ILIAS  Release_4_1_x_branch Revision 61804
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilAuthShibbolethSettingsGUI.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
3 
13 class ilAuthShibbolethSettingsGUI
14 {
15 
16  private $ctrl;
17  private $ilias;
18  private $tabs_gui;
19  private $lng;
20  private $tpl;
21  private $ref_id;
22 
23 
29  public function __construct($a_auth_ref_id)
30  {
31  global $lng,$ilCtrl,$tpl,$ilTabs,$ilias;
32 
33  $this->ctrl = $ilCtrl;
34  $this->tabs_gui = $ilTabs;
35  $this->lng = $lng;
36  $this->lng->loadLanguageModule('shib');
37  $this->ilias = $ilias;
38 
39  $this->tpl = $tpl;
40 
41  $this->ref_id = $a_auth_ref_id;
42  $this->obj_id = ilObject::_lookupObjId($this->ref_id);
43  }
44 
49  public function executeCommand()
50  {
51  global $ilAccess,$ilErr, $ilCtrl;
52 
53  $next_class = $this->ctrl->getNextClass($this);
54  $cmd = $this->ctrl->getCmd();
55 
56  if(!$ilAccess->checkAccess('read','',$this->ref_id))
57  {
58  $ilErr->raiseError($this->lng->txt('msg_no_perm_read'),$ilErr->WARNING);
59  }
60 
61  if(!$ilAccess->checkAccess('write','',$this->ref_id) && $cmd != "settings")
62  {
63  ilUtil::sendFailure($this->lng->txt('msg_no_perm_write'), true);
64  $ilCtrl->redirect($this, "settings");
65  }
66 
67  $this->setSubTabs();
68 
69  switch($next_class)
70  {
71  default:
72  if(!$cmd)
73  {
74  $cmd = "settings";
75  }
76  $this->$cmd();
77  break;
78  }
79  return true;
80 
81  }
82 
83  public function settings()
84  {
85  global $rbacsystem, $rbacreview;
86 
87  $this->tabs_gui->setSubTabActive('shib_settings');
88 
89  // set already saved data or default value for port
90  $settings = $this->ilias->getAllSettings();
91 
92  // Compose role list
93  $role_list = $rbacreview->getRolesByFilter(2);
94  $selectElement = '<select name="shib[user_default_role]">';
95 
96  if (!isset($settings["shib_user_default_role"]))
97  {
98  $settings["shib_user_default_role"] = 4;
99  }
100 
101  foreach ($role_list as $role)
102  {
103  $selectElement .= '<option value="'.$role['obj_id'].'"';
104  if ($settings["shib_user_default_role"] == $role['obj_id'])
105  $selectElement .= 'selected="selected"';
106 
107  $selectElement .= '>'.$role['title'].'</option>';
108  }
109  $selectElement .= '</select>';
110 
111 
112  // Set text field content
113  $shib_settings = array(
114  'shib_login',
115  'shib_title',
116  'shib_firstname',
117  'shib_lastname',
118  'shib_email',
119  'shib_gender',
120  'shib_institution',
121  'shib_department',
122  'shib_zipcode',
123  'shib_city',
124  'shib_country',
125  'shib_street',
126  'shib_phone_office',
127  'shib_phone_home',
128  'shib_phone_mobile',
129  'shib_language'
130  );
131 
132 
133  $this->tpl->addBlockFile('ADM_CONTENT','adm_content','tpl.auth_shib.html');
134 
135  foreach ($shib_settings as $setting)
136  {
137  $field = ereg_replace('shib_','',$setting);
138  $this->tpl->setVariable(strtoupper($setting), $settings[$setting]);
139  $this->tpl->setVariable('SHIB_UPDATE_'.strtoupper($field), $settings["shib_update_".$field]);
140 
141  if ($settings["shib_update_".$field]) {
142  $this->tpl->setVariable('CHK_SHIB_UPDATE_'.strtoupper($field), 'checked="checked"');
143  }
144  }
145 
146  // Set some default values
147 
148  if (!isset($settings["shib_login_button"]) || $settings["shib_login_button"] == ''){
