ILIAS  Release_4_2_x_branch Revision 61807
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilAuthShibbolethSettingsGUI.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
3 
13 class ilAuthShibbolethSettingsGUI
14 {
15 
16  private $ctrl;
17  private $ilias;
18  private $tabs_gui;
19  private $lng;
20  private $tpl;
21  private $ref_id;
22 
23 
29  public function __construct($a_auth_ref_id)
30  {
31  global $lng,$ilCtrl,$tpl,$ilTabs,$ilias;
32 
33  $this->ctrl = $ilCtrl;
34  $this->tabs_gui = $ilTabs;
35  $this->lng = $lng;
36  $this->lng->loadLanguageModule('shib');
37  $this->ilias = $ilias;
38 
39  $this->tpl = $tpl;
40 
41  $this->ref_id = $a_auth_ref_id;
42  $this->obj_id = ilObject::_lookupObjId($this->ref_id);
43  }
44 
49  public function executeCommand()
50  {
51  global $ilAccess,$ilErr, $ilCtrl;
52 
53  $next_class = $this->ctrl->getNextClass($this);
54  $cmd = $this->ctrl->getCmd();
55 
56  if(!$ilAccess->checkAccess('read','',$this->ref_id))
57  {
58  $ilErr->raiseError($this->lng->txt('msg_no_perm_read'),$ilErr->WARNING);
59  }
60 
61  if(!$ilAccess->checkAccess('write','',$this->ref_id) && $cmd != "settings")
62  {
63  ilUtil::sendFailure($this->lng->txt('msg_no_perm_write'), true);
64  $ilCtrl->redirect($this, "settings");
65  }
66 
67  $this->setSubTabs();
68 
69  switch($next_class)
70  {
71  default:
72  if(!$cmd)
73  {
74  $cmd = "settings";
75  }
76  $this->$cmd();
77  break;
78  }
79  return true;
80 
81  }
82 
83  public function settings()
84  {
85  global $rbacsystem, $rbacreview;
86 
87  $this->tabs_gui->setSubTabActive('shib_settings');
88 
89  // set already saved data or default value for port
90  $settings = $this->ilias->getAllSettings();
91 
92  // Compose role list
93  $role_list = $rbacreview->getRolesByFilter(2);
94  $selectElement = '<select name="shib[user_default_role]">';
95 
96  if (!isset($settings["shib_user_default_role"]))
97  {
98  $settings["shib_user_default_role"] = 4;
99  }
100 
101  foreach ($role_list as $role)
102  {
103  $selectElement .= '<option value="'.$role['obj_id'].'"';
104  if ($settings["shib_user_default_role"] == $role['obj_id'])
105  $selectElement .= 'selected="selected"';
106 
107  $selectElement .= '>'.$role['title'].'</option>';
108  }
109  $selectElement .= '</select>';
110 
111 
112  // Set text field content
113  $shib_settings = array(
114  'shib_login',
115  'shib_title',
116  'shib_firstname',
117  'shib_lastname',
118  'shib_email',
119  'shib_gender',
120  'shib_institution',
121  'shib_department',
122  'shib_zipcode',
123  'shib_city',
124  'shib_country',
125  'shib_street',
126  'shib_phone_office',
127  'shib_phone_home',
128  'shib_phone_mobile',
129  'shib_language',
130  'shib_matriculation',
131  'shib_hobby'
132  );
133 
134 
135  $this->tpl->addBlockFile('ADM_CONTENT','adm_content','tpl.auth_shib.html');
136 
137  foreach ($shib_settings as $setting)
138  {
139  $field = ereg_replace('shib_','',$setting);
140  $this->tpl->setVariable(strtoupper($setting), $settings[$setting]);
141  $this->tpl->setVariable('SHIB_UPDATE_'.strtoupper($field), $settings["shib_update_".$field]);
142 
143  if ($settings["shib_update_".$field]) {
144  $this->tpl->setVariable('CHK_SHIB_UPDATE_'.strtoupper($field), 'checked="checked"');
145  }
146  }
147 
148  // Set some default values
149 
150  if (!isset($settings["shib_login_button"]) || $settings["shib_login_button"] == ''){
