ILIAS  Release_4_0_x_branch Revision 61816
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilLDAPRoleAssignmentRules.php
Go to the documentation of this file.
1 <?php
2 /*
3  +-----------------------------------------------------------------------------+
4  | ILIAS open source |
5  +-----------------------------------------------------------------------------+
6  | Copyright (c) 1998-2001 ILIAS open source, University of Cologne |
7  | |
8  | This program is free software; you can redistribute it and/or |
9  | modify it under the terms of the GNU General Public License |
10  | as published by the Free Software Foundation; either version 2 |
11  | of the License, or (at your option) any later version. |
12  | |
13  | This program is distributed in the hope that it will be useful, |
14  | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16  | GNU General Public License for more details. |
17  | |
18  | You should have received a copy of the GNU General Public License |
19  | along with this program; if not, write to the Free Software |
20  | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21  +-----------------------------------------------------------------------------+
22 */
23 
32 class ilLDAPRoleAssignmentRules
33 {
34  const ROLE_ACTION_ASSIGN = 'Assign';
35  const ROLE_ACTION_DEASSIGN = 'Detach';
36 
37  protected static $active_plugins = null;
38  protected static $default_role = null;
39 
40 
45  public static function getDefaultRole()
46  {
47  if(self::$default_role)
48  {
49  return self::$default_role;
50  }
51 
52  include_once './Services/LDAP/classes/class.ilLDAPAttributeMapping.php';
53  include_once './Services/LDAP/classes/class.ilLDAPServer.php';
54 
55  return self::$default_role =
56  ilLDAPAttributeMapping::_lookupGlobalRole(ilLDAPServer::_getFirstActiveServer());
57  }
58 
63  public static function getAllPossibleRoles()
64  {
65  global $ilDB;
66 
67  $query = "SELECT DISTINCT(role_id) FROM ldap_role_assignments ";
68  $res = $ilDB->query($query);
69  while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
70  {
71  $roles[$row->role_id] = $row->role_id;
72  }
73  $gr = self::getDefaultRole();
74  $roles[$gr] = $gr;
75  return $roles ? $roles : array();
76  }
77 
82  public static function getAttributeNames()
83  {
84  global $ilDB;
85 
86  $query = "SELECT DISTINCT(att_name) ".
87  "FROM ldap_role_assignments ";
88  $res = $ilDB->query($query);
89  while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
90  {
91  $name = strtolower(trim($row->att_name));
92  if($name)
93  {
94  $names[] = $name;
95  }
96  }
97 
98  $names = array_merge((array) $names, self::getAdditionalPluginAttributes());
99  return $names ? $names : array();
100  }
101 
102 
103 
104  public static function getAssignmentsForUpdate($a_usr_id,$a_usr_name,$a_usr_data)
105  {
106  global $ilDB,$rbacadmin,$rbacreview,$ilSetting,$ilLog;
107 
108  $query = "SELECT rule_id,add_on_update,remove_on_update FROM ldap_role_assignments ".