149  $this->tpl->setVariable("SHIB_LOGIN_BUTTON", "templates/default/images/shib_login_button.png");
150  }
151 
152  if (isset($settings["shib_active"]) && $settings["shib_active"])
153  {
154  $this->tpl->setVariable("chk_shib_active", 'checked="checked"');
155  }
156  if ($settings['shib_auth_allow_local'] == '1')
157  {
158  $this->tpl->setVariable('CHK_SHIB_AUTH_ALLOW_LOCAL', 'checked="checked"');
159  }
160 
161  if (
162  !isset($settings["shib_hos_type"])
163  || $settings["shib_hos_type"] == ''
164  || $settings["shib_hos_type"] == 'internal_wayf'
165  )
166  {
167  $this->tpl->setVariable("CHK_SHIB_LOGIN_INTERNAL_WAYF", 'checked="checked"');
168  $this->tpl->setVariable("CHK_SHIB_LOGIN_EXTERNAL_WAYF", '');
169  $this->tpl->setVariable("CHK_SHIB_LOGIN_EMBEDDED_WAYF", '');
170  } elseif($settings["shib_hos_type"] == 'embedded_wayf'){
171  $this->tpl->setVariable("CHK_SHIB_LOGIN_INTERNAL_WAYF", '');
172  $this->tpl->setVariable("CHK_SHIB_LOGIN_EXTERNAL_WAYF", '');
173  $this->tpl->setVariable("CHK_SHIB_LOGIN_EMBEDDED_WAYF", 'checked="checked"');
174  } else {
175  $this->tpl->setVariable("CHK_SHIB_LOGIN_INTERNAL_WAYF", '');
176  $this->tpl->setVariable("CHK_SHIB_LOGIN_EXTERNAL_WAYF", 'checked="checked"');
177  $this->tpl->setVariable("CHK_SHIB_LOGIN_EMBEDDED_WAYF", '');
178  }
179 
180  if (!isset($settings["shib_idp_list"]) || $settings["shib_idp_list"] == '')
181  {
182  $this->tpl->setVariable("SHIB_IDP_LIST", "urn:mace:organization1:providerID, Example Organization 1\nurn:mace:organization2:providerID, Example Organization 2, /Shibboleth.sso/WAYF/SWITCHaai");
183  } else {
184  $this->tpl->setVariable("SHIB_IDP_LIST", stripslashes($settings["shib_idp_list"]));
185  }
186 
187  $this->tpl->setVariable("SHIB_USER_DEFAULT_ROLE", $selectElement);
188  $this->tpl->setVariable("SHIB_LOGIN_BUTTON", $settings["shib_login_button"]);
189  $this->tpl->setVariable("SHIB_LOGIN_INSTRUCTIONS", stripslashes($settings["shib_login_instructions"]));
190  $this->tpl->setVariable("SHIB_FEDERATION_NAME", stripslashes($settings["shib_federation_name"]));
191  $this->tpl->setVariable("SHIB_DATA_CONV", $settings["shib_data_conv"]);
192 
193  $this->tpl->setVariable("FORMACTION", $this->ctrl->getFormAction($this));
194  $this->tpl->setVariable("COLSPAN", 3);
195  $this->tpl->setVariable("TXT_SHIB_INSTRUCTIONS",
196  $this->lng->txt("auth_shib_instructions"));
197  $this->tpl->setVariable("LINK_SHIB_INSTRUCTIONS",
198  "./Services/AuthShibboleth/README.SHIBBOLETH.txt");
199  $this->tpl->setVariable("TXT_SHIB", $this->lng->txt("shib"));
200  $this->tpl->setVariable("TXT_OPTIONS", $this->lng->txt("options"));
201  $this->tpl->setVariable("TXT_SHIB_UPDATE", $this->lng->txt("shib_update"));
202  $this->tpl->setVariable("TXT_SHIB_ACTIVE", $this->lng->txt("shib_active"));
203  $this->tpl->setVariable("TXT_SHIB_USER_DEFAULT_ROLE", $this->lng->txt("shib_user_default_role"));
204  $this->tpl->setVariable("TXT_SHIB_LOGIN_BUTTON", $this->lng->txt("shib_login_button"));
205  $this->tpl->setVariable("TXT_SHIB_LOGIN_TYPE", $this->lng->txt("shib_login_type"));
206  $this->tpl->setVariable("TXT_SHIB_LOGIN_INTERNAL_WAYF", $this->lng->txt("shib_login_internal_wayf"));
207  $this->tpl->setVariable("TXT_SHIB_LOGIN_EXTERNAL_WAYF", $this->lng->txt("shib_login_external_wayf"));
208  $this->tpl->setVariable("TXT_SHIB_IDP_LIST", $this->lng->txt("shib_idp_list"));