151  $this->tpl->setVariable("SHIB_LOGIN_BUTTON", "templates/default/images/shib_login_button.png");
152  }
153 
154  if (isset($settings["shib_active"]) && $settings["shib_active"])
155  {
156  $this->tpl->setVariable("chk_shib_active", 'checked="checked"');
157  }
158  if ($settings['shib_auth_allow_local'] == '1')
159  {
160  $this->tpl->setVariable('CHK_SHIB_AUTH_ALLOW_LOCAL', 'checked="checked"');
161  }
162 
163  if (
164  !isset($settings["shib_hos_type"])
165  || $settings["shib_hos_type"] == ''
166  || $settings["shib_hos_type"] == 'internal_wayf'
167  )
168  {
169  $this->tpl->setVariable("CHK_SHIB_LOGIN_INTERNAL_WAYF", 'checked="checked"');
170  $this->tpl->setVariable("CHK_SHIB_LOGIN_EXTERNAL_WAYF", '');
171  $this->tpl->setVariable("CHK_SHIB_LOGIN_EMBEDDED_WAYF", '');
172  } elseif($settings["shib_hos_type"] == 'embedded_wayf'){
173  $this->tpl->setVariable("CHK_SHIB_LOGIN_INTERNAL_WAYF", '');
174  $this->tpl->setVariable("CHK_SHIB_LOGIN_EXTERNAL_WAYF", '');
175  $this->tpl->setVariable("CHK_SHIB_LOGIN_EMBEDDED_WAYF", 'checked="checked"');
176  } else {
177  $this->tpl->setVariable("CHK_SHIB_LOGIN_INTERNAL_WAYF", '');
178  $this->tpl->setVariable("CHK_SHIB_LOGIN_EXTERNAL_WAYF", 'checked="checked"');
179  $this->tpl->setVariable("CHK_SHIB_LOGIN_EMBEDDED_WAYF", '');
180  }
181 
182  if (!isset($settings["shib_idp_list"]) || $settings["shib_idp_list"] == '')
183  {
184  $this->tpl->setVariable("SHIB_IDP_LIST", "urn:mace:organization1:providerID, Example Organization 1\nurn:mace:organization2:providerID, Example Organization 2, /Shibboleth.sso/WAYF/SWITCHaai");
185  } else {
186  $this->tpl->setVariable("SHIB_IDP_LIST", stripslashes($settings["shib_idp_list"]));
187  }
188 
189  $this->tpl->setVariable("SHIB_USER_DEFAULT_ROLE", $selectElement);
190  $this->tpl->setVariable("SHIB_LOGIN_BUTTON", $settings["shib_login_button"]);
191  $this->tpl->setVariable("SHIB_LOGIN_INSTRUCTIONS", stripslashes($settings["shib_login_instructions"]));
192  $this->tpl->setVariable("SHIB_FEDERATION_NAME", stripslashes($settings["shib_federation_name"]));
193  $this->tpl->setVariable("SHIB_DATA_CONV", $settings["shib_data_conv"]);
194 
195  $this->tpl->setVariable("FORMACTION", $this->ctrl->getFormAction($this));
196  $this->tpl->setVariable("COLSPAN", 3);
197  $this->tpl->setVariable("TXT_SHIB_INSTRUCTIONS",
198  $this->lng->txt("auth_shib_instructions"));
199  $this->tpl->setVariable("LINK_SHIB_INSTRUCTIONS",
200  "./Services/AuthShibboleth/README.SHIBBOLETH.txt");
201  $this->tpl->setVariable("TXT_SHIB", $this->lng->txt("shib"));
202  $this->tpl->setVariable("TXT_OPTIONS", $this->lng->txt("options"));
203  $this->tpl->setVariable("TXT_SHIB_UPDATE", $this->lng->txt("shib_update"));
204  $this->tpl->setVariable("TXT_SHIB_ACTIVE", $this->lng->txt("shib_active"));
205  $this->tpl->setVariable("TXT_SHIB_USER_DEFAULT_ROLE", $this->lng->txt("shib_user_default_role"));
206  $this->tpl->setVariable("TXT_SHIB_LOGIN_BUTTON", $this->lng->txt("shib_login_button"));
207  $this->tpl->setVariable("TXT_SHIB_LOGIN_TYPE", $this->lng->txt("shib_login_type"));
208  $this->tpl->setVariable("TXT_SHIB_LOGIN_INTERNAL_WAYF", $this->lng->txt("shib_login_internal_wayf"));
209  $this->tpl->setVariable("TXT_SHIB_LOGIN_EXTERNAL_WAYF", $this->lng->txt("shib_login_external_wayf"));
