ILIAS  Release_4_0_x_branch Revision 61816
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilAuthShibbolethSettingsGUI.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
3 
13 class ilAuthShibbolethSettingsGUI
14 {
15 
16  private $ctrl;
17  private $ilias;
18  private $tabs_gui;
19  private $lng;
20  private $tpl;
21  private $ref_id;
22 
23 
29  public function __construct($a_auth_ref_id)
30  {
31  global $lng,$ilCtrl,$tpl,$ilTabs,$ilias;
32 
33  $this->ctrl = $ilCtrl;
34  $this->tabs_gui = $ilTabs;
35  $this->lng = $lng;
36  $this->lng->loadLanguageModule('shib');
37  $this->ilias = $ilias;
38 
39  $this->tpl = $tpl;
40 
41  $this->ref_id = $a_auth_ref_id;
42  $this->obj_id = ilObject::_lookupObjId($this->ref_id);
43  }
44 
49  public function executeCommand()
50  {
51  global $ilAccess,$ilErr, $ilCtrl;
52 
53  $next_class = $this->ctrl->getNextClass($this);
54  $cmd = $this->ctrl->getCmd();
55 
56  if(!$ilAccess->checkAccess('read','',$this->ref_id))
57  {
58  $ilErr->raiseError($this->lng->txt('msg_no_perm_read'),$ilErr->WARNING);
59  }
60 
61  if(!$ilAccess->checkAccess('write','',$this->ref_id) && $cmd != "settings")
62  {
63  ilUtil::sendFailure($this->lng->txt('msg_no_perm_write'), true);
64  $ilCtrl->redirect($this, "settings");
65  }
66 
67  $this->setSubTabs();
68 
69  switch($next_class)
70  {
71  default:
72  if(!$cmd)
73  {
74  $cmd = "settings";
75  }
76  $this->$cmd();
77  break;
78  }
79  return true;
80 
81  }
82 
83  public function settings()
84  {
85  global $rbacsystem, $rbacreview;
86 
87  $this->tabs_gui->setSubTabActive('shib_settings');
88 
89  // set already saved data or default value for port
90  $settings = $this->ilias->getAllSettings();
91 
92  // Compose role list
93  $role_list = $rbacreview->getRolesByFilter(2);
94  $selectElement = '<select name="shib[user_default_role]">';
95 
96  if (!isset($settings["shib_user_default_role"]))
97  {
98  $settings["shib_user_default_role"] = 4;
99  }
100 
101  foreach ($role_list as $role)
102  {
103  $selectElement .= '<option value="'.$role['obj_id'].'"';
104  if ($settings["shib_user_default_role"] == $role['obj_id'])
105  $selectElement .= 'selected="selected"';
106 
107  $selectElement .= '>'.$role['title'].'</option>';
108  }
109  $selectElement .= '</select>';
110 
111 
112  // Set text field content
113  $shib_settings = array(
114  'shib_login',
115  'shib_title',
116  'shib_firstname',
117  'shib_lastname',
118  'shib_email',
119  'shib_gender',
120  'shib_institution',
121  'shib_department',
122  'shib_zipcode',
123  'shib_city',
124  'shib_country',
125  'shib_street',
126  'shib_phone_office',
127  'shib_phone_home',
128  'shib_phone_mobile',
129  'shib_language'
130  );
131 
132 
133  $this->tpl->addBlockFile('ADM_CONTENT','adm_content','tpl.auth_shib.html');
134 
135  foreach ($shib_settings as $setting)
136  {
137  $field = ereg_replace('shib_','',$setting);
138  $this->tpl->setVariable(strtoupper($setting), $settings[$setting]);
139  $this->tpl->setVariable('SHIB_UPDATE_'.strtoupper($field), $settings["shib_update_".$field]);
140 
141  if ($settings["shib_update_".$field]) {
142  $this->tpl->setVariable('CHK_SHIB_UPDATE_'.strtoupper($field), 'checked="checked"');
143  }
144  }
145 
146  // Set some default values
147 