209  $this->tpl->setVariable("TXT_SHIB_FEDERATION_NAME", $this->lng->txt("shib_federation_name"));
210  $this->tpl->setVariable("TXT_SHIB_LOGIN_EMBEDDED_WAYF", $this->lng->txt("shib_login_embedded_wayf"));
211  $this->tpl->setVariable("TXT_SHIB_LOGIN_EMBEDDED_WAYF_DESCRIPTION", $this->lng->txt("shib_login_embedded_wayf_description"));
212  $this->tpl->setVariable("TXT_SHIB_LOGIN_INSTRUCTIONS", $this->lng->txt("auth_login_instructions"));
213  $this->tpl->setVariable("TXT_SHIB_DATA_CONV", $this->lng->txt("shib_data_conv"));
214  $this->tpl->setVariable("TXT_SHIB_AUTH_ALLOW_LOCAL", $this->lng->txt("auth_allow_local"));
215  foreach ($shib_settings as $setting)
216  {
217  $this->tpl->setVariable("TXT_".strtoupper($setting), $this->lng->txt($setting));
218  }
219 
220  $this->tpl->setVariable("TXT_REQUIRED_FLD", $this->lng->txt("required_field"));
221  $this->tpl->setVariable("TXT_CANCEL", $this->lng->txt("cancel"));
222  $this->tpl->setVariable("TXT_SUBMIT", $this->lng->txt("save"));
223  $this->tpl->setVariable("CMD_SUBMIT", "save");
224  }
225 
226  public function save()
227  {
228  global $ilUser;
229 
230  // validate required data
231  if (
232  !$_POST["shib"]["login"]
233  or !$_POST["shib"]["hos_type"]
234  or !$_POST["shib"]["firstname"]
235  or !$_POST["shib"]["lastname"]
236  or !$_POST["shib"]["email"]
237  or !$_POST["shib"]["user_default_role"]
238  or !$_POST["shib"]["federation_name"]
239  )
240  {
241  $this->ilias->raiseError($this->lng->txt("fill_out_all_required_fields"),$this->ilias->error_obj->MESSAGE);
242  }
243 
244  // validate api
245  if (
246  $_POST["shib"]["data_conv"]
247  and $_POST["shib"]["data_conv"] != ''
248  and !is_readable($_POST["shib"]["data_conv"]) )
249  {
250  $this->ilias->raiseError($this->lng->txt("shib_data_conv_warning"),$this->ilias->error_obj->MESSAGE);
251  }
252 
253  // all ok. save settings
254  $shib_settings = array(
255  'shib_login',
256  'shib_title',
257  'shib_firstname',
258  'shib_lastname',
259  'shib_email',
260  'shib_gender',
261  'shib_institution',
262  'shib_department',
263  'shib_zipcode',
264  'shib_city',
265  'shib_country',
266  'shib_street',
267  'shib_phone_office',
268  'shib_phone_home',
269  'shib_phone_mobile',
270  'shib_language'
271  );
272 
273  foreach ($shib_settings as $setting)
274  {
275  $field = ereg_replace('shib_','',$setting);
276  if ($_POST["shib"]["update_".$field] != "1")
277  $_POST["shib"]["update_".$field] = "0";
278  $this->ilias->setSetting($setting, trim($_POST["shib"][$field]));
279  $this->ilias->setSetting("shib_update_".$field, $_POST["shib"]["update_".$field]);
280  }
281 
282  if ($_POST["shib"]["active"] != "1")
283  {
284  $this->ilias->setSetting("shib_active", "0");
285  }
286  else
287  {
288  $this->ilias->setSetting("shib_active", "1");
289  }
290 
291  $this->ilias->setSetting("shib_user_default_role", $_POST["shib"]["user_default_role"]);
292  $this->ilias->setSetting("shib_hos_type", $_POST["shib"]["hos_type"]);
293  $this->ilias->setSetting("shib_federation_name", $_POST["shib"]["federation_name"]);
294  $this->ilias->setSetting("shib_idp_list", $_POST["shib"]["idp_list"]);
295  $this->ilias->setSetting("shib_login_instructions", $_POST["shib"]["login_instructions"]);
296  $this->ilias->setSetting("shib_login_button", $_POST["shib"]["login_button"]);
