for og2 support are still not finished, but the revokes and grants are manually tested and work well in conjunction with drupal role authorization.
I'd like feedback on og2 and would like to get another beta out after:
- have had some testing/feedback on og2 support (the video in comment #3 is still a valid example of setting it up)
- have the og2 simpletests working
All the other simpletests are working again.
Comment #6
jzornig CreditAttribution: jzornig commentedI'm running og-7.x-2.0-dev and ldap-7.x-1.x-beta10. I try to create an ldap authorization config for og with a mapping
groupname|node:16:4
groupname is a value in an attribute of the ldap record for the user who is authenticating. node:16 is a group and 4 is a role configured for that group.
When editing the LDAP to OG Group Configuration, the EXAMPLES BASE ON CURRENT OG GROUPS lists no examples even though I have two groups defined with seven group roles. When I try to save the configuration I get the message:
"node:16:4"
does not map to any existing organic groups and roles. Since automatic organic group creation is not possible with this module, an existing group must be mapped to.Comment #7
jzornig CreditAttribution: jzornig commentedThe error appears to be a call to og_get_all_group_content_bundle() in line 76 of ldap/ldap_authorization/ldap_authorization_og/LdapAuthorizationConsumerOG.class.php which should be og_get_all_group_bundle() because we are looking for groups not group content.
Comment #8
jzornig CreditAttribution: jzornig commentedMy patch for the issue in #6 and #7.
Comment #9
johnbarclay CreditAttribution: johnbarclay commentedThis looks correct. I committed this to 7.x-1.x-dev. Thanks. I'm working through some other og 2.0 issues and a problem with the simpletests.
Comment #10
johnbarclay CreditAttribution: johnbarclay commented