210  $this->tpl->setVariable("TXT_SHIB_IDP_LIST", $this->lng->txt("shib_idp_list"));
211  $this->tpl->setVariable("TXT_SHIB_FEDERATION_NAME", $this->lng->txt("shib_federation_name"));
212  $this->tpl->setVariable("TXT_SHIB_LOGIN_EMBEDDED_WAYF", $this->lng->txt("shib_login_embedded_wayf"));
213  $this->tpl->setVariable("TXT_SHIB_LOGIN_EMBEDDED_WAYF_DESCRIPTION", $this->lng->txt("shib_login_embedded_wayf_description"));
214  $this->tpl->setVariable("TXT_SHIB_LOGIN_INSTRUCTIONS", $this->lng->txt("auth_login_instructions"));
215  $this->tpl->setVariable("TXT_SHIB_DATA_CONV", $this->lng->txt("shib_data_conv"));
216  $this->tpl->setVariable("TXT_SHIB_AUTH_ALLOW_LOCAL", $this->lng->txt("auth_allow_local"));
217  foreach ($shib_settings as $setting)
218  {
219  $this->tpl->setVariable("TXT_".strtoupper($setting), $this->lng->txt($setting));
220  }
221 
222  $this->tpl->setVariable("TXT_REQUIRED_FLD", $this->lng->txt("required_field"));
223  $this->tpl->setVariable("TXT_CANCEL", $this->lng->txt("cancel"));
224  $this->tpl->setVariable("TXT_SUBMIT", $this->lng->txt("save"));
225  $this->tpl->setVariable("CMD_SUBMIT", "save");
226  }
227 
228  public function save()
229  {
230  global $ilUser;
231 
232  // validate required data
233  if (
234  !$_POST["shib"]["login"]
235  or !$_POST["shib"]["hos_type"]
236  or !$_POST["shib"]["firstname"]
237  or !$_POST["shib"]["lastname"]
238  or !$_POST["shib"]["email"]
239  or !$_POST["shib"]["user_default_role"]
240  or !$_POST["shib"]["federation_name"]
241  )
242  {
243  $this->ilias->raiseError($this->lng->txt("fill_out_all_required_fields"),$this->ilias->error_obj->MESSAGE);
244  }
245 
246  // validate api
247  if (
248  $_POST["shib"]["data_conv"]
249  and $_POST["shib"]["data_conv"] != ''
250  and !is_readable($_POST["shib"]["data_conv"]) )
251  {
252  $this->ilias->raiseError($this->lng->txt("shib_data_conv_warning"),$this->ilias->error_obj->MESSAGE);
253  }
254 
255  // all ok. save settings
256  $shib_settings = array(
257  'shib_login',
258  'shib_title',
259  'shib_firstname',
260  'shib_lastname',
261  'shib_email',
262  'shib_gender',
263  'shib_institution',
264  'shib_department',
265  'shib_zipcode',
266  'shib_city',
267  'shib_country',
268  'shib_street',
269  'shib_phone_office',
270  'shib_phone_home',
271  'shib_phone_mobile',
272  'shib_language',
273  'shib_matriculation'
274  );
275 
276  foreach ($shib_settings as $setting)
277  {
278  $field = ereg_replace('shib_','',$setting);
279  if ($_POST["shib"]["update_".$field] != "1")
280  $_POST["shib"]["update_".$field] = "0";
281  $this->ilias->setSetting($setting, trim($_POST["shib"][$field]));
282  $this->ilias->setSetting("shib_update_".$field, $_POST["shib"]["update_".$field]);
283  }
284 
285  if ($_POST["shib"]["active"] != "1")
286  {
287  $this->ilias->setSetting("shib_active", "0");
288  }
289  else
290  {
291  $this->ilias->setSetting("shib_active", "1");
292  }
293 
294  $this->ilias->setSetting("shib_user_default_role", $_POST["shib"]["user_default_role"]);
295  $this->ilias->setSetting("shib_hos_type", $_POST["shib"]["hos_type"]);
296  $this->ilias->setSetting("shib_federation_name", $_POST["shib"]["federation_name"]);
297  $this->ilias->setSetting("shib_idp_list", $_POST["shib"]["idp_list"]);
298  $this->ilias->setSetting("shib_login_instructions", $_POST["shib"]["login_instructions"]);
299  $this->ilias->setSetting("shib_login_button", $_POST["shib"]["login_button"]);
