ILIAS  release_5-0 Revision 5.0.0-1144-gc4397b1f87
ilLDAPRoleAssignmentRules Class Reference

Do role assignemnts More...

+ Collaboration diagram for ilLDAPRoleAssignmentRules:

Static Public Member Functions

static getDefaultRole ()
 Get default global role. More...
 
static getAllPossibleRoles ()
 Get all assignable roles (used for import parser) More...
 
static getAttributeNames ()
 get all possible attribute names More...
 
static getAssignmentsForUpdate ($a_usr_id, $a_usr_name, $a_usr_data)
 
static getAssignmentsForCreation ($a_usr_name, $a_usr_data)
 
static callPlugin ($a_plugin_id, $a_user_data)
 Call plugin check if the condition matches. More...
 

Data Fields

const ROLE_ACTION_ASSIGN = 'Assign'
 
const ROLE_ACTION_DEASSIGN = 'Detach'
 

Static Protected Member Functions

static getAdditionalPluginAttributes ()
 Fetch additional attributes from plugin. More...
 
static parseRole ($a_role_id, $a_action)
 Parse role. More...
 

Static Protected Attributes

static $active_plugins = null
 
static $default_role = null
 

Detailed Description

Do role assignemnts

Author
Stefan Meyer meyer.nosp@m.@lei.nosp@m.fos.c.nosp@m.om
Version
$Id$

Definition at line 32 of file class.ilLDAPRoleAssignmentRules.php.

Member Function Documentation

◆ callPlugin()

static ilLDAPRoleAssignmentRules::callPlugin (   $a_plugin_id,
  $a_user_data 
)
static

Call plugin check if the condition matches.

Returns
bool
Parameters
object$a_plugin_id
object$a_user_data

Definition at line 216 of file class.ilLDAPRoleAssignmentRules.php.

References $ok, and IL_COMP_SERVICE.

Referenced by ilLDAPRoleAssignmentRule\matches().

217  {
218  global $ilPluginAdmin;
219 
220  if(self::$active_plugins == null)
221  {
222  self::$active_plugins = $ilPluginAdmin->getActivePluginsForSlot(IL_COMP_SERVICE,
223  'LDAP',
224  'ldaphk');
225  }
226 
227  $assigned = false;
228  foreach(self::$active_plugins as $plugin_name)
229  {
230  $ok = false;
231  $plugin_obj = $ilPluginAdmin->getPluginObject(IL_COMP_SERVICE,
232  'LDAP',
233  'ldaphk',
234  $plugin_name);
235 
236  if($plugin_obj instanceof ilLDAPRoleAssignmentPlugin)
237  {
238  $ok = $plugin_obj->checkRoleAssignment($a_plugin_id,$a_user_data);
239  }
240 
241  if($ok)
242  {
243  $assigned = true;
244  }
245  }
246  return $assigned;
247  }
Interface for ldap role assignment plugins.
const IL_COMP_SERVICE
+ Here is the caller graph for this function:

◆ getAdditionalPluginAttributes()

static ilLDAPRoleAssignmentRules::getAdditionalPluginAttributes ( )
staticprotected

Fetch additional attributes from plugin.

Returns

Definition at line 253 of file class.ilLDAPRoleAssignmentRules.php.

References $ok, and IL_COMP_SERVICE.

254  {
255  global $ilPluginAdmin;
256 
257  if(self::$active_plugins == null)
258  {
259  self::$active_plugins = $ilPluginAdmin->getActivePluginsForSlot(IL_COMP_SERVICE,
260  'LDAP',
261  'ldaphk');
262  }
263 
264  $attributes = array();
265  foreach(self::$active_plugins as $plugin_name)
266  {
267  $ok = false;
268  $plugin_obj = $ilPluginAdmin->getPluginObject(IL_COMP_SERVICE,
269  'LDAP',
270  'ldaphk',
271  $plugin_name);
272 
273  if($plugin_obj instanceof ilLDAPRoleAssignmentPlugin)
274  {
275  $attributes = array_merge($attributes,$plugin_obj->getAdditionalAttributeNames());
276  }
277  }
278  return $attributes ? $attributes : array();
279  }
Interface for ldap role assignment plugins.
const IL_COMP_SERVICE

◆ getAllPossibleRoles()

static ilLDAPRoleAssignmentRules::getAllPossibleRoles ( )
static

Get all assignable roles (used for import parser)

Returns
array roles

Definition at line 63 of file class.ilLDAPRoleAssignmentRules.php.