109  "WHERE add_on_update = 1 OR remove_on_update = 1";
110 
111  $res = $ilDB->query($query);
112  $roles = array();
113  while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
114  {
115  include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php';
116  $rule = ilLDAPRoleAssignmentRule::_getInstanceByRuleId($row->rule_id);
117 
118  $matches = $rule->matches($a_usr_data);
119  if($matches and $row->add_on_update)
120  {
121  $ilLog->write(__METHOD__.': Assigned to role: '.$a_usr_name.' => '.ilObject::_lookupTitle($rule->getRoleId()));
122  $roles[] = self::parseRole($rule->getRoleId(), self::ROLE_ACTION_ASSIGN);
123 
124  }
125  if(!$matches and $row->remove_on_update)
126  {
127  $ilLog->write(__METHOD__.': Deassigned from role: '.$a_usr_name.' => '.ilObject::_lookupTitle($rule->getRoleId()));
128  $roles[] = self::parseRole($rule->getRoleId(), self::ROLE_ACTION_DEASSIGN);
129  }
130  }
131 
132  // Check if there is minimum on global role
133  $deassigned_global = 0;
134  foreach($roles as $role_data)
135  {
136  if($role_data['type'] == 'Global' and
137  $role_data['action'] == self::ROLE_ACTION_DEASSIGN)
138  {
139  $deassigned_global++;
140  }
141  }
142  if(count($rbacreview->assignedGlobalRoles($a_usr_id)) == $deassigned_global)
143  {
144  $ilLog->write(__METHOD__.': No global role left. Assigning to default role.');
145  $roles[] = self::parseRole(
146  self::getDefaultRole(),
147  self::ROLE_ACTION_ASSIGN
148  );
149  }
150 
151  return $roles ? $roles : array();
152 
153  }
154 
155 
165  public static function getAssignmentsForCreation($a_usr_name,$a_usr_data)
166  {
167  global $ilDB,$ilLog;
168 
169  $query = "SELECT rule_id FROM ldap_role_assignments ";
170  $res = $ilDB->query($query);
171 
172  $num_matches = 0;
173  $roles = array();
174  while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
175  {
176  include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php';
177  $rule = ilLDAPRoleAssignmentRule::_getInstanceByRuleId($row->rule_id);
178 
179  if($rule->matches($a_usr_data))
180  {
181  $num_matches++;
182  $ilLog->write(__METHOD__.': Assigned to role: '.$a_usr_name.' => '.ilObject::_lookupTitle($rule->getRoleId()));
183  $roles[] = self::parseRole($rule->getRoleId(),self::ROLE_ACTION_ASSIGN);
184  }
185  }
186 
187  // DONE: check for global role
188  $found_global = false;
189  foreach($roles as $role_data)
190  {
191  if($role_data['type'] == 'Global')
192  {
193  $found_global = true;
194  break;
195  }
196  }
197  if(!$found_global)
198  {
199  $ilLog->write(__METHOD__.': No matching rule found. Assigning to default role.');
200  $roles[] = self::parseRole(
201  self::getDefaultRole(),
202  self::ROLE_ACTION_ASSIGN
203  );
204  }
205 
206  return $roles ? $roles : array();
207  }
208 
216  public static function callPlugin($a_plugin_id,$a_user_data)
217  {
218  global $ilPluginAdmin;
219 
220  if(self::$active_plugins == null)
221  {
222  self::$active_plugins = $ilPluginAdmin->getActivePluginsForSlot(IL_COMP_SERVICE,
223  'LDAP',
224  'ldaphk');
225  }
226 
227  $assigned = false;
228  foreach(self::$active_plugins as $plugin_name)
229  {
230  $ok = false;
231  $plugin_obj = $ilPluginAdmin->getPluginObject(IL_COMP_SERVICE,
232  'LDAP',
233  'ldaphk',
234  $plugin_name);
235 
236  if($plugin_obj instanceof ilLDAPRoleAssignmentPlugin)
237  {
238  $ok = $plugin_obj->checkRoleAssignment($a_plugin_id,$a_user_data);
239  }
240 
241  if($ok)
242  {
243  $assigned = true;
244  }
245  }
246  return $assigned;
247  }
248 
253  protected static function getAdditionalPluginAttributes()
254  {
255  global $ilPluginAdmin;
256 
257  if(self::$active_plugins == null)
258  {
259  self::$active_plugins = $ilPluginAdmin->getActivePluginsForSlot(IL_COMP_SERVICE,
260  'LDAP',
261  'ldaphk');
262  }
263 
264  $attributes = array();
265  foreach(self::$active_plugins as $plugin_name)
266  {
267  $ok = false;
268  $plugin_obj = $ilPluginAdmin->getPluginObject(IL_COMP_SERVICE,
269  'LDAP',
270  'ldaphk',
271  $plugin_name);
272 
273  if($plugin_obj instanceof ilLDAPRoleAssignmentPlugin)
274  {
275  $attributes = array_merge($attributes,$plugin_obj->getAdditionalAttributeNames());
276  }
277  }
278  return $attributes ? $attributes : array();
279  }
280 
281 
288  protected static function parseRole($a_role_id,$a_action)
289  {
290  global $rbacreview;
291 
292  return array(
293  'id' => $a_role_id,
294  'type' => $rbacreview->isGlobalRole($a_role_id) ? 'Global' : 'Local',
295  'action' => $a_action
296  );
297  }
298 
299 }