300  $this->ilias->setSetting("shib_data_conv", $_POST["shib"]["data_conv"]);
301  $this->ilias->setSetting("shib_auth_allow_local", ($_POST['shib']['auth_allow_local']=='1') ? '1' : '0');
302 
303  ilUtil::sendSuccess($this->lng->txt("shib_settings_saved"),true);
304 
305  $this->ctrl->redirect($this,'settings');
306  }
307 
308  protected function roleAssignment()
309  {
310  $this->tabs_gui->setSubTabActive('shib_role_assignment');
311 
312  $this->initFormRoleAssignment('default');
313 
314  $this->tpl->addBlockFile('ADM_CONTENT','adm_content','tpl.shib_role_assignment.html','Services/AuthShibboleth');
315  $this->tpl->setVariable('NEW_RULE_TABLE',$this->form->getHTML());
316 
317  if(strlen($html = $this->parseRulesTable()))
318  {
319  $this->tpl->setVariable('RULE_TABLE',$html);
320  }
321 
322  return true;
323  }
324 
325  protected function parseRulesTable()
326  {
327  include_once('./Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRules.php');
328  if(ilShibbolethRoleAssignmentRules::getCountRules() == 0)
329  {
330  return '';
331  }
332  include_once('./Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentTableGUI.php');
333  $rules_table = new ilShibbolethRoleAssignmentTableGUI($this,'roleAssignment');
334  $rules_table->setTitle($this->lng->txt('shib_rules_tables'));
335  $rules_table->parse(ilShibbolethRoleAssignmentRules::getAllRules());
336  $rules_table->addMultiCommand("confirmDeleteRules", $this->lng->txt("delete"));
337  $rules_table->setSelectAllCheckbox("rule_id");
338 
339  return $rules_table->getHTML();
340  }
341 
349  protected function confirmDeleteRules()
350  {
351  if(!is_array($_POST['rule_ids']))
352  {
353  ilUtil::sendFailure($this->lng->txt('select_one'));
354  $this->roleAssignment();
355  return false;
356  }
357  $this->tabs_gui->setSubTabActive('shib_role_assignment');
358 
359  include_once("Services/Utilities/classes/class.ilConfirmationGUI.php");
360  $c_gui = new ilConfirmationGUI();
361 
362  // set confirm/cancel commands
363  $c_gui->setFormAction($this->ctrl->getFormAction($this, "deleteRules"));
364  $c_gui->setHeaderText($this->lng->txt("shib_confirm_del_role_ass"));
365  $c_gui->setCancel($this->lng->txt("cancel"), "roleAssignment");
366  $c_gui->setConfirm($this->lng->txt("confirm"), "deleteRules");
367 
368  // add items to delete
369  include_once('Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRule.php');
370  foreach($_POST["rule_ids"] as $rule_id)
371  {
372  $rule = new ilShibbolethRoleAssignmentRule($rule_id);
373 
374  $info = ilObject::_lookupTitle($rule->getRoleId());
375  $info .= " (";
376  $info .= $rule->conditionToString();
377  $info .= ')';
378  $c_gui->addItem('rule_ids[]',$rule_id,$info);
379  }
380  $this->tpl->setContent($c_gui->getHTML());
381  }
382 
389  protected function deleteRules()
390  {
391  if(!is_array($_POST['rule_ids']))
392  {
393  ilUtil::sendFailure($this->lng->txt('select_once'));
394  $this->roleAssignment();
395  return false;
396  }
397  include_once('Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRule.php');
398  foreach($_POST["rule_ids"] as $rule_id)
399  {
400  $rule = new ilShibbolethRoleAssignmentRule($rule_id);
401  $rule->delete();
402  }
403  ilUtil::sendSuccess($this->lng->txt('shib_deleted_rule'));
404  $this->roleAssignment();
405  return true;
406  }
407 
408 