References $ilDB, $query, $res, $row, and DB_FETCHMODE_OBJECT.

Referenced by ilLDAPAttributeToUser\refresh().

64  {
65  global $ilDB;
66 
67  $query = "SELECT DISTINCT(role_id) FROM ldap_role_assignments ";
68  $res = $ilDB->query($query);
69  while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
70  {
71  $roles[$row->role_id] = $row->role_id;
72  }
73  $gr = self::getDefaultRole();
74  $roles[$gr] = $gr;
75  return $roles ? $roles : array();
76  }
const DB_FETCHMODE_OBJECT
Definition: class.ilDB.php:11
global $ilDB
+ Here is the caller graph for this function:

◆ getAssignmentsForCreation()

static ilLDAPRoleAssignmentRules::getAssignmentsForCreation (   $a_usr_name,
  $a_usr_data 
)
static
Returns
array role data
Parameters
object$a_usr_id
object$a_usr_datapublic

Definition at line 165 of file class.ilLDAPRoleAssignmentRules.php.

References $ilDB, $ilLog, $query, $res, $row, ilLDAPRoleAssignmentRule\_getInstanceByRuleId(), ilObject\_lookupTitle(), and DB_FETCHMODE_OBJECT.

Referenced by ilAuthContainerApache\forceCreation(), ilLDAPUserSynchronisation\handleAccountMigration(), and ilLDAPAttributeToUser\usersToXML().

166  {
167  global $ilDB,$ilLog;
168 
169  $query = "SELECT rule_id FROM ldap_role_assignments ";
170  $res = $ilDB->query($query);
171 
172  $num_matches = 0;
173  $roles = array();
174  while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
175  {
176  include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php';
178 
179  if($rule->matches($a_usr_data))
180  {
181  $num_matches++;
182  $ilLog->write(__METHOD__.': Assigned to role: '.$a_usr_name.' => '.ilObject::_lookupTitle($rule->getRoleId()));
183  $roles[] = self::parseRole($rule->getRoleId(),self::ROLE_ACTION_ASSIGN);
184  }
185  }
186 
187  // DONE: check for global role
188  $found_global = false;
189  foreach($roles as $role_data)
190  {
191  if($role_data['type'] == 'Global')
192  {
193  $found_global = true;
194  break;
195  }
196  }
197  if(!$found_global)
198  {
199  $ilLog->write(__METHOD__.': No matching rule found. Assigning to default role.');
200  $roles[] = self::parseRole(
201  self::getDefaultRole(),
202  self::ROLE_ACTION_ASSIGN
203  );
204  }
205 
206  return $roles ? $roles : array();
207  }
static _lookupTitle($a_id)
lookup object title
const DB_FETCHMODE_OBJECT
Definition: class.ilDB.php:11
static _getInstanceByRuleId($a_rule_id)
get instance by rule id
global $ilDB
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getAssignmentsForUpdate()

static ilLDAPRoleAssignmentRules::getAssignmentsForUpdate (   $a_usr_id,
  $a_usr_name,
  $a_usr_data 
)
static

Definition at line 104 of file class.ilLDAPRoleAssignmentRules.php.

References $ilDB, $ilLog, $ilSetting, $query, $res, $row, ilLDAPRoleAssignmentRule\_getInstanceByRuleId(), ilObject\_lookupTitle(), and DB_FETCHMODE_OBJECT.

Referenced by ilLDAPAttributeToUser\usersToXML().

