ILIAS  Release_5_0_x_branch Revision 61816
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilLDAPRoleAssignmentRule.php
Go to the documentation of this file.
1 <?php
2 /*
3  +-----------------------------------------------------------------------------+
4  | ILIAS open source |
5  +-----------------------------------------------------------------------------+
6  | Copyright (c) 1998-2006 ILIAS open source, University of Cologne |
7  | |
8  | This program is free software; you can redistribute it and/or |
9  | modify it under the terms of the GNU General Public License |
10  | as published by the Free Software Foundation; either version 2 |
11  | of the License, or (at your option) any later version. |
12  | |
13  | This program is distributed in the hope that it will be useful, |
14  | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16  | GNU General Public License for more details. |
17  | |
18  | You should have received a copy of the GNU General Public License |
19  | along with this program; if not, write to the Free Software |
20  | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21  +-----------------------------------------------------------------------------+
22 */
23 
32 class ilLDAPRoleAssignmentRule
33 {
34  private static $instances = null;
35 
36  const TYPE_GROUP = 1;
37  const TYPE_ATTRIBUTE = 2;
38  const TYPE_PLUGIN = 3;
39 
40  private $server_id = 0;
41  private $plugin_active = false;
42  private $add_on_update = false;
43  private $remove_on_update = false;
44  private $plugin_id = 0;
45 
46 
54  private function __construct($a_id = 0)
55  {
56  global $ilDB;
57 
58  $this->db = $ilDB;
59 
60  $this->rule_id = $a_id;
61  $this->read();
62  }
63 
72  public static function _getInstanceByRuleId($a_rule_id)
73  {
74  if(isset(self::$instances[$a_rule_id]))
75  {
76  return self::$instances[$a_rule_id];
77  }
78  return self::$instances[$a_rule_id] = new ilLDAPRoleAssignmentRule($a_rule_id);
79  }
80 
85  public static function hasRulesForUpdate()
86  {
87  global $ilDB;
88 
89  $query = 'SELECT COUNT(*) num FROM ldap_role_assignments '.
90  'WHERE add_on_update = 1 '.
91  'OR remove_on_update = 1 ';
92  $res = $ilDB->query($query);
93  $row = $res->fetchRow(DB_FETCHMODE_OBJECT);
94  return $row->num > 0;
95  }
96 
102  public function matches($a_user_data)
103  {
104  global $ilLog;
105 
106  switch($this->getType())
107  {
108  case self::TYPE_PLUGIN:
109  include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRules.php';
110  return ilLDAPRoleAssignmentRules::callPlugin($this->getPluginId(), $a_user_data);
111 
112  case self::TYPE_ATTRIBUTE:
113 
114  $attn = strtolower($this->getAttributeName());
115 
116  if(!isset($a_user_data[$attn]))
117  {
118  return false;
119  }
120 
121  if(!is_array($a_user_data[$attn]))
122  {
123  $attribute_val = array(0 => $a_user_data[$attn]);
124  }
125  else
126  {
127  $attribute_val = $a_user_data[$attn];
128  }
129 
130  foreach($attribute_val as $value)
131  {
132  if($this->wildcardCompare(trim($this->getAttributeValue()),trim($value)))
133  {
134  $ilLog->write(__METHOD__.': Found role mapping: '.ilObject::_lookupTitle($this->getRoleId()));
135  return true;
136  }
137  /*
138  if(trim($value) == trim($this->getAttributeValue()))
139  {
140  $ilLog->write(__METHOD__.': Found role mapping: '.ilObject::_lookupTitle($this->getRoleId()));
141  return true;
142  }
143  */
144  }
145  return false;
146 
147  case self::TYPE_GROUP:
148  return $this->isGroupMember($a_user_data);
149 
150  }
151  }
152 
153  protected function wildcardCompare($a_str1, $a_str2)
154  {
155  $pattern = str_replace('*','.*?', $a_str1);
156  $GLOBALS['ilLog']->write(__METHOD__.': Replace pattern:'. $pattern.' => '.$a_str2);
157  return (bool) preg_match('/^'.$pattern.'$/i',$a_str2);
158  }
159 
168  private function isGroupMember($a_user_data)
169  {
170  global $ilLog;
171 
172 
173  if($this->isMemberAttributeDN())
174  {
175  $user_cmp = $a_user_data['dn'];
176  }
177  else
178  {
179  $user_cmp = $a_user_data['ilExternalAccount'];