148  if (!isset($settings["shib_login_button"]) || $settings["shib_login_button"] == ''){
149  $this->tpl->setVariable("SHIB_LOGIN_BUTTON", "templates/default/images/shib_login_button.png");
150  }
151 
152  if (isset($settings["shib_active"]) && $settings["shib_active"])
153  {
154  $this->tpl->setVariable("chk_shib_active", 'checked="checked"');
155  }
156  if ($settings['shib_auth_allow_local'] == '1')
157  {
158  $this->tpl->setVariable('CHK_SHIB_AUTH_ALLOW_LOCAL', 'checked="checked"');
159  }
160 
161  if (
162  !isset($settings["shib_hos_type"])
163  || $settings["shib_hos_type"] == ''
164  || $settings["shib_hos_type"] != 'external_wayf'
165  )
166  {
167  $this->tpl->setVariable("CHK_SHIB_LOGIN_INTERNAL_WAYF", 'checked="checked"');
168  $this->tpl->setVariable("CHK_SHIB_LOGIN_EXTERNAL_WAYF", '');
169  } else {
170  $this->tpl->setVariable("CHK_SHIB_LOGIN_INTERNAL_WAYF", '');
171  $this->tpl->setVariable("CHK_SHIB_LOGIN_EXTERNAL_WAYF", 'checked="checked"');
172  }
173 
174  if (!isset($settings["shib_idp_list"]) || $settings["shib_idp_list"] == '')
175  {
176  $this->tpl->setVariable("SHIB_IDP_LIST", "urn:mace:organization1:providerID, Example Organization 1\nurn:mace:organization2:providerID, Example Organization 2, /Shibboleth.sso/WAYF/SWITCHaai");
177  } else {
178  $this->tpl->setVariable("SHIB_IDP_LIST", stripslashes($settings["shib_idp_list"]));
179  }
180 
181  $this->tpl->setVariable("SHIB_USER_DEFAULT_ROLE", $selectElement);
182  $this->tpl->setVariable("SHIB_LOGIN_BUTTON", $settings["shib_login_button"]);
183  $this->tpl->setVariable("SHIB_LOGIN_INSTRUCTIONS", stripslashes($settings["shib_login_instructions"]));
184  $this->tpl->setVariable("SHIB_FEDERATION_NAME", stripslashes($settings["shib_federation_name"]));
185  $this->tpl->setVariable("SHIB_DATA_CONV", $settings["shib_data_conv"]);
186 
187  $this->tpl->setVariable("FORMACTION", $this->ctrl->getFormAction($this));
188  $this->tpl->setVariable("COLSPAN", 3);
189  $this->tpl->setVariable("TXT_SHIB_INSTRUCTIONS",
190  $this->lng->txt("auth_shib_instructions"));
191  $this->tpl->setVariable("LINK_SHIB_INSTRUCTIONS",
192  "./Services/AuthShibboleth/README.SHIBBOLETH.txt");
193  $this->tpl->setVariable("TXT_SHIB", $this->lng->txt("shib"));
194  $this->tpl->setVariable("TXT_OPTIONS", $this->lng->txt("options"));
195  $this->tpl->setVariable("TXT_SHIB_UPDATE", $this->lng->txt("shib_update"));
196  $this->tpl->setVariable("TXT_SHIB_ACTIVE", $this->lng->txt("shib_active"));
197  $this->tpl->setVariable("TXT_SHIB_USER_DEFAULT_ROLE", $this->lng->txt("shib_user_default_role"));
198  $this->tpl->setVariable("TXT_SHIB_LOGIN_BUTTON", $this->lng->txt("shib_login_button"));
199  $this->tpl->setVariable("TXT_SHIB_LOGIN_TYPE", $this->lng->txt("shib_login_type"));
200  $this->tpl->setVariable("TXT_SHIB_LOGIN_INTERNAL_WAYF", $this->lng->txt("shib_login_internal_wayf"));
201  $this->tpl->setVariable("TXT_SHIB_LOGIN_EXTERNAL_WAYF", $this->lng->txt("shib_login_external_wayf"));
202  $this->tpl->setVariable("TXT_SHIB_IDP_LIST", $this->lng->txt("shib_idp_list"));
203  $this->tpl->setVariable("TXT_SHIB_FEDERATION_NAME", $this->lng->txt("shib_federation_name"));
204  $this->tpl->setVariable("TXT_SHIB_LOGIN_INSTRUCTIONS", $this->lng->txt("auth_login_instructions"));