105  {
106  global $ilDB,$rbacadmin,$rbacreview,$ilSetting,$ilLog;
107 
108  $query = "SELECT rule_id,add_on_update,remove_on_update FROM ldap_role_assignments ".
109  "WHERE add_on_update = 1 OR remove_on_update = 1";
110 
111  $res = $ilDB->query($query);
112  $roles = array();
113  while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
114  {
115  include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php';
117 
118  $matches = $rule->matches($a_usr_data);
119  if($matches and $row->add_on_update)
120  {
121  $ilLog->write(__METHOD__.': Assigned to role: '.$a_usr_name.' => '.ilObject::_lookupTitle($rule->getRoleId()));
122  $roles[] = self::parseRole($rule->getRoleId(), self::ROLE_ACTION_ASSIGN);
123 
124  }
125  if(!$matches and $row->remove_on_update)
126  {
127  $ilLog->write(__METHOD__.': Deassigned from role: '.$a_usr_name.' => '.ilObject::_lookupTitle($rule->getRoleId()));
128  $roles[] = self::parseRole($rule->getRoleId(), self::ROLE_ACTION_DEASSIGN);
129  }
130  }
131 
132  // Check if there is minimum on global role
133  $deassigned_global = 0;
134  foreach($roles as $role_data)
135  {
136  if($role_data['type'] == 'Global' and
137  $role_data['action'] == self::ROLE_ACTION_DEASSIGN)
138  {
139  $deassigned_global++;
140  }
141  }
142  if(count($rbacreview->assignedGlobalRoles($a_usr_id)) == $deassigned_global)
143  {
144  $ilLog->write(__METHOD__.': No global role left. Assigning to default role.');
145  $roles[] = self::parseRole(
146  self::getDefaultRole(),
147  self::ROLE_ACTION_ASSIGN
148  );
149  }
150 
151  return $roles ? $roles : array();
152 
153  }
static _lookupTitle($a_id)
lookup object title
const DB_FETCHMODE_OBJECT
Definition: class.ilDB.php:11
static _getInstanceByRuleId($a_rule_id)
get instance by rule id
global $ilSetting
Definition: privfeed.php:40
global $ilDB
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getAttributeNames()

static ilLDAPRoleAssignmentRules::getAttributeNames ( )
static

get all possible attribute names

Returns

Definition at line 82 of file class.ilLDAPRoleAssignmentRules.php.

References $ilDB, $query, $res, $row, and DB_FETCHMODE_OBJECT.

Referenced by ilLDAPQuery\fetchUserProfileFields(), and ilLDAPServer\getPearAtributeArray().

83  {
84  global $ilDB;
85 
86  $query = "SELECT DISTINCT(att_name) ".
87  "FROM ldap_role_assignments ";
88  $res = $ilDB->query($query);
89  while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
90  {
91  $name = strtolower(trim($row->att_name));
92  if($name)
93  {
94  $names[] = $name;
95  }
96  }
97 
98  $names = array_merge((array) $names, self::getAdditionalPluginAttributes());
99  return $names ? $names : array();
100  }
const DB_FETCHMODE_OBJECT
Definition: class.ilDB.php:11
global $ilDB
+ Here is the caller graph for this function:

◆ getDefaultRole()

static ilLDAPRoleAssignmentRules::getDefaultRole ( )
static

Get default global role.

Returns

Definition at line 45 of file class.ilLDAPRoleAssignmentRules.php.

References ilLDAPServer\_getFirstActiveServer(), and ilLDAPAttributeMapping\_lookupGlobalRole().

46  {
47  if(self::$default_role)
48  {
49  return self::$default_role;
50  }
51 
52  include_once './Services/LDAP/classes/class.ilLDAPAttributeMapping.php';
53  include_once './Services/LDAP/classes/class.ilLDAPServer.php';
54 
55  return self::$default_role =
57  }
static _getFirstActiveServer()
Get first active server.
static _lookupGlobalRole($a_server_id)
Lookup global role assignment.
+ Here is the call graph for this function:

◆ parseRole()

static ilLDAPRoleAssignmentRules::parseRole (   $a_role_id,
  $a_action 
)
staticprotected

Parse role.

Returns
Parameters
int$a_role_id
string$a_action

Definition at line 288 of file class.ilLDAPRoleAssignmentRules.php.

289  {
290  global $rbacreview;
291 
292  return array(
293  'id' => $a_role_id,
294  'type' => $rbacreview->isGlobalRole($a_role_id) ? 'Global' : 'Local',
295  'action' => $a_action
296  );
297  }

Field Documentation

◆ $active_plugins

ilLDAPRoleAssignmentRules::$active_plugins = null
staticprotected

Definition at line 37 of file class.ilLDAPRoleAssignmentRules.php.

◆ $default_role

ilLDAPRoleAssignmentRules::$default_role = null
staticprotected

Definition at line 38 of file class.ilLDAPRoleAssignmentRules.php.

◆ ROLE_ACTION_ASSIGN

const ilLDAPRoleAssignmentRules::ROLE_ACTION_ASSIGN = 'Assign'

◆ ROLE_ACTION_DEASSIGN

const ilLDAPRoleAssignmentRules::ROLE_ACTION_DEASSIGN = 'Detach'

Definition at line 35 of file class.ilLDAPRoleAssignmentRules.php.


The documentation for this class was generated from the following file: