ILIAS  Release_4_0_x_branch Revision 61816
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilLDAPRoleAssignmentRule.php
Go to the documentation of this file.
1 <?php
2 /*
3  +-----------------------------------------------------------------------------+
4  | ILIAS open source |
5  +-----------------------------------------------------------------------------+
6  | Copyright (c) 1998-2006 ILIAS open source, University of Cologne |
7  | |
8  | This program is free software; you can redistribute it and/or |
9  | modify it under the terms of the GNU General Public License |
10  | as published by the Free Software Foundation; either version 2 |
11  | of the License, or (at your option) any later version. |
12  | |
13  | This program is distributed in the hope that it will be useful, |
14  | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16  | GNU General Public License for more details. |
17  | |
18  | You should have received a copy of the GNU General Public License |
19  | along with this program; if not, write to the Free Software |
20  | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21  +-----------------------------------------------------------------------------+
22 */
23 
32 class ilLDAPRoleAssignmentRule
33 {
34  private static $instances = null;
35 
36  const TYPE_GROUP = 1;
37  const TYPE_ATTRIBUTE = 2;
38  const TYPE_PLUGIN = 3;
39 
40  private $server_id = 0;
41  private $plugin_active = false;
42  private $add_on_update = false;
43  private $remove_on_update = false;
44  private $plugin_id = 0;
45 
46 
54  private function __construct($a_id = 0)
55  {
56  global $ilDB;
57 
58  $this->db = $ilDB;
59 
60  $this->rule_id = $a_id;
61  $this->read();
62  }
63 
72  public static function _getInstanceByRuleId($a_rule_id)
73  {
74  if(isset(self::$instances[$a_rule_id]))
75  {
76  return self::$instances[$a_rule_id];
77  }
78  return self::$instances[$a_rule_id] = new ilLDAPRoleAssignmentRule($a_rule_id);
79  }
80 
85  public static function hasRulesForUpdate()
86  {
87  global $ilDB;
88 
89  $query = 'SELECT COUNT(*) num FROM ldap_role_assignments '.
90  'WHERE add_on_update = 1 '.
91  'OR remove_on_update = 1 ';
92  $res = $ilDB->query($query);
93  $row = $res->fetchRow(DB_FETCHMODE_OBJECT);
94  return $row->num > 0;
95  }
96 
102  public function matches($a_user_data)
103  {
104  global $ilLog;
105 
106  switch($this->getType())
107  {
108  case self::TYPE_PLUGIN:
109  include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRules.php';
110  return ilLDAPRoleAssignmentRules::callPlugin($this->getPluginId(), $a_user_data);
111 
112  case self::TYPE_ATTRIBUTE:
113 
114  $attn = strtolower($this->getAttributeName());
115 
116  if(!isset($a_user_data[$attn]))
117  {
118  return false;
119  }
120 
121  if(!is_array($a_user_data[$attn]))
122  {
123  $attribute_val = array(0 => $a_user_data[$attn]);
124  }
125  else
126  {
127  $attribute_val = $a_user_data[$attn];
128  }
129 
130  foreach($attribute_val as $value)
131  {
132  if(trim($value) == trim($this->getAttributeValue()))
133  {
134  $ilLog->write(__METHOD__.': Found role mapping: '.ilObject::_lookupTitle($this->getRoleId()));
135  return true;
136  }
137  }
138  return false;
139 
140  case self::TYPE_GROUP:
141  return $this->isGroupMember($a_user_data);
142 
143  }
144  }
145 
154  private function isGroupMember($a_user_data)
155  {
156  global $ilLog;
157 
158 
159  if($this->isMemberAttributeDN())
160  {
161  $user_cmp = $a_user_data['dn'];
162  }
163  else
164  {
165  $user_cmp = $a_user_data['ilExternalAccount'];
166  }
167 
168  include_once('Services/LDAP/classes/class.ilLDAPQuery.php');
169  include_once('Services/LDAP/classes/class.ilLDAPServer.php');
170 
171  $server = ilLDAPServer::getInstanceByServerId(ilLDAPServer::_getFirstActiveServer());
172 
173  try
174  {
175  $query = new ilLDAPQuery($server);
176  $query->bind();
177  $res = $query->query($this->getDN(),
178  sprintf('(%s=%s)',
179  $this->getMemberAttribute(),
180  $user_cmp),
181  IL_LDAP_SCOPE_BASE,
182  array('dn'));
183  return $res->numRows() ? true : false;
184  }
185  catch(ilLDAPQueryException $e)
186  {
187  $ilLog->write(__METHOD__.': Caught Exception: '.$e->getMessage());
188  return false;
189  }
190  }
191 
192 
193 
200  public function _getRules()
201  {
202  global $ilDB;
203 
204  $query = "SELECT rule_id FROM ldap_role_assignments ";
205  $res = $ilDB->query($query);
206  while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
207  {
208  $rules[] = self::_getInstanceByRuleId($row->rule_id);
209  }
210  return $rules ? $rules : array();
211  }
212 
220  public function setRoleId($a_role_id)
221  {
222  $this->role_id = $a_role_id;
223  }
224 
231  public function getRoleId()
232  {
233  return $this->role_id;
234  }
235 
242  public function getRuleId()
243  {
244  return $this->rule_id;
245  }
246 
254  public function setServerId($a_id)
255  {
256  $this->server_id = $a_id;
257  }
258 
265  public function getServerId()
266  {
267  return $this->server_id;
268  }
269 
277  public function setType($a_type)
278  {
279  $this->type = $a_type;
280  }
281 
289  public function getType()
290  {
291  return $this->type;
292  }
293 
301  public function setDN($a_dn)
302  {
303  $this->dn = $a_dn;
304  }
305 
312  public function getDN()
313  {
314  return $this->dn;
315  }
316 
324  public function setMemberAttribute($a_attribute)
325  {
326  $this->member_attribute = $a_attribute;
327  }
328 
335  public function getMemberAttribute()
336  {
337  return $this->member_attribute;
338  }
339 
347  public function setMemberIsDN($a_status)
348  {
349  $this->member_is_dn = $a_status;
350  }
351 
358  public function isMemberAttributeDN()
359  {
360  return (bool) $this->member_is_dn;
361  }
362 
370  public function setAttributeName($a_name)
371  {
372  $this->attribute_name = $a_name;
373  }
374 
381  public function getAttributeName()
382  {
383  return $this->attribute_name;
384  }
385 
393  public function setAttributeValue($a_value)
394  {
395  $this->attribute_value = $a_value;
396  }
397 
404  public function getAttributeValue()
405  {
406  return $this->attribute_value;
407  }
408 
409  public function enableAddOnUpdate($a_status)
410  {
411  $this->add_on_update = $a_status;
412  }
413 
414  public function isAddOnUpdateEnabled()
415  {
416  return (bool) $this->add_on_update;
417  }
418 
419  public function enableRemoveOnUpdate($a_status)
420  {
421  $this->remove_on_update = $a_status;
422  }
423 
424  public function isRemoveOnUpdateEnabled()
425  {
426  return (bool) $this->remove_on_update;
427  }
428 
429  public function setPluginId($a_id)
430  {
431  $this->plugin_id = $a_id;
432  }
433 
434  public function getPluginId()
435  {
436  return $this->plugin_id;
437  }
438 
439  public function isPluginActive()
440  {
441  return (bool) $this->getType() == self::TYPE_PLUGIN;
442  }
443 
444 
451  public function conditionToString()
452  {
453  global $lng;
454 
455  switch($this->getType())
456  {
457  case self::TYPE_PLUGIN:
458  return $lng->txt('ldap_plugin_id').': '.$this->getPluginId();
459 
460  case self::TYPE_GROUP:
461  $dn_arr = explode(',',$this->getDN());
462  return $dn_arr[0];
463 
464 
465  case self::TYPE_ATTRIBUTE:
466  return $this->getAttributeName().'='.$this->getAttributeValue();
467  }
468  }
469 
470 
478  public function create()
479  {
480  global $ilDB;
481 
482  $next_id = $ilDB->nextId('ldap_role_assignments');
483 
484  $query = "INSERT INTO ldap_role_assignments (server_id,rule_id,type,dn,attribute,isdn,att_name,att_value,role_id, ".
485  "add_on_update, remove_on_update, plugin_id ) ".
486  "VALUES( ".
487  $this->db->quote($this->getServerId(),'integer').", ".
488  $this->db->quote($next_id,'integer').", ".
489  $this->db->quote($this->getType(),'integer').", ".
490  $this->db->quote($this->getDN(),'text').", ".
491  $this->db->quote($this->getMemberAttribute(),'text').", ".
492  $this->db->quote($this->isMemberAttributeDN(),'integer').", ".
493  $this->db->quote($this->getAttributeName(),'text').", ".
494  $this->db->quote($this->getAttributeValue(),'text').", ".
495  $this->db->quote($this->getRoleId(),'integer').", ".
496  $this->db->quote($this->isAddOnUpdateEnabled(), 'integer').', '.
497  $this->db->quote($this->isRemoveOnUpdateEnabled(), 'integer').', '.
498  $this->db->quote($this->getPluginId(),'integer').' '.
499  ")";
500  $res = $ilDB->manipulate($query);
501  $this->rule_id = $next_id;
502 
503  return true;
504  }
505 
512  public function update()
513  {
514  global $ilDB;
515 
516  $query = "UPDATE ldap_role_assignments ".
517  "SET server_id = ".$this->db->quote($this->getServerId(),'integer').", ".
518  "type = ".$this->db->quote($this->getType(),'integer').", ".
519  "dn = ".$this->db->quote($this->getDN(),'text').", ".
520  "attribute = ".$this->db->quote($this->getMemberAttribute(),'text').", ".
521  "isdn = ".$this->db->quote($this->isMemberAttributeDN(),'integer').", ".
522  "att_name = ".$this->db->quote($this->getAttributeName(),'text').", ".
523  "att_value = ".$this->db->quote($this->getAttributeValue(),'text').", ".
524  "role_id = ".$this->db->quote($this->getRoleId(),'integer').", ".
525  "add_on_update = ".$this->db->quote($this->isAddOnUpdateEnabled(),'integer').', '.
526  'remove_on_update = '.$this->db->quote($this->isRemoveOnUpdateEnabled(),'integer').', '.
527  'plugin_id = '.$this->db->quote($this->getPluginId(),'integer').' '.
528  "WHERE rule_id = ".$this->db->quote($this->getRuleId(),'integer')." ";
529  $res = $ilDB->manipulate($query);
530  return true;
531  }
532 
539  public function validate()
540  {
541  global $ilErr;
542 
543  $ilErr->setMessage('');
544 
545  if(!$this->getRoleId())
546  {
547  $ilErr->setMessage('fill_out_all_required_fields');
548  return false;
549  }
550  switch($this->getType())
551  {
552  case self::TYPE_GROUP:
553  if(!strlen($this->getDN()) or !strlen($this->getMemberAttribute()))
554  {
555  $ilErr->setMessage('fill_out_all_required_fields');
556  return false;
557  }
558  break;
559  case self::TYPE_ATTRIBUTE:
560  if(!strlen($this->getAttributeName()) or !strlen($this->getAttributeValue()))
561  {
562  $ilErr->setMessage('fill_out_all_required_fields');
563  return false;
564  }
565  break;
566 
567  case self::TYPE_PLUGIN:
568  if(!$this->getPluginId())
569  {
570  $ilErr->setMessage('ldap_err_missing_plugin_id');
571  return false;
572  }
573  break;
574 
575  default:
576  $ilErr->setMessage('ldap_no_type_given');
577  return false;
578  }
579  return true;
580  }
581 
588  public function delete()
589  {
590  global $ilDB;
591 
592  $query = "DELETE FROM ldap_role_assignments ".
593  "WHERE rule_id = ".$this->db->quote($this->getRuleId(),'integer')." ";
594  $res = $ilDB->manipulate($query);
595  return true;
596 
597  }
604  private function read()
605  {
606  global $ilDB;
607 
608  $query = "SELECT * FROM ldap_role_assignments ".
609  "WHERE rule_id = ".$this->db->quote($this->getRuleId(),'integer')." ";
610 
611  $res = $this->db->query($query);
612  while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
613  {
614  $this->setServerId($row->server_id);
615  $this->setType($row->type);
616  $this->setDN($row->dn);
617  $this->setMemberAttribute($row->attribute);
618  $this->setMemberIsDN($row->isdn);
619  $this->setAttributeName($row->att_name);
620  $this->setAttributeValue($row->att_value);
621  $this->setRoleId($row->role_id);
622  $this->enableAddOnUpdate($row->add_on_update);
623  $this->enableRemoveOnUpdate($row->remove_on_update);
624  $this->setPluginId($row->plugin_id);
625  }
626  }
627 }
628 ?>