205  $this->tpl->setVariable("TXT_SHIB_DATA_CONV", $this->lng->txt("shib_data_conv"));
206  $this->tpl->setVariable("TXT_SHIB_AUTH_ALLOW_LOCAL", $this->lng->txt("auth_allow_local"));
207  foreach ($shib_settings as $setting)
208  {
209  $this->tpl->setVariable("TXT_".strtoupper($setting), $this->lng->txt($setting));
210  }
211 
212  $this->tpl->setVariable("TXT_REQUIRED_FLD", $this->lng->txt("required_field"));
213  $this->tpl->setVariable("TXT_CANCEL", $this->lng->txt("cancel"));
214  $this->tpl->setVariable("TXT_SUBMIT", $this->lng->txt("save"));
215  $this->tpl->setVariable("CMD_SUBMIT", "save");
216  }
217 
218  public function save()
219  {
220  global $ilUser;
221 
222  // validate required data
223  if (
224  !$_POST["shib"]["login"]
225  or !$_POST["shib"]["hos_type"]
226  or !$_POST["shib"]["firstname"]
227  or !$_POST["shib"]["lastname"]
228  or !$_POST["shib"]["email"]
229  or !$_POST["shib"]["user_default_role"]
230  or !$_POST["shib"]["federation_name"]
231  )
232  {
233  $this->ilias->raiseError($this->lng->txt("fill_out_all_required_fields"),$this->ilias->error_obj->MESSAGE);
234  }
235 
236  // validate api
237  if (
238  $_POST["shib"]["data_conv"]
239  and $_POST["shib"]["data_conv"] != ''
240  and !is_readable($_POST["shib"]["data_conv"]) )
241  {
242  $this->ilias->raiseError($this->lng->txt("shib_data_conv_warning"),$this->ilias->error_obj->MESSAGE);
243  }
244 
245  // all ok. save settings
246  $shib_settings = array(
247  'shib_login',
248  'shib_title',
249  'shib_firstname',
250  'shib_lastname',
251  'shib_email',
252  'shib_gender',
253  'shib_institution',
254  'shib_department',
255  'shib_zipcode',
256  'shib_city',
257  'shib_country',
258  'shib_street',
259  'shib_phone_office',
260  'shib_phone_home',
261  'shib_phone_mobile',
262  'shib_language'
263  );
264 
265  foreach ($shib_settings as $setting)
266  {
267  $field = ereg_replace('shib_','',$setting);
268  if ($_POST["shib"]["update_".$field] != "1")
269  $_POST["shib"]["update_".$field] = "0";
270  $this->ilias->setSetting($setting, trim($_POST["shib"][$field]));
271  $this->ilias->setSetting("shib_update_".$field, $_POST["shib"]["update_".$field]);
272  }
273 
274  if ($_POST["shib"]["active"] != "1")
275  {
276  $this->ilias->setSetting("shib_active", "0");
277  }
278  else
279  {
280  $this->ilias->setSetting("shib_active", "1");
281  }
282 
283  $this->ilias->setSetting("shib_user_default_role", $_POST["shib"]["user_default_role"]);
284  $this->ilias->setSetting("shib_hos_type", $_POST["shib"]["hos_type"]);
285  $this->ilias->setSetting("shib_federation_name", $_POST["shib"]["federation_name"]);
286  $this->ilias->setSetting("shib_idp_list", $_POST["shib"]["idp_list"]);
287  $this->ilias->setSetting("shib_login_instructions", $_POST["shib"]["login_instructions"]);
288  $this->ilias->setSetting("shib_login_button", $_POST["shib"]["login_button"]);
289  $this->ilias->setSetting("shib_data_conv", $_POST["shib"]["data_conv"]);
290  $this->ilias->setSetting("shib_auth_allow_local", ($_POST['shib']['auth_allow_local']=='1') ? '1' : '0');
291 
292  ilUtil::sendSuccess($this->lng->txt("shib_settings_saved"),true);
293 
294  $this->ctrl->redirect($this,'settings');
295  }
296 
297  protected function roleAssignment()
298  {
299  $this->tabs_gui->setSubTabActive('shib_role_assignment');
