bsw@1071: -- Update member privileges from LDAP
bsw@1071: -- --------------------------------------------------------------------------
bsw@1071: --
bsw@1071: -- arguments:
bsw@1071: --   member: the member for which the privileges should be updated
bsw@1071: --   ldap_entry: the ldap entry to be used for updating the privileges
bsw@1071: --
bsw@1071: -- returns:
bsw@1071: --   err: an error code, if an error occured (string)
bsw@1071: --   err2: Error dependent extra error information
bsw@1071: 
bsw@1071: function ldap.update_member_privileges(member, ldap_entry)
bsw@1071: 
bsw@1071:   local privileges, err = config.ldap.member.privilege_map(ldap_entry, member)
bsw@1071: 
bsw@1071:   if err then
bsw@1071:     return false, "privilege_map_error", err
bsw@1071:   end
bsw@1071: 
bsw@1071:   local privileges_by_unit_id = {}
bsw@1071:   for i, privilege in ipairs(privileges) do
bsw@1071:     privileges_by_unit_id[privilege.unit_id] = privilege
bsw@1071:   end
bsw@1071: 
bsw@1071:   local current_privileges = Privilege:by_member_id(member.id)
bsw@1071:   local current_privilege_ids = {}
bsw@1071: 
bsw@1071:   for i, privilege in ipairs(current_privileges) do
bsw@1071:     if privileges_by_unit_id[privilege.unit_id] then
bsw@1071:       current_privilege_ids[privilege.unit_id] = privilege
bsw@1071:     else
bsw@1071:       privilege:destroy()
bsw@1071:     end
bsw@1071:   end
bsw@1071: 
bsw@1071:   for i, privilege in ipairs(privileges) do
bsw@1071:     local current_privilege = current_privilege_ids[privilege.unit_id]
bsw@1071:     if not current_privilege then
bsw@1071:       current_privilege = Privilege:new()
bsw@1071:       current_privilege.member_id = member.id
bsw@1071:       current_privileges[#current_privileges+1] = current_privilege
bsw@1071:     end
bsw@1071:     for key, val in pairs(privilege) do
bsw@1071:       current_privilege[key] = val
bsw@1071:     end
bsw@1071:   end
bsw@1071: 
bsw@1071:   for i, privilege in ipairs(current_privileges) do
bsw@1071:     local err = privilege:try_save()
bsw@1071:     if err then
bsw@1071:       return false, "privilege_save_error", err
bsw@1071:     end
bsw@1071:   end
bsw@1071: 
bsw@1071:   return true
bsw@1071: end