409 
410  protected function initFormRoleAssignment($a_mode = 'default')
411  {
412  include_once('./Services/Form/classes/class.ilPropertyFormGUI.php');
413  $this->form = new ilPropertyFormGUI();
414  $this->form->setFormAction($this->ctrl->getFormAction($this,'cancel'));
415  $this->form->setTitle($this->lng->txt('shib_role_ass_table'));
416 
417  if($a_mode == 'default')
418  {
419  $this->form->setTitle($this->lng->txt('shib_role_ass_table'));
420  $this->form->addCommandButton('addRoleAssignmentRule',$this->lng->txt('shib_new_rule'));
421  $this->form->addCommandButton('settings',$this->lng->txt('cancel'));
422  }
423  else
424  {
425  $this->form->setTitle($this->lng->txt('shib_update_role_ass_table'));
426  $this->form->addCommandButton('updateRoleAssignmentRule',$this->lng->txt('save'));
427  $this->form->addCommandButton('roleAssignment',$this->lng->txt('cancel'));
428 
429  }
430  // Role selection
431  $role = new ilRadioGroupInputGUI($this->lng->txt('shib_role_name'),'role_name');
432  $role->setRequired(true);
433 
434  $global = new ilRadioOption($this->lng->txt('shib_global_role'),0);
435  $role->addOption($global);
436 
437  $role_select = new ilSelectInputGUI('','role_id');
438  $role_select->setOptions($this->prepareRoleSelect());
439  $global->addSubItem($role_select);
440 
441  $local = new ilRadioOption($this->lng->txt('shib_local_role'),1);
442  $role->addOption($local);
443 
444  include_once './Services/Form/classes/class.ilRoleAutoCompleteInputGUI.php';
445  $role_search = new ilRoleAutoCompleteInputGUI('','role_search',$this,'addRoleAutoCompleteObject');
446  $role_search->setSize(40);
447  $local->addSubItem($role_search);
448 
449  include_once './Services/AccessControl/classes/class.ilRoleAutoComplete.php';
450 
451  $role->setInfo($this->lng->txt('shib_role_name_info'));
452  $this->form->addItem($role);
453 
454  // Update options
455  $update = new ilNonEditableValueGUI($this->lng->txt('shib_update_roles'),'update_roles');
456  $update->setValue($this->lng->txt('shib_check_role_assignment'));
457 
458  $add = new ilCheckboxInputGUI('','add_missing');
459  $add->setOptionTitle($this->lng->txt('shib_add_missing'));
460  $add->setValue(1);
461  $update->addSubItem($add);
462 
463  $remove = new ilCheckboxInputGUI('','remove_deprecated');
464  $remove->setOptionTitle($this->lng->txt('shib_remove_deprecated'));
465  $remove->setValue(1);
466  $update->addSubItem($remove);
467 
468  $this->form->addItem($update);
469 
470  // Assignment type
471  $kind = new ilRadioGroupInputGUI($this->lng->txt('shib_assignment_type'),'kind');
472  $kind->setValue(1);
473  $kind->setRequired(true);
474 
475  $attr = new ilRadioOption($this->lng->txt('shib_attribute'),1);
476  $attr->setInfo($this->lng->txt('shib_attr_info'));
477 
478  $name = new ilTextInputGUI($this->lng->txt('shib_attribute_name'),'attr_name');
479  $name->setSize(32);
480  $attr->addSubItem($name);
481 
482  $value = new ilTextInputGUI($this->lng->txt('shib_attribute_value'),'attr_value');
483  $value->setSize(32);
484  $attr->addSubItem($value);
485  $kind->addOption($attr);
486 
487  $pl_active = (bool) $this->hasActiveRoleAssignmentPlugins();
488 
489  $pl = new ilRadioOption($this->lng->txt('shib_plugin'),2);
490  $pl->setInfo($this->lng->txt('shib_plugin_info'));
491  $pl->setDisabled(!$pl_active);
492 
493  $id = new ilNumberInputGUI($this->lng->txt('shib_plugin_id'),'plugin_id');
494  $id->setDisabled(!$pl_active);
495  $id->setSize(3);
496  $id->setMaxLength(3);
497  $id->setMaxValue(999);
498  $id->setMinValue(1);
499  $pl->addSubItem($id);
500 
501  $kind->addOption($pl);
502 
503  $this->form->addItem($kind);
504  }
505 
509  function addRoleAutoCompleteObject()
510  {
511  include_once("./Services/Form/classes/class.ilRoleAutoCompleteInputGUI.php");
512  ilRoleAutoCompleteInputGUI::echoAutoCompleteList();
513  }
514 
515 
516  protected function addRoleAssignmentRule()
517  {
518  global $ilAccess,$ilErr;
519 
520  if(!$ilAccess->checkAccess('write','',$this->ref_id))
521  {
522  ilUtil::sendFailure($this->lng->txt('permission_denied'), true);
523  $this->roleAssignment();
524  return false;
525  }
526 
527  $this->initFormRoleAssignment();
528  if(!$this->form->checkInput() or ($err = $this->checkInput()))
529  {
530  if($err)
531  {
532  ilUtil::sendFailure($this->lng->txt($err));
533  }
534 
535  $this->tabs_gui->setSubTabActive('shib_role_assignment');
536 
537  $this->form->setValuesByPost();
538  $this->tpl->addBlockFile('ADM_CONTENT','adm_content','tpl.shib_role_assignment.html','Services/AuthShibboleth');
539  $this->tpl->setVariable('NEW_RULE_TABLE',$this->form->getHTML());
540 
541  if(strlen($html = $this->parseRulesTable()))
542  {
543  $this->tpl->setVariable('RULE_TABLE',$html);
544  }
545 
546  return true;
547  }
548 
549  // Redirects if required
550  $this->showLocalRoleSelection();
551 
552  $this->rule->add();
553  ilUtil::sendSuccess($this->lng->txt('settings_saved'));
554  $this->roleAssignment();
555  return true;
556  }
557 
558 
563  protected function editRoleAssignment()
564  {
565  $this->ctrl->setParameter($this,'rule_id',(int) $_GET['rule_id']);
566 
567 
568  $this->tabs_gui->setSubTabActive('shib_role_assignment');
569  $this->initFormRoleAssignment('update');
570  $this->getRuleValues();
571 
572  $this->tpl->addBlockFile('ADM_CONTENT','adm_content','tpl.shib_role_assignment.html','Services/AuthShibboleth');
573  $this->tpl->setVariable('NEW_RULE_TABLE',$this->form->getHTML());
574  return true;
575  }
576 
577  protected function updateRoleAssignmentRule()
578  {
579  global $ilAccess,$ilErr;
580 
581  if(!$ilAccess->checkAccess('write','',$this->ref_id))
582  {
583  ilUtil::sendFailure($this->lng->txt('permission_denied'), true);
584  $this->roleAssignment();
585  return false;
586  }
587 
588  $this->initFormRoleAssignment();
589  if(!$this->form->checkInput() or ($err = $this->checkInput((int) $_REQUEST['rule_id'])))
590  {
591  if($err)
592  {
593  ilUtil::sendFailure($this->lng->txt($err));
594  }
595 
596  $this->tabs_gui->setSubTabActive('shib_role_assignment');
597 
598  $this->form->setValuesByPost();
599  $this->tpl->addBlockFile('ADM_CONTENT','adm_content','tpl.shib_role_assignment.html','Services/AuthShibboleth');
600  $this->tpl->setVariable('NEW_RULE_TABLE',$this->form->getHTML());
601  return true;
602  }
603 
604  $this->showLocalRoleSelection('update');
605 
606  $this->rule->update();
607  ilUtil::sendSuccess($this->lng->txt('settings_saved'));
608  $this->roleAssignment();
609  return true;
610  }
611 
612  private function loadRule($a_rule_id = 0)
613  {
614  include_once('./Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRule.php');
615 
616  $this->rule = new ilShibbolethRoleAssignmentRule($a_rule_id);