300 
301  $this->initFormRoleAssignment('default');
302 
303  $this->tpl->addBlockFile('ADM_CONTENT','adm_content','tpl.shib_role_assignment.html','Services/AuthShibboleth');
304  $this->tpl->setVariable('NEW_RULE_TABLE',$this->form->getHTML());
305 
306  if(strlen($html = $this->parseRulesTable()))
307  {
308  $this->tpl->setVariable('RULE_TABLE',$html);
309  }
310 
311  return true;
312  }
313 
314  protected function parseRulesTable()
315  {
316  include_once('./Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRules.php');
317  if(ilShibbolethRoleAssignmentRules::getCountRules() == 0)
318  {
319  return '';
320  }
321  include_once('./Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentTableGUI.php');
322  $rules_table = new ilShibbolethRoleAssignmentTableGUI($this,'roleAssignment');
323  $rules_table->setTitle($this->lng->txt('shib_rules_tables'));
324  $rules_table->parse(ilShibbolethRoleAssignmentRules::getAllRules());
325  $rules_table->addMultiCommand("confirmDeleteRules", $this->lng->txt("delete"));
326  $rules_table->setSelectAllCheckbox("rule_id");
327 
328  return $rules_table->getHTML();
329  }
330 
338  protected function confirmDeleteRules()
339  {
340  if(!is_array($_POST['rule_ids']))
341  {
342  ilUtil::sendFailure($this->lng->txt('select_one'));
343  $this->roleAssignment();
344  return false;
345  }
346  $this->tabs_gui->setSubTabActive('shib_role_assignment');
347 
348  include_once("Services/Utilities/classes/class.ilConfirmationGUI.php");
349  $c_gui = new ilConfirmationGUI();
350 
351  // set confirm/cancel commands
352  $c_gui->setFormAction($this->ctrl->getFormAction($this, "deleteRules"));
353  $c_gui->setHeaderText($this->lng->txt("shib_confirm_del_role_ass"));
354  $c_gui->setCancel($this->lng->txt("cancel"), "roleAssignment");
355  $c_gui->setConfirm($this->lng->txt("confirm"), "deleteRules");
356 
357  // add items to delete
358  include_once('Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRule.php');
359  foreach($_POST["rule_ids"] as $rule_id)
360  {
361  $rule = new ilShibbolethRoleAssignmentRule($rule_id);
362 
363  $info = ilObject::_lookupTitle($rule->getRoleId());
364  $info .= " (";
365  $info .= $rule->conditionToString();
366  $info .= ')';
367  $c_gui->addItem('rule_ids[]',$rule_id,$info);
368  }
369  $this->tpl->setContent($c_gui->getHTML());
370  }
371 
378  protected function deleteRules()
379  {
380  if(!is_array($_POST['rule_ids']))
381  {
382  ilUtil::sendFailure($this->lng->txt('select_once'));
383  $this->roleAssignment();
384  return false;
385  }
386  include_once('Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRule.php');
387  foreach($_POST["rule_ids"] as $rule_id)
388  {
389  $rule = new ilShibbolethRoleAssignmentRule($rule_id);
390  $rule->delete();
391  }
392  ilUtil::sendSuccess($this->lng->txt('shib_deleted_rule'));
393  $this->roleAssignment();
394  return true;
395  }
396 
397 
398 
399  protected function initFormRoleAssignment($a_mode = 'default')
400  {
401  include_once('./Services/Form/classes/class.ilPropertyFormGUI.php');
402  $this->form = new ilPropertyFormGUI();
403  $this->form->setFormAction($this->ctrl->getFormAction($this,'cancel'));
404  $this->form->setTitle($this->lng->txt('shib_role_ass_table'));
405 