297  $this->ilias->setSetting("shib_data_conv", $_POST["shib"]["data_conv"]);
298  $this->ilias->setSetting("shib_auth_allow_local", ($_POST['shib']['auth_allow_local']=='1') ? '1' : '0');
299 
300  ilUtil::sendSuccess($this->lng->txt("shib_settings_saved"),true);
301 
302  $this->ctrl->redirect($this,'settings');
303  }
304 
305  protected function roleAssignment()
306  {
307  $this->tabs_gui->setSubTabActive('shib_role_assignment');
308 
309  $this->initFormRoleAssignment('default');
310 
311  $this->tpl->addBlockFile('ADM_CONTENT','adm_content','tpl.shib_role_assignment.html','Services/AuthShibboleth');
312  $this->tpl->setVariable('NEW_RULE_TABLE',$this->form->getHTML());
313 
314  if(strlen($html = $this->parseRulesTable()))
315  {
316  $this->tpl->setVariable('RULE_TABLE',$html);
317  }
318 
319  return true;
320  }
321 
322  protected function parseRulesTable()
323  {
324  include_once('./Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRules.php');
325  if(ilShibbolethRoleAssignmentRules::getCountRules() == 0)
326  {
327  return '';
328  }
329  include_once('./Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentTableGUI.php');
330  $rules_table = new ilShibbolethRoleAssignmentTableGUI($this,'roleAssignment');
331  $rules_table->setTitle($this->lng->txt('shib_rules_tables'));
332  $rules_table->parse(ilShibbolethRoleAssignmentRules::getAllRules());
333  $rules_table->addMultiCommand("confirmDeleteRules", $this->lng->txt("delete"));
334  $rules_table->setSelectAllCheckbox("rule_id");
335 
336  return $rules_table->getHTML();
337  }
338 
346  protected function confirmDeleteRules()
347  {
348  if(!is_array($_POST['rule_ids']))
349  {
350  ilUtil::sendFailure($this->lng->txt('select_one'));
351  $this->roleAssignment();
352  return false;
353  }
354  $this->tabs_gui->setSubTabActive('shib_role_assignment');
355 
356  include_once("Services/Utilities/classes/class.ilConfirmationGUI.php");
357  $c_gui = new ilConfirmationGUI();
358 
359  // set confirm/cancel commands
360  $c_gui->setFormAction($this->ctrl->getFormAction($this, "deleteRules"));
361  $c_gui->setHeaderText($this->lng->txt("shib_confirm_del_role_ass"));
362  $c_gui->setCancel($this->lng->txt("cancel"), "roleAssignment");
363  $c_gui->setConfirm($this->lng->txt("confirm"), "deleteRules");
364 
365  // add items to delete
366  include_once('Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRule.php');
367  foreach($_POST["rule_ids"] as $rule_id)
368  {
369  $rule = new ilShibbolethRoleAssignmentRule($rule_id);
370 
371  $info = ilObject::_lookupTitle($rule->getRoleId());
372  $info .= " (";
373  $info .= $rule->conditionToString();
374  $info .= ')';
375  $c_gui->addItem('rule_ids[]',$rule_id,$info);
376  }
377  $this->tpl->setContent($c_gui->getHTML());
378  }
379 
386  protected function deleteRules()
387  {
388  if(!is_array($_POST['rule_ids']))
389  {
390  ilUtil::sendFailure($this->lng->txt('select_once'));
391  $this->roleAssignment();
392  return false;
393  }
394  include_once('Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRule.php');
395  foreach($_POST["rule_ids"] as $rule_id)
396  {
397  $rule = new ilShibbolethRoleAssignmentRule($rule_id);
398  $rule->delete();
399  }
400  ilUtil::sendSuccess($this->lng->txt('shib_deleted_rule'));
401  $this->roleAssignment();
402  return true;
403  }
404 
405 
406 
