ILIAS  Release_3_10_x_branch Revision 61812
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilLDAPRoleAssignments.php
Go to the documentation of this file.
1 <?php
2 /*
3  +-----------------------------------------------------------------------------+
4  | ILIAS open source |
5  +-----------------------------------------------------------------------------+
6  | Copyright (c) 1998-2006 ILIAS open source, University of Cologne |
7  | |
8  | This program is free software; you can redistribute it and/or |
9  | modify it under the terms of the GNU General Public License |
10  | as published by the Free Software Foundation; either version 2 |
11  | of the License, or (at your option) any later version. |
12  | |
13  | This program is distributed in the hope that it will be useful, |
14  | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16  | GNU General Public License for more details. |
17  | |
18  | You should have received a copy of the GNU General Public License |
19  | along with this program; if not, write to the Free Software |
20  | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21  +-----------------------------------------------------------------------------+
22 */
23 
31 include_once('Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php');
32 
33 
34 class ilLDAPRoleAssignments
35 {
36  private static $instances = array();
37 
38  private $server = null;
39  private $server_id;
40  private $default_role;
41  private $all_roles = array();
42  private $att_mappings = array();
43  private $grp_mappings = array();
44 
45  protected $db;
46 
54  private function __construct($a_server)
55  {
56  global $ilDB;
57 
58  $this->server = $a_server;
59  $this->server_id = $this->server->getServerId();
60  $this->db = $ilDB;
61 
62  $this->fetchAttributeMappings();
63  $this->fetchGroupMappings();
64  $this->fetchDefaultRole();
65  }
66 
75  public static function _getInstanceByServer(ilLDAPServer $a_server)
76  {
77  $a_server_id = $a_server->getServerId();
78 
79  if(isset(self::$instances[$a_server_id]))
80  {
81  return self::$instances[$a_server_id];
82  }
83  return self::$instances[$a_server_id] = new ilLDAPRoleAssignments($a_server);
84  }
85 
94  public static function _getDistinctAttributeNamesByServerId($a_server_id)
95  {
96  global $ilDB;
97 
98  $query = "SELECT DISTINCT(att_name) as att FROM ldap_role_assignments ".
99  "WHERE type = ".ilLDAPRoleAssignmentRule::TYPE_ATTRIBUTE." ".
100  "AND server_id = ".$ilDB->quote($a_server_id)." ";
101  $res = $ilDB->query($query);
102  while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
103  {
104  $attributes[] = strtolower(trim($row->att));
105  }
106  return $attributes ? $attributes : array();
107  }
108 
117  public function getPossibleRoles()
118  {
119  return $this->all_roles ? $this->all_roles : array();
120  }
121 
130  public function assignedRoles($a_external_name,$a_user_att)
131  {
132  global $ilLog;
133 
134  $default_roles[] = array('id' => $this->default_role,
135  'type' => 'Global',
136  'action' => 'Attach');
137  $ilLog->write(__METHOD__.': Fetch assignable roles...');
138  foreach($this->att_mappings as $name => $values)
139  {
140  if(!isset($a_user_att[$name]))
141  {
142  continue;
143  }
144 
145  if(!is_array($a_user_att[$name]))
146  {
147  $attribute_val = array(0 => $a_user_att[$name]);
148  }
149  else
150  {
151  $attribute_val = $a_user_att[$name];
152  }
153 
154  foreach($attribute_val as $value)
155  {
156  $value = strtolower($value);
157  if(!isset($this->att_mappings[$name][$value]))
158  {
159  continue;
160  }
161  else
162  {
163  $role = $this->att_mappings[$name][$value];
164  $ilLog->write(__METHOD__.': Found role mapping for '.$a_external_name.' => '.ilObject::_lookupTitle($role));
165  $roles[] = array('id' => $role,
166  'type' => 'Global',
167  'action' => 'Attach');
168  break;
169  }
170  }
171  }
172  // Check group membership
173  foreach($this->grp_mappings as $dn => $mapping_data)
174  {
175  if($this->isGroupMember($dn,$a_external_name,$a_user_att))
176  {
177  $ilLog->write(__METHOD__.': Found LDAP group => role mapping for '.$a_external_name.' => '.ilObject::_lookupTitle($mapping_data['role']));
178  $roles[] = array('id' => $mapping_data['role'],
179  'type' => 'Global',
180  'action' => 'Attach');
181 
182  }
183  }
184 
185  return $roles ? $roles : $default_roles;
186  }
187 
188 
198  private function isGroupMember($a_dn,$a_ldap_account,$a_user_data)
199  {
200  global $ilLog;
201 
202  if($this->grp_mappings[$a_dn]['isdn'])
203  {
204  $user_cmp = $a_user_data['dn'];
205  }
206  else
207  {
208  $user_cmp = $a_ldap_account;
209  }
210 
211  include_once('Services/LDAP/classes/class.ilLDAPQuery.php');
212  include_once('Services/LDAP/classes/class.ilLDAPServer.php');
213 
214 
215  try
216  {
217  $query = new ilLDAPQuery($this->server);
218  $query->bind();
219  $res = $query->query($a_dn,
220  sprintf('(%s=%s)',
221  $this->grp_mappings[$a_dn]['attribute'],
222  $user_cmp),
223  IL_LDAP_SCOPE_BASE,
224  array('dn'));
225 
226  return $res->numRows() ? true : false;
227  }
228  catch(ilLDAPQueryException $e)
229  {
230  $ilLog->write(__METHOD__.': Caught Exception: '.$e->getMessage());
231  return false;
232  }
233  }
234 
241  private function fetchAttributeMappings()
242  {
243  $query = "SELECT * FROM ldap_role_assignments ".
244  "WHERE server_id = ".$this->db->quote($this->server_id)." ".
245  "AND type = ".ilLDAPRoleAssignmentRule::TYPE_ATTRIBUTE." ";
246  $res = $this->db->query($query);
247  while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
248  {
249  $this->att_mappings[strtolower($row->att_name)][strtolower($row->att_value)] = $row->role_id;
250  $this->all_roles[$row->role_id] = $row->role_id;
251  }
252  }
253 
260  private function fetchGroupMappings()
261  {
262  $query = "SELECT * FROM ldap_role_assignments ".
263  "WHERE server_id = ".$this->db->quote($this->server_id)." ".
264  "AND type = ".ilLDAPRoleAssignmentRule::TYPE_GROUP." ";
265  $res = $this->db->query($query);
266  while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
267  {
268  $this->grp_mappings[strtolower($row->dn)]['attribute'] = strtolower($row->attribute);
269  $this->grp_mappings[strtolower($row->dn)]['isdn'] = $row->isdn;
270  $this->grp_mappings[strtolower($row->dn)]['role'] = $row->role_id;
271 
272  $this->all_roles[$row->role_id] = $row->role_id;
273  }
274 
275  }
276 
277 
284  private function fetchDefaultRole()
285  {
286  include_once('Services/LDAP/classes/class.ilLDAPAttributeMapping.php');
287 
288  $this->default_role = ilLDAPAttributeMapping::_lookupGlobalRole($this->server_id);
289  $this->all_roles[$this->default_role] = $this->default_role;
290  }
291 }
292 
293 ?>