406  if($a_mode == 'default')
407  {
408  $this->form->setTitle($this->lng->txt('shib_role_ass_table'));
409  $this->form->addCommandButton('addRoleAssignmentRule',$this->lng->txt('shib_new_rule'));
410  $this->form->addCommandButton('settings',$this->lng->txt('cancel'));
411  }
412  else
413  {
414  $this->form->setTitle($this->lng->txt('shib_update_role_ass_table'));
415  $this->form->addCommandButton('updateRoleAssignmentRule',$this->lng->txt('save'));
416  $this->form->addCommandButton('roleAssignment',$this->lng->txt('cancel'));
417 
418  }
419  // Role selection
420  $role = new ilRadioGroupInputGUI($this->lng->txt('shib_role_name'),'role_name');
421  $role->setRequired(true);
422 
423  $global = new ilRadioOption($this->lng->txt('shib_global_role'),0);
424  $role->addOption($global);
425 
426  $role_select = new ilSelectInputGUI('','role_id');
427  $role_select->setOptions($this->prepareRoleSelect());
428  $global->addSubItem($role_select);
429 
430  $local = new ilRadioOption($this->lng->txt('shib_local_role'),1);
431  $role->addOption($local);
432 
433  include_once './Services/Form/classes/class.ilRoleAutoCompleteInputGUI.php';
434  $role_search = new ilRoleAutoCompleteInputGUI('','role_search',$this,'addRoleAutoCompleteObject');
435  $role_search->setSize(40);
436  $local->addSubItem($role_search);
437 
438  include_once './Services/AccessControl/classes/class.ilRoleAutoComplete.php';
439 
440  $role->setInfo($this->lng->txt('shib_role_name_info'));
441  $this->form->addItem($role);
442 
443  // Update options
444  $update = new ilNonEditableValueGUI($this->lng->txt('shib_update_roles'),'update_roles');
445  $update->setValue($this->lng->txt('shib_check_role_assignment'));
446 
447  $add = new ilCheckboxInputGUI('','add_missing');
448  $add->setOptionTitle($this->lng->txt('shib_add_missing'));
449  $add->setValue(1);
450  $update->addSubItem($add);
451 
452  $remove = new ilCheckboxInputGUI('','remove_deprecated');
453  $remove->setOptionTitle($this->lng->txt('shib_remove_deprecated'));
454  $remove->setValue(1);
455  $update->addSubItem($remove);
456 
457  $this->form->addItem($update);
458 
459  // Assignment type
460  $kind = new ilRadioGroupInputGUI($this->lng->txt('shib_assignment_type'),'kind');
461  $kind->setValue(1);
462  $kind->setRequired(true);
463 
464  $attr = new ilRadioOption($this->lng->txt('shib_attribute'),1);
465  $attr->setInfo($this->lng->txt('shib_attr_info'));
466 
467  $name = new ilTextInputGUI($this->lng->txt('shib_attribute_name'),'attr_name');
468  $name->setSize(32);
469  $attr->addSubItem($name);
470 
471  $value = new ilTextInputGUI($this->lng->txt('shib_attribute_value'),'attr_value');
472  $value->setSize(32);
473  $attr->addSubItem($value);
474  $kind->addOption($attr);
475 
476  $pl_active = (bool) $this->hasActiveRoleAssignmentPlugins();
477 
478  $pl = new ilRadioOption($this->lng->txt('shib_plugin'),2);
479  $pl->setInfo($this->lng->txt('shib_plugin_info'));
480  $pl->setDisabled(!$pl_active);
481 
482  $id = new ilNumberInputGUI($this->lng->txt('shib_plugin_id'),'plugin_id');
483  $id->setDisabled(!$pl_active);
484  $id->setSize(3);
485  $id->setMaxLength(3);
486  $id->setMaxValue(999);
487  $id->setMinValue(1);
488  $pl->addSubItem($id);
489 
490  $kind->addOption($pl);
491 