180  }
181 
182  include_once('Services/LDAP/classes/class.ilLDAPQuery.php');
183  include_once('Services/LDAP/classes/class.ilLDAPServer.php');
184 
185  $server = ilLDAPServer::getInstanceByServerId(ilLDAPServer::_getFirstActiveServer());
186 
187  try
188  {
189  $query = new ilLDAPQuery($server);
190  $query->bind();
191  $res = $query->query($this->getDN(),
192  sprintf('(%s=%s)',
193  $this->getMemberAttribute(),
194  $user_cmp),
195  IL_LDAP_SCOPE_BASE,
196  array('dn'));
197  return $res->numRows() ? true : false;
198  }
199  catch(ilLDAPQueryException $e)
200  {
201  $ilLog->write(__METHOD__.': Caught Exception: '.$e->getMessage());
202  return false;
203  }
204  }
205 
206 
207 
214  public function _getRules()
215  {
216  global $ilDB;
217 
218  $query = "SELECT rule_id FROM ldap_role_assignments ";
219  $res = $ilDB->query($query);
220  while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
221  {
222  $rules[] = self::_getInstanceByRuleId($row->rule_id);
223  }
224  return $rules ? $rules : array();
225  }
226 
234  public function setRoleId($a_role_id)
235  {
236  $this->role_id = $a_role_id;
237  }
238 
245  public function getRoleId()
246  {
247  return $this->role_id;
248  }
249 
256  public function getRuleId()
257  {
258  return $this->rule_id;
259  }
260 
268  public function setServerId($a_id)
269  {
270  $this->server_id = $a_id;
271  }
272 
279  public function getServerId()
280  {
281  return $this->server_id;
282  }
283 
291  public function setType($a_type)
292  {
293  $this->type = $a_type;
294  }
295 
303  public function getType()
304  {
305  return $this->type;
306  }
307 
315  public function setDN($a_dn)
316  {
317  $this->dn = $a_dn;
318  }
319 
326  public function getDN()
327  {
328  return $this->dn;
329  }
330 
338  public function setMemberAttribute($a_attribute)
339  {
340  $this->member_attribute = $a_attribute;
341  }
342 
349  public function getMemberAttribute()
350  {
351  return $this->member_attribute;
352  }
353 
361  public function setMemberIsDN($a_status)
362  {
363  $this->member_is_dn = $a_status;
364  }
365 
372  public function isMemberAttributeDN()
373  {
374  return (bool) $this->member_is_dn;
375  }
376 
384  public function setAttributeName($a_name)
385  {
386  $this->attribute_name = $a_name;
387  }
388 
395  public function getAttributeName()
396  {
397  return $this->attribute_name;
398  }
399 
407  public function setAttributeValue($a_value)
408  {
409  $this->attribute_value = $a_value;
410  }
411 
418  public function getAttributeValue()
419  {
420  return $this->attribute_value;
421  }
422 
423  public function enableAddOnUpdate($a_status)
424  {
425  $this->add_on_update = $a_status;
426  }
427 
428  public function isAddOnUpdateEnabled()
429  {
430  return (bool) $this->add_on_update;
431  }
432 
433  public function enableRemoveOnUpdate($a_status)
434  {
435  $this->remove_on_update = $a_status;
436  }
437 
438  public function isRemoveOnUpdateEnabled()
439  {
440  return (bool) $this->remove_on_update;
441  }
442 
443  public function setPluginId($a_id)
444  {
445  $this->plugin_id = $a_id;
446  }
447 
448  public function getPluginId()
449  {
450  return $this->plugin_id;
451  }
452 
453  public function isPluginActive()
454  {
455  return (bool) $this->getType() == self::TYPE_PLUGIN;
456  }
457 
458 
465  public function conditionToString()
466  {
467  global $lng;
468 
469  switch($this->getType())
470  {
471  case self::TYPE_PLUGIN:
472  return $lng->txt('ldap_plugin_id').': '.$this->getPluginId();
473 
474  case self::TYPE_GROUP:
475  $dn_arr = explode(',',$this->getDN());
476  return $dn_arr[0];
477 
478 
479  case self::TYPE_ATTRIBUTE:
480  return $this->getAttributeName().'='.$this->getAttributeValue();
481  }
482  }
483 
484 
492  public function create()
493  {
494  global $ilDB;
495 
496  $next_id = $ilDB->nextId('ldap_role_assignments');
497 
498  $query = "INSERT INTO ldap_role_assignments (server_id,rule_id,type,dn,attribute,isdn,att_name,att_value,role_id, ".