617  if($this->form->getInput('role_name') == 0)
618  {
619  $this->rule->setRoleId($this->form->getInput('role_id'));
620  }
621  elseif($this->form->getInput('role_search'))
622  {
623  // Search role
624  include_once './Services/Search/classes/class.ilQueryParser.php';
625 
626  $parser = new ilQueryParser($this->form->getInput('role_search'));
627 
628  // TODO: Handle minWordLength
629  $parser->setMinWordLength(1,true);
630  $parser->setCombination(QP_COMBINATION_AND);
631  $parser->parse();
632 
633  include_once 'Services/Search/classes/Like/class.ilLikeObjectSearch.php';
634  $object_search = new ilLikeObjectSearch($parser);
635  $object_search->setFilter(array('role'));
636  $res = $object_search->performSearch();
637 
638  $entries = $res->getEntries();
639  if(count($entries) == 1)
640  {
641  $role = current($entries);
642  $this->rule->setRoleId($role['obj_id']);
643  }
644  elseif(count($entries) > 1)
645  {
646  $this->rule->setRoleId(-1);
647  }
648  }
649  $this->rule->setName($this->form->getInput('attr_name'));
650  $this->rule->setValue($this->form->getInput('attr_value'));
651  $this->rule->enableAddOnUpdate($this->form->getInput('add_missing'));
652  $this->rule->enableRemoveOnUpdate($this->form->getInput('remove_deprecated'));
653  $this->rule->enablePlugin($this->form->getInput('kind') == 2);
654  $this->rule->setPluginId($this->form->getInput('plugin_id'));
655 
656  return $this->rule;
657  }
658 
659  private function getRuleValues()
660  {
661  global $rbacreview;
662 
663  include_once './Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRule.php';
664  $rule = new ilShibbolethRoleAssignmentRule((int) $_GET['rule_id']);
665  $role = $rule->getRoleId();
666 
667  if($rbacreview->isGlobalRole($role))
668  {
669  $values['role_name'] = 0;
670  $values['role_id'] = $role;
671  }
672  else
673  {
674  $values['role_name'] = 1;
675  $values['role_search'] = ilObject::_lookupTitle($role);
676  }
677 
678  $values['add_missing'] = (int) $rule->isAddOnUpdateEnabled();
679  $values['remove_deprecated'] = (int) $rule->isRemoveOnUpdateEnabled();
680 
681  $values['attr_name'] = $rule->getName();
682  $values['attr_value'] = $rule->getValue();
683 
684  if(!$rule->isPluginActive())
685  {
686  $values['kind'] = 1;
687  }
688  else
689  {
690  $values['kind'] = 2;
691  $values['plugin_id'] = $rule->getPluginId();
692  }
693 
694  $this->form->setValuesByArray($values);
695  }
696 
697  private function checkInput($a_rule_id = 0)
698  {
699  $this->loadRule($a_rule_id);
700  return $this->rule->validate();
701  }
702 
703  private function showLocalRoleSelection()
704  {
705  if($this->rule->getRoleId() > 0)
706  {
707  return false;
708  }
709 
710  $_SESSION['shib_role_ass']['rule_id'] = $_REQUEST['rule_id'] ? $_REQUEST['rule_id'] : 0;
711  $_SESSION['shib_role_ass']['search'] = $this->form->getInput('role_search');
712  $_SESSION['shib_role_ass']['add_on_update'] = $this->rule->isAddOnUpdateEnabled();
713  $_SESSION['shib_role_ass']['remove_on_update'] = $this->rule->isRemoveOnUpdateEnabled();
714  $_SESSION['shib_role_ass']['name'] = $this->rule->getName();
715  $_SESSION['shib_role_ass']['value'] = $this->rule->getValue();
716  $_SESSION['shib_role_ass']['plugin'] = $this->rule->isPluginActive();
717  $_SESSION['shib_role_ass']['plugin_id'] = $this->rule->getPluginId();