492  $this->form->addItem($kind);
493  }
494 
498  function addRoleAutoCompleteObject()
499  {
500  include_once("./Services/Form/classes/class.ilRoleAutoCompleteInputGUI.php");
501  ilRoleAutoCompleteInputGUI::echoAutoCompleteList();
502  }
503 
504 
505  protected function addRoleAssignmentRule()
506  {
507  global $ilAccess,$ilErr;
508 
509  if(!$ilAccess->checkAccess('write','',$this->ref_id))
510  {
511  ilUtil::sendFailure($this->lng->txt('permission_denied'), true);
512  $this->roleAssignment();
513  return false;
514  }
515 
516  $this->initFormRoleAssignment();
517  if(!$this->form->checkInput() or ($err = $this->checkInput()))
518  {
519  if($err)
520  {
521  ilUtil::sendFailure($this->lng->txt($err));
522  }
523 
524  $this->tabs_gui->setSubTabActive('shib_role_assignment');
525 
526  $this->form->setValuesByPost();
527  $this->tpl->addBlockFile('ADM_CONTENT','adm_content','tpl.shib_role_assignment.html','Services/AuthShibboleth');
528  $this->tpl->setVariable('NEW_RULE_TABLE',$this->form->getHTML());
529 
530  if(strlen($html = $this->parseRulesTable()))
531  {
532  $this->tpl->setVariable('RULE_TABLE',$html);
533  }
534 
535  return true;
536  }
537 
538  // Redirects if required
539  $this->showLocalRoleSelection();
540 
541  $this->rule->add();
542  ilUtil::sendSuccess($this->lng->txt('settings_saved'));
543  $this->roleAssignment();
544  return true;
545  }
546 
547 
552  protected function editRoleAssignment()
553  {
554  $this->ctrl->setParameter($this,'rule_id',(int) $_GET['rule_id']);
555 
556 
557  $this->tabs_gui->setSubTabActive('shib_role_assignment');
558  $this->initFormRoleAssignment('update');
559  $this->getRuleValues();
560 
561  $this->tpl->addBlockFile('ADM_CONTENT','adm_content','tpl.shib_role_assignment.html','Services/AuthShibboleth');
562  $this->tpl->setVariable('NEW_RULE_TABLE',$this->form->getHTML());
563  return true;
564  }
565 
566  protected function updateRoleAssignmentRule()
567  {
568  global $ilAccess,$ilErr;
569 
570  if(!$ilAccess->checkAccess('write','',$this->ref_id))
571  {
572  ilUtil::sendFailure($this->lng->txt('permission_denied'), true);
573  $this->roleAssignment();
574  return false;
575  }
576 
577  $this->initFormRoleAssignment();
578  if(!$this->form->checkInput() or ($err = $this->checkInput((int) $_REQUEST['rule_id'])))
579  {
580  if($err)
581  {
582  ilUtil::sendFailure($this->lng->txt($err));
583  }
584 
585  $this->tabs_gui->setSubTabActive('shib_role_assignment');
586 
587  $this->form->setValuesByPost();
588  $this->tpl->addBlockFile('ADM_CONTENT','adm_content','tpl.shib_role_assignment.html','Services/AuthShibboleth');
589  $this->tpl->setVariable('NEW_RULE_TABLE',$this->form->getHTML());
590  return true;
591  }
592 
593  $this->showLocalRoleSelection('update');
594 
595  $this->rule->update();
596  ilUtil::sendSuccess($this->lng->txt('settings_saved'));
597  $this->roleAssignment();
598  return true;
599  }
600 
601  private function loadRule($a_rule_id = 0)
602  {
603  include_once('./Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRule.php');
604 
605  $this->rule = new ilShibbolethRoleAssignmentRule($a_rule_id);
606  if($this->form->getInput('role_name') == 0)
607  {
608  $this->rule->setRoleId($this->form->getInput('role_id'));
609  }