407  protected function initFormRoleAssignment($a_mode = 'default')
408  {
409  include_once('./Services/Form/classes/class.ilPropertyFormGUI.php');
410  $this->form = new ilPropertyFormGUI();
411  $this->form->setFormAction($this->ctrl->getFormAction($this,'cancel'));
412  $this->form->setTitle($this->lng->txt('shib_role_ass_table'));
413 
414  if($a_mode == 'default')
415  {
416  $this->form->setTitle($this->lng->txt('shib_role_ass_table'));
417  $this->form->addCommandButton('addRoleAssignmentRule',$this->lng->txt('shib_new_rule'));
418  $this->form->addCommandButton('settings',$this->lng->txt('cancel'));
419  }
420  else
421  {
422  $this->form->setTitle($this->lng->txt('shib_update_role_ass_table'));
423  $this->form->addCommandButton('updateRoleAssignmentRule',$this->lng->txt('save'));
424  $this->form->addCommandButton('roleAssignment',$this->lng->txt('cancel'));
425 
426  }
427  // Role selection
428  $role = new ilRadioGroupInputGUI($this->lng->txt('shib_role_name'),'role_name');
429  $role->setRequired(true);
430 
431  $global = new ilRadioOption($this->lng->txt('shib_global_role'),0);
432  $role->addOption($global);
433 
434  $role_select = new ilSelectInputGUI('','role_id');
435  $role_select->setOptions($this->prepareRoleSelect());
436  $global->addSubItem($role_select);
437 
438  $local = new ilRadioOption($this->lng->txt('shib_local_role'),1);
439  $role->addOption($local);
440 
441  include_once './Services/Form/classes/class.ilRoleAutoCompleteInputGUI.php';
442  $role_search = new ilRoleAutoCompleteInputGUI('','role_search',$this,'addRoleAutoCompleteObject');
443  $role_search->setSize(40);
444  $local->addSubItem($role_search);
445 
446  include_once './Services/AccessControl/classes/class.ilRoleAutoComplete.php';
447 
448  $role->setInfo($this->lng->txt('shib_role_name_info'));
449  $this->form->addItem($role);
450 
451  // Update options
452  $update = new ilNonEditableValueGUI($this->lng->txt('shib_update_roles'),'update_roles');
453  $update->setValue($this->lng->txt('shib_check_role_assignment'));
454 
455  $add = new ilCheckboxInputGUI('','add_missing');
456  $add->setOptionTitle($this->lng->txt('shib_add_missing'));
457  $add->setValue(1);
458  $update->addSubItem($add);
459 
460  $remove = new ilCheckboxInputGUI('','remove_deprecated');
461  $remove->setOptionTitle($this->lng->txt('shib_remove_deprecated'));
462  $remove->setValue(1);
463  $update->addSubItem($remove);
464 
465  $this->form->addItem($update);
466 
467  // Assignment type
468  $kind = new ilRadioGroupInputGUI($this->lng->txt('shib_assignment_type'),'kind');
469  $kind->setValue(1);
470  $kind->setRequired(true);
471 
472  $attr = new ilRadioOption($this->lng->txt('shib_attribute'),1);
473  $attr->setInfo($this->lng->txt('shib_attr_info'));
474 
475  $name = new ilTextInputGUI($this->lng->txt('shib_attribute_name'),'attr_name');
476  $name->setSize(32);
477  $attr->addSubItem($name);
478 
479  $value = new ilTextInputGUI($this->lng->txt('shib_attribute_value'),'attr_value');
480  $value->setSize(32);
481  $attr->addSubItem($value);
482  $kind->addOption($attr);
483 
484  $pl_active = (bool) $this->hasActiveRoleAssignmentPlugins();
485 
486  $pl = new ilRadioOption($this->lng->txt('shib_plugin'),2);
487  $pl->setInfo($this->lng->txt('shib_plugin_info'));
488  $pl->setDisabled(!$pl_active);
489 
490  $id = new ilNumberInputGUI($this->lng->txt('shib_plugin_id'),'plugin_id');
