-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathshepherd_connector.module
56 lines (47 loc) · 1.77 KB
/
shepherd_connector.module
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
<?php
/**
* @file
* Contains shepherd_connector.module.
*/
use Drupal\user\UserInterface;
/**
* Implements hook_user_login().
*
* Synchronises the user's drupal roles with the ones assigned in Shepherd.
* Any local role not present in Shepherd will be removed, and any extra roles
* that appear in Shepherd but not locally will be added. This synchronisation
* only effects roles that are configured as "controlled roles".
*/
function shepherd_connector_user_login(UserInterface $account) {
// Only process this hook if login method was CAS and role sync is enabled.
if (\Drupal::request()->get('_route') !== 'cas.service' ||
!\Drupal::config('shepherd_connector.settings')->get('enabled')) {
return;
}
// Get list of roles user currently has.
$local_roles = $account->getRoles();
// Get list of roles user should have from authorisation provider.
$remote_roles = \Drupal::service('shepherd_connector.connector')
->getRolesForUser($account->getAccountName());
// Get list of controlled roles from config.
$controlled_roles = explode(',', str_replace(' ', '',
\Drupal::config('shepherd_connector.settings')->get('controlled_roles')));
$changed = FALSE;
foreach ($controlled_roles as $role) {
if (in_array($role, $local_roles) && !in_array($role, $remote_roles)) {
// Remove any controlled roles from user that exist locally,
// but not in the remote authorisation provider.
$account->removeRole($role);
$changed = TRUE;
}
elseif (in_array($role, $remote_roles) && !in_array($role, $local_roles)) {
// Add any controlled roles that exist remotely, but not locally.
$account->addRole($role);
$changed = TRUE;
}
}
// Update account if it changed.
if ($changed) {
$account->save();
}
}