Go to the documentation of this file.00001 <?php
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00031 include_once('Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php');
00032
00033
00034 class ilLDAPRoleAssignments
00035 {
00036 private static $instances = array();
00037
00038 private $server = null;
00039 private $server_id;
00040 private $default_role;
00041 private $all_roles = array();
00042 private $att_mappings = array();
00043 private $grp_mappings = array();
00044
00045 protected $db;
00046
00054 private function __construct($a_server)
00055 {
00056 global $ilDB;
00057
00058 $this->server = $a_server;
00059 $this->server_id = $this->server->getServerId();
00060 $this->db = $ilDB;
00061
00062 $this->fetchAttributeMappings();
00063 $this->fetchGroupMappings();
00064 $this->fetchDefaultRole();
00065 }
00066
00075 public static function _getInstanceByServer(ilLDAPServer $a_server)
00076 {
00077 $a_server_id = $a_server->getServerId();
00078
00079 if(isset(self::$instances[$a_server_id]))
00080 {
00081 return self::$instances[$a_server_id];
00082 }
00083 return self::$instances[$a_server_id] = new ilLDAPRoleAssignments($a_server);
00084 }
00085
00094 public static function _getDistinctAttributeNamesByServerId($a_server_id)
00095 {
00096 global $ilDB;
00097
00098 $query = "SELECT DISTINCT(att_name) as att FROM ldap_role_assignments ".
00099 "WHERE type = ".ilLDAPRoleAssignmentRule::TYPE_ATTRIBUTE." ".
00100 "AND server_id = ".$ilDB->quote($a_server_id)." ";
00101 $res = $ilDB->query($query);
00102 while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
00103 {
00104 $attributes[] = strtolower(trim($row->att));
00105 }
00106 return $attributes ? $attributes : array();
00107 }
00108
00117 public function getPossibleRoles()
00118 {
00119 return $this->all_roles ? $this->all_roles : array();
00120 }
00121
00130 public function assignedRoles($a_external_name,$a_user_att)
00131 {
00132 global $ilLog;
00133
00134 $default_roles[] = array('id' => $this->default_role,
00135 'type' => 'Global',
00136 'action' => 'Attach');
00137 $ilLog->write(__METHOD__.': Fetch assignable roles...');
00138 foreach($this->att_mappings as $name => $values)
00139 {
00140 if(!isset($a_user_att[$name]))
00141 {
00142 continue;
00143 }
00144
00145 if(!is_array($a_user_att[$name]))
00146 {
00147 $attribute_val = array(0 => $a_user_att[$name]);
00148 }
00149 else
00150 {
00151 $attribute_val = $a_user_att[$name];
00152 }
00153
00154 foreach($attribute_val as $value)
00155 {
00156 $value = strtolower($value);
00157 if(!isset($this->att_mappings[$name][$value]))
00158 {
00159 continue;
00160 }
00161 else
00162 {
00163 $role = $this->att_mappings[$name][$value];
00164 $ilLog->write(__METHOD__.': Found role mapping for '.$a_external_name.' => '.ilObject::_lookupTitle($role));
00165 $roles[] = array('id' => $role,
00166 'type' => 'Global',
00167 'action' => 'Attach');
00168 break;
00169 }
00170 }
00171 }
00172
00173 foreach($this->grp_mappings as $dn => $mapping_data)
00174 {
00175 if($this->isGroupMember($dn,$a_external_name,$a_user_att))
00176 {
00177 $ilLog->write(__METHOD__.': Found LDAP group => role mapping for '.$a_external_name.' => '.ilObject::_lookupTitle($mapping_data['role']));
00178 $roles[] = array('id' => $mapping_data['role'],
00179 'type' => 'Global',
00180 'action' => 'Attach');
00181
00182 }
00183 }
00184
00185 return $roles ? $roles : $default_roles;
00186 }
00187
00188
00198 private function isGroupMember($a_dn,$a_ldap_account,$a_user_data)
00199 {
00200 global $ilLog;
00201
00202 if($this->grp_mappings[$a_dn]['isdn'])
00203 {
00204 $user_cmp = $a_user_data['dn'];
00205 }
00206 else
00207 {
00208 $user_cmp = $a_ldap_account;
00209 }
00210
00211 include_once('Services/LDAP/classes/class.ilLDAPQuery.php');
00212 include_once('Services/LDAP/classes/class.ilLDAPServer.php');
00213
00214
00215 try
00216 {
00217 $query = new ilLDAPQuery($this->server);
00218 $query->bind();
00219 $res = $query->query($a_dn,
00220 sprintf('(%s=%s)',
00221 $this->grp_mappings[$a_dn]['attribute'],
00222 $user_cmp),
00223 IL_LDAP_SCOPE_BASE,
00224 array('dn'));
00225
00226 return $res->numRows() ? true : false;
00227 }
00228 catch(ilLDAPQueryException $e)
00229 {
00230 $ilLog->write(__METHOD__.': Caught Exception: '.$e->getMessage());
00231 return false;
00232 }
00233 }
00234
00241 private function fetchAttributeMappings()
00242 {
00243 $query = "SELECT * FROM ldap_role_assignments ".
00244 "WHERE server_id = ".$this->db->quote($this->server_id)." ".
00245 "AND type = ".ilLDAPRoleAssignmentRule::TYPE_ATTRIBUTE." ";
00246 $res = $this->db->query($query);
00247 while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
00248 {
00249 $this->att_mappings[strtolower($row->att_name)][strtolower($row->att_value)] = $row->role_id;
00250 $this->all_roles[$row->role_id] = $row->role_id;
00251 }
00252 }
00253
00260 private function fetchGroupMappings()
00261 {
00262 $query = "SELECT * FROM ldap_role_assignments ".
00263 "WHERE server_id = ".$this->db->quote($this->server_id)." ".
00264 "AND type = ".ilLDAPRoleAssignmentRule::TYPE_GROUP." ";
00265 $res = $this->db->query($query);
00266 while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
00267 {
00268 $this->grp_mappings[strtolower($row->dn)]['attribute'] = strtolower($row->attribute);
00269 $this->grp_mappings[strtolower($row->dn)]['isdn'] = $row->isdn;
00270 $this->grp_mappings[strtolower($row->dn)]['role'] = $row->role_id;
00271
00272 $this->all_roles[$row->role_id] = $row->role_id;
00273 }
00274
00275 }
00276
00277
00284 private function fetchDefaultRole()
00285 {
00286 include_once('Services/LDAP/classes/class.ilLDAPAttributeMapping.php');
00287
00288 $this->default_role = ilLDAPAttributeMapping::_lookupGlobalRole($this->server_id);
00289 $this->all_roles[$this->default_role] = $this->default_role;
00290 }
00291 }
00292
00293 ?>