491  $id->setDisabled(!$pl_active);
492  $id->setSize(3);
493  $id->setMaxLength(3);
494  $id->setMaxValue(999);
495  $id->setMinValue(1);
496  $pl->addSubItem($id);
497 
498  $kind->addOption($pl);
499 
500  $this->form->addItem($kind);
501  }
502 
506  function addRoleAutoCompleteObject()
507  {
508  include_once("./Services/Form/classes/class.ilRoleAutoCompleteInputGUI.php");
509  ilRoleAutoCompleteInputGUI::echoAutoCompleteList();
510  }
511 
512 
513  protected function addRoleAssignmentRule()
514  {
515  global $ilAccess,$ilErr;
516 
517  if(!$ilAccess->checkAccess('write','',$this->ref_id))
518  {
519  ilUtil::sendFailure($this->lng->txt('permission_denied'), true);
520  $this->roleAssignment();
521  return false;
522  }
523 
524  $this->initFormRoleAssignment();
525  if(!$this->form->checkInput() or ($err = $this->checkInput()))
526  {
527  if($err)
528  {
529  ilUtil::sendFailure($this->lng->txt($err));
530  }
531 
532  $this->tabs_gui->setSubTabActive('shib_role_assignment');
533 
534  $this->form->setValuesByPost();
535  $this->tpl->addBlockFile('ADM_CONTENT','adm_content','tpl.shib_role_assignment.html','Services/AuthShibboleth');
536  $this->tpl->setVariable('NEW_RULE_TABLE',$this->form->getHTML());
537 
538  if(strlen($html = $this->parseRulesTable()))
539  {
540  $this->tpl->setVariable('RULE_TABLE',$html);
541  }
542 
543  return true;
544  }
545 
546  // Redirects if required
547  $this->showLocalRoleSelection();
548 
549  $this->rule->add();
550  ilUtil::sendSuccess($this->lng->txt('settings_saved'));
551  $this->roleAssignment();
552  return true;
553  }
554 
555 
560  protected function editRoleAssignment()
561  {
562  $this->ctrl->setParameter($this,'rule_id',(int) $_GET['rule_id']);
563 
564 
565  $this->tabs_gui->setSubTabActive('shib_role_assignment');
566  $this->initFormRoleAssignment('update');
567  $this->getRuleValues();
568 
569  $this->tpl->addBlockFile('ADM_CONTENT','adm_content','tpl.shib_role_assignment.html','Services/AuthShibboleth');
570  $this->tpl->setVariable('NEW_RULE_TABLE',$this->form->getHTML());
571  return true;
572  }
573 
574  protected function updateRoleAssignmentRule()
575  {
576  global $ilAccess,$ilErr;
577 
578  if(!$ilAccess->checkAccess('write','',$this->ref_id))
579  {
580  ilUtil::sendFailure($this->lng->txt('permission_denied'), true);
581  $this->roleAssignment();
582  return false;
583  }
584 
585  $this->initFormRoleAssignment();
586  if(!$this->form->checkInput() or ($err = $this->checkInput((int) $_REQUEST['rule_id'])))
587  {
588  if($err)
589  {
590  ilUtil::sendFailure($this->lng->txt($err));
591  }
592 
593  $this->tabs_gui->setSubTabActive('shib_role_assignment');
594 
595  $this->form->setValuesByPost();
596  $this->tpl->addBlockFile('ADM_CONTENT','adm_content','tpl.shib_role_assignment.html','Services/AuthShibboleth');
597  $this->tpl->setVariable('NEW_RULE_TABLE',$this->form->getHTML());
598  return true;
599  }
600 
601  $this->showLocalRoleSelection('update');
602 
603  $this->rule->update();
604  ilUtil::sendSuccess($this->lng->txt('settings_saved'));
605  $this->roleAssignment();
606  return true;
607  }
608 
609  private function loadRule($a_rule_id = 0)
610  {
611  include_once('./Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRule.php');
612 
613  $this->rule = new ilShibbolethRoleAssignmentRule($a_rule_id);