718 
719  $this->ctrl->redirect($this,'chooseRole');
720  }
721 
722  protected function chooseRole()
723  {
724  $this->tabs_gui->setSubTabActive('shib_role_assignment');
725 
726  include_once './Services/Search/classes/class.ilQueryParser.php';
727  $parser = new ilQueryParser($_SESSION['shib_role_ass']['search']);
728  $parser->setMinWordLength(1,true);
729  $parser->setCombination(QP_COMBINATION_AND);
730  $parser->parse();
731 
732  include_once 'Services/Search/classes/Like/class.ilLikeObjectSearch.php';
733  $object_search = new ilLikeObjectSearch($parser);
734  $object_search->setFilter(array('role'));
735  $res = $object_search->performSearch();
736 
737  $entries = $res->getEntries();
738 
739  include_once './Services/AccessControl/classes/class.ilRoleSelectionTableGUI.php';
740  $table = new ilRoleSelectionTableGUI($this,'chooseRole');
741  $table->setTitle($this->lng->txt('shib_role_selection'));
742  $table->addMultiCommand('saveRoleSelection',$this->lng->txt('shib_choose_role'));
743  $table->addCommandButton('roleAssignment',$this->lng->txt('cancel'));
744  $table->parse($entries);
745 
746  $this->tpl->setContent($table->getHTML());
747  return true;
748  }
749 
750  protected function saveRoleSelection()
751  {
752  $rule = new ilShibbolethRoleAssignmentRule($_SESSION['shib_role_ass']['rule_id']);
753  $rule->setRoleId((int) $_POST['role_id']);
754  $rule->setName($_SESSION['shib_role_ass']['name']);
755  $rule->setValue($_SESSION['shib_role_ass']['value']);
756  $rule->enablePlugin($_SESSION['shib_role_ass']['plugin']);
757  $rule->setPluginId($_SESSION['shib_role_ass']['plugin_id']);
758  $rule->enableAddOnUpdate($_SESSION['shib_role_ass']['add_on_update']);
759  $rule->enableRemoveOnUpdate($_SESSION['shib_role_ass']['remove_on_update']);
760 
761  if($rule->getRuleId())
762  {
763  $rule->update();
764  }
765  else
766  {
767  $rule->add();
768  }
769  ilUtil::sendSuccess($this->lng->txt('settings_saved'));
770 
771  unset($_SESSION['shib_role_ass']);
772  $this->roleAssignment();
773 
774  }
775 
780  private function hasActiveRoleAssignmentPlugins()
781  {
782  global $ilPluginAdmin;
783 
784  return count($ilPluginAdmin->getActivePluginsForSlot(IL_COMP_SERVICE,'AuthShibboleth','shibhk'));
785  }
786 
787 
788 
789  private function prepareRoleSelect($a_as_select = true)
790  {
791  global $rbacreview,$ilObjDataCache;
792 
793  $global_roles = ilUtil::_sortIds($rbacreview->getGlobalRoles(),
794  'object_data',
795  'title',
796  'obj_id');
797 
798  $select[0] = $this->lng->txt('links_select_one');
799  foreach($global_roles as $role_id)
800  {
801  $select[$role_id] = ilObject::_lookupTitle($role_id);
802  }
803  return $select;
804  }
805 
806 
807 
808  protected function setSubTabs()
809  {
810  global $ilSetting;
811 
812  include_once './Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRules.php';
813  if($ilSetting->get('shib_active') == 0 and ilShibbolethRoleAssignmentRules::getCountRules() == 0)
814  {
815  return false;
816  }
817  // DONE: show sub tabs if there is any role assignment rule
818 
819  $this->tabs_gui->addSubTabTarget('shib_settings',
820  $this->ctrl->getLinkTarget($this,'settings'));
821 
822  $this->tabs_gui->addSubTabTarget('shib_role_assignment',
823  $this->ctrl->getLinkTarget($this,'roleAssignment'));
824  return true;
825 
826  }
827 
828 }
829 ?>