610  elseif($this->form->getInput('role_search'))
611  {
612  // Search role
613  include_once './Services/Search/classes/class.ilQueryParser.php';
614 
615  $parser = new ilQueryParser($this->form->getInput('role_search'));
616 
617  // TODO: Handle minWordLength
618  $parser->setMinWordLength(1,true);
619  $parser->setCombination(QP_COMBINATION_AND);
620  $parser->parse();
621 
622  include_once 'Services/Search/classes/Like/class.ilLikeObjectSearch.php';
623  $object_search = new ilLikeObjectSearch($parser);
624  $object_search->setFilter(array('role'));
625  $res = $object_search->performSearch();
626 
627  $entries = $res->getEntries();
628  if(count($entries) == 1)
629  {
630  $role = current($entries);
631  $this->rule->setRoleId($role['obj_id']);
632  }
633  elseif(count($entries) > 1)
634  {
635  $this->rule->setRoleId(-1);
636  }
637  }
638  $this->rule->setName($this->form->getInput('attr_name'));
639  $this->rule->setValue($this->form->getInput('attr_value'));
640  $this->rule->enableAddOnUpdate($this->form->getInput('add_missing'));
641  $this->rule->enableRemoveOnUpdate($this->form->getInput('remove_deprecated'));
642  $this->rule->enablePlugin($this->form->getInput('kind') == 2);
643  $this->rule->setPluginId($this->form->getInput('plugin_id'));
644 
645  return $this->rule;
646  }
647 
648  private function getRuleValues()
649  {
650  global $rbacreview;
651 
652  include_once './Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRule.php';
653  $rule = new ilShibbolethRoleAssignmentRule((int) $_GET['rule_id']);
654  $role = $rule->getRoleId();
655 
656  if($rbacreview->isGlobalRole($role))
657  {
658  $values['role_name'] = 0;
659  $values['role_id'] = $role;
660  }
661  else
662  {
663  $values['role_name'] = 1;
664  $values['role_search'] = ilObject::_lookupTitle($role);
665  }
666 
667  $values['add_missing'] = (int) $rule->isAddOnUpdateEnabled();
668  $values['remove_deprecated'] = (int) $rule->isRemoveOnUpdateEnabled();
669 
670  $values['attr_name'] = $rule->getName();
671  $values['attr_value'] = $rule->getValue();
672 
673  if(!$rule->isPluginActive())
674  {
675  $values['kind'] = 1;
676  }
677  else
678  {
679  $values['kind'] = 2;
680  $values['plugin_id'] = $rule->getPluginId();
681  }
682 
683  $this->form->setValuesByArray($values);
684  }
685 
686  private function checkInput($a_rule_id = 0)
687  {
688  $this->loadRule($a_rule_id);
689  return $this->rule->validate();
690  }
691 
692  private function showLocalRoleSelection()
693  {
694  if($this->rule->getRoleId() > 0)
695  {
696  return false;
697  }
698 
699  $_SESSION['shib_role_ass']['rule_id'] = $_REQUEST['rule_id'] ? $_REQUEST['rule_id'] : 0;
700  $_SESSION['shib_role_ass']['search'] = $this->form->getInput('role_search');
701  $_SESSION['shib_role_ass']['add_on_update'] = $this->rule->isAddOnUpdateEnabled();
702  $_SESSION['shib_role_ass']['remove_on_update'] = $this->rule->isRemoveOnUpdateEnabled();
703  $_SESSION['shib_role_ass']['name'] = $this->rule->getName();
704  $_SESSION['shib_role_ass']['value'] = $this->rule->getValue();
705  $_SESSION['shib_role_ass']['plugin'] = $this->rule->isPluginActive();
706  $_SESSION['shib_role_ass']['plugin_id'] = $this->rule->getPluginId();
707 
708  $this->ctrl->redirect($this,'chooseRole');
709  }
710 