614  if($this->form->getInput('role_name') == 0)
615  {
616  $this->rule->setRoleId($this->form->getInput('role_id'));
617  }
618  elseif($this->form->getInput('role_search'))
619  {
620  // Search role
621  include_once './Services/Search/classes/class.ilQueryParser.php';
622 
623  $parser = new ilQueryParser($this->form->getInput('role_search'));
624 
625  // TODO: Handle minWordLength
626  $parser->setMinWordLength(1,true);
627  $parser->setCombination(QP_COMBINATION_AND);
628  $parser->parse();
629 
630  include_once 'Services/Search/classes/Like/class.ilLikeObjectSearch.php';
631  $object_search = new ilLikeObjectSearch($parser);
632  $object_search->setFilter(array('role'));
633  $res = $object_search->performSearch();
634 
635  $entries = $res->getEntries();
636  if(count($entries) == 1)
637  {
638  $role = current($entries);
639  $this->rule->setRoleId($role['obj_id']);
640  }
641  elseif(count($entries) > 1)
642  {
643  $this->rule->setRoleId(-1);
644  }
645  }
646  $this->rule->setName($this->form->getInput('attr_name'));
647  $this->rule->setValue($this->form->getInput('attr_value'));
648  $this->rule->enableAddOnUpdate($this->form->getInput('add_missing'));
649  $this->rule->enableRemoveOnUpdate($this->form->getInput('remove_deprecated'));
650  $this->rule->enablePlugin($this->form->getInput('kind') == 2);
651  $this->rule->setPluginId($this->form->getInput('plugin_id'));
652 
653  return $this->rule;
654  }
655 
656  private function getRuleValues()
657  {
658  global $rbacreview;
659 
660  include_once './Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRule.php';
661  $rule = new ilShibbolethRoleAssignmentRule((int) $_GET['rule_id']);
662  $role = $rule->getRoleId();
663 
664  if($rbacreview->isGlobalRole($role))
665  {
666  $values['role_name'] = 0;
667  $values['role_id'] = $role;
668  }
669  else
670  {
671  $values['role_name'] = 1;
672  $values['role_search'] = ilObject::_lookupTitle($role);
673  }
674 
675  $values['add_missing'] = (int) $rule->isAddOnUpdateEnabled();
676  $values['remove_deprecated'] = (int) $rule->isRemoveOnUpdateEnabled();
677 
678  $values['attr_name'] = $rule->getName();
679  $values['attr_value'] = $rule->getValue();
680 
681  if(!$rule->isPluginActive())
682  {
683  $values['kind'] = 1;
684  }
685  else
686  {
687  $values['kind'] = 2;
688  $values['plugin_id'] = $rule->getPluginId();
689  }
690 
691  $this->form->setValuesByArray($values);
692  }
693 
694  private function checkInput($a_rule_id = 0)
695  {
696  $this->loadRule($a_rule_id);
697  return $this->rule->validate();
698  }
699 
700  private function showLocalRoleSelection()
701  {
702  if($this->rule->getRoleId() > 0)
703  {
704  return false;
705  }
706 
707  $_SESSION['shib_role_ass']['rule_id'] = $_REQUEST['rule_id'] ? $_REQUEST['rule_id'] : 0;
708  $_SESSION['shib_role_ass']['search'] = $this->form->getInput('role_search');
709  $_SESSION['shib_role_ass']['add_on_update'] = $this->rule->isAddOnUpdateEnabled();
710  $_SESSION['shib_role_ass']['remove_on_update'] = $this->rule->isRemoveOnUpdateEnabled();
711  $_SESSION['shib_role_ass']['name'] = $this->rule->getName();
712  $_SESSION['shib_role_ass']['value'] = $this->rule->getValue();
713  $_SESSION['shib_role_ass']['plugin'] = $this->rule->isPluginActive();
714  $_SESSION['shib_role_ass']['plugin_id'] = $this->rule->getPluginId();