711  protected function chooseRole()
712  {
713  $this->tabs_gui->setSubTabActive('shib_role_assignment');
714 
715  include_once './Services/Search/classes/class.ilQueryParser.php';
716  $parser = new ilQueryParser($_SESSION['shib_role_ass']['search']);
717  $parser->setMinWordLength(1,true);
718  $parser->setCombination(QP_COMBINATION_AND);
719  $parser->parse();
720 
721  include_once 'Services/Search/classes/Like/class.ilLikeObjectSearch.php';
722  $object_search = new ilLikeObjectSearch($parser);
723  $object_search->setFilter(array('role'));
724  $res = $object_search->performSearch();
725 
726  $entries = $res->getEntries();
727 
728  include_once './Services/AccessControl/classes/class.ilRoleSelectionTableGUI.php';
729  $table = new ilRoleSelectionTableGUI($this,'chooseRole');
730  $table->setTitle($this->lng->txt('shib_role_selection'));
731  $table->addMultiCommand('saveRoleSelection',$this->lng->txt('shib_choose_role'));
732  $table->addCommandButton('roleAssignment',$this->lng->txt('cancel'));
733  $table->parse($entries);
734 
735  $this->tpl->setContent($table->getHTML());
736  return true;
737  }
738 
739  protected function saveRoleSelection()
740  {
741  $rule = new ilShibbolethRoleAssignmentRule($_SESSION['shib_role_ass']['rule_id']);
742  $rule->setRoleId((int) $_POST['role_id']);
743  $rule->setName($_SESSION['shib_role_ass']['name']);
744  $rule->setValue($_SESSION['shib_role_ass']['value']);
745  $rule->enablePlugin($_SESSION['shib_role_ass']['plugin']);
746  $rule->setPluginId($_SESSION['shib_role_ass']['plugin_id']);
747  $rule->enableAddOnUpdate($_SESSION['shib_role_ass']['add_on_update']);
748  $rule->enableRemoveOnUpdate($_SESSION['shib_role_ass']['remove_on_update']);
749 
750  if($rule->getRuleId())
751  {
752  $rule->update();
753  }
754  else
755  {
756  $rule->add();
757  }
758  ilUtil::sendSuccess($this->lng->txt('settings_saved'));
759 
760  unset($_SESSION['shib_role_ass']);
761  $this->roleAssignment();
762 
763  }
764 
769  private function hasActiveRoleAssignmentPlugins()
770  {
771  global $ilPluginAdmin;
772 
773  return count($ilPluginAdmin->getActivePluginsForSlot(IL_COMP_SERVICE,'AuthShibboleth','shibhk'));
774  }
775 
776 
777 
778  private function prepareRoleSelect($a_as_select = true)
779  {
780  global $rbacreview,$ilObjDataCache;
781 
782  $global_roles = ilUtil::_sortIds($rbacreview->getGlobalRoles(),
783  'object_data',
784  'title',
785  'obj_id');
786 
787  $select[0] = $this->lng->txt('links_select_one');
788  foreach($global_roles as $role_id)
789  {
790  $select[$role_id] = ilObject::_lookupTitle($role_id);
791  }
792  return $select;
793  }
794 
795 
796 
797  protected function setSubTabs()
798  {
799  global $ilSetting;
800 
801  include_once './Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRules.php';
802  if($ilSetting->get('shib_active') == 0 and ilShibbolethRoleAssignmentRules::getCountRules() == 0)
803  {
804  return false;
805  }
806  // DONE: show sub tabs if there is any role assignment rule
807 
808  $this->tabs_gui->addSubTabTarget('shib_settings',
809  $this->ctrl->getLinkTarget($this,'settings'));
810 
811  $this->tabs_gui->addSubTabTarget('shib_role_assignment',
812  $this->ctrl->getLinkTarget($this,'roleAssignment'));
813  return true;
814 
815  }
816 
817 }
818 ?>