715 
716  $this->ctrl->redirect($this,'chooseRole');
717  }
718 
719  protected function chooseRole()
720  {
721  $this->tabs_gui->setSubTabActive('shib_role_assignment');
722 
723  include_once './Services/Search/classes/class.ilQueryParser.php';
724  $parser = new ilQueryParser($_SESSION['shib_role_ass']['search']);
725  $parser->setMinWordLength(1,true);
726  $parser->setCombination(QP_COMBINATION_AND);
727  $parser->parse();
728 
729  include_once 'Services/Search/classes/Like/class.ilLikeObjectSearch.php';
730  $object_search = new ilLikeObjectSearch($parser);
731  $object_search->setFilter(array('role'));
732  $res = $object_search->performSearch();
733 
734  $entries = $res->getEntries();
735 
736  include_once './Services/AccessControl/classes/class.ilRoleSelectionTableGUI.php';
737  $table = new ilRoleSelectionTableGUI($this,'chooseRole');
738  $table->setTitle($this->lng->txt('shib_role_selection'));
739  $table->addMultiCommand('saveRoleSelection',$this->lng->txt('shib_choose_role'));
740  $table->addCommandButton('roleAssignment',$this->lng->txt('cancel'));
741  $table->parse($entries);
742 
743  $this->tpl->setContent($table->getHTML());
744  return true;
745  }
746 
747  protected function saveRoleSelection()
748  {
749  $rule = new ilShibbolethRoleAssignmentRule($_SESSION['shib_role_ass']['rule_id']);
750  $rule->setRoleId((int) $_POST['role_id']);
751  $rule->setName($_SESSION['shib_role_ass']['name']);
752  $rule->setValue($_SESSION['shib_role_ass']['value']);
753  $rule->enablePlugin($_SESSION['shib_role_ass']['plugin']);
754  $rule->setPluginId($_SESSION['shib_role_ass']['plugin_id']);
755  $rule->enableAddOnUpdate($_SESSION['shib_role_ass']['add_on_update']);
756  $rule->enableRemoveOnUpdate($_SESSION['shib_role_ass']['remove_on_update']);
757 
758  if($rule->getRuleId())
759  {
760  $rule->update();
761  }
762  else
763  {
764  $rule->add();
765  }
766  ilUtil::sendSuccess($this->lng->txt('settings_saved'));
767 
768  unset($_SESSION['shib_role_ass']);
769  $this->roleAssignment();
770 
771  }
772 
777  private function hasActiveRoleAssignmentPlugins()
778  {
779  global $ilPluginAdmin;
780 
781  return count($ilPluginAdmin->getActivePluginsForSlot(IL_COMP_SERVICE,'AuthShibboleth','shibhk'));
782  }
783 
784 
785 
786  private function prepareRoleSelect($a_as_select = true)
787  {
788  global $rbacreview,$ilObjDataCache;
789 
790  $global_roles = ilUtil::_sortIds($rbacreview->getGlobalRoles(),
791  'object_data',
792  'title',
793  'obj_id');
794 
795  $select[0] = $this->lng->txt('links_select_one');
796  foreach($global_roles as $role_id)
797  {
798  $select[$role_id] = ilObject::_lookupTitle($role_id);
799  }
800  return $select;
801  }
802 
803 
804 
805  protected function setSubTabs()
806  {
807  global $ilSetting;
808 
809  include_once './Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRules.php';
810  if($ilSetting->get('shib_active') == 0 and ilShibbolethRoleAssignmentRules::getCountRules() == 0)
811  {
812  return false;
813  }
814  // DONE: show sub tabs if there is any role assignment rule
815 
816  $this->tabs_gui->addSubTabTarget('shib_settings',
817  $this->ctrl->getLinkTarget($this,'settings'));
818 
819  $this->tabs_gui->addSubTabTarget('shib_role_assignment',
820  $this->ctrl->getLinkTarget($this,'roleAssignment'));
821  return true;
822 
823  }
824 
825 }
826 ?>