499  "add_on_update, remove_on_update, plugin_id ) ".
500  "VALUES( ".
501  $this->db->quote($this->getServerId(),'integer').", ".
502  $this->db->quote($next_id,'integer').", ".
503  $this->db->quote($this->getType(),'integer').", ".
504  $this->db->quote($this->getDN(),'text').", ".
505  $this->db->quote($this->getMemberAttribute(),'text').", ".
506  $this->db->quote($this->isMemberAttributeDN(),'integer').", ".
507  $this->db->quote($this->getAttributeName(),'text').", ".
508  $this->db->quote($this->getAttributeValue(),'text').", ".
509  $this->db->quote($this->getRoleId(),'integer').", ".
510  $this->db->quote($this->isAddOnUpdateEnabled(), 'integer').', '.
511  $this->db->quote($this->isRemoveOnUpdateEnabled(), 'integer').', '.
512  $this->db->quote($this->getPluginId(),'integer').' '.
513  ")";
514  $res = $ilDB->manipulate($query);
515  $this->rule_id = $next_id;
516 
517  return true;
518  }
519 
526  public function update()
527  {
528  global $ilDB;
529 
530  $query = "UPDATE ldap_role_assignments ".
531  "SET server_id = ".$this->db->quote($this->getServerId(),'integer').", ".
532  "type = ".$this->db->quote($this->getType(),'integer').", ".
533  "dn = ".$this->db->quote($this->getDN(),'text').", ".
534  "attribute = ".$this->db->quote($this->getMemberAttribute(),'text').", ".
535  "isdn = ".$this->db->quote($this->isMemberAttributeDN(),'integer').", ".
536  "att_name = ".$this->db->quote($this->getAttributeName(),'text').", ".
537  "att_value = ".$this->db->quote($this->getAttributeValue(),'text').", ".
538  "role_id = ".$this->db->quote($this->getRoleId(),'integer').", ".
539  "add_on_update = ".$this->db->quote($this->isAddOnUpdateEnabled(),'integer').', '.
540  'remove_on_update = '.$this->db->quote($this->isRemoveOnUpdateEnabled(),'integer').', '.
541  'plugin_id = '.$this->db->quote($this->getPluginId(),'integer').' '.
542  "WHERE rule_id = ".$this->db->quote($this->getRuleId(),'integer')." ";
543  $res = $ilDB->manipulate($query);
544  return true;
545  }
546 
553  public function validate()
554  {
555  global $ilErr;
556 
557  $ilErr->setMessage('');
558 
559  if(!$this->getRoleId())
560  {
561  $ilErr->setMessage('fill_out_all_required_fields');
562  return false;
563  }
564  switch($this->getType())
565  {
566  case self::TYPE_GROUP:
567  if(!strlen($this->getDN()) or !strlen($this->getMemberAttribute()))
568  {
569  $ilErr->setMessage('fill_out_all_required_fields');
570  return false;
571  }
572  break;
573  case self::TYPE_ATTRIBUTE:
574  if(!strlen($this->getAttributeName()) or !strlen($this->getAttributeValue()))
575  {
576  $ilErr->setMessage('fill_out_all_required_fields');
577  return false;
578  }
579  break;
580 
581  case self::TYPE_PLUGIN:
582  if(!$this->getPluginId())
583  {
584  $ilErr->setMessage('ldap_err_missing_plugin_id');
585  return false;
586  }
587  break;
588 
589  default:
590  $ilErr->setMessage('ldap_no_type_given');
591  return false;
592  }
593  return true;
594  }
595 
602  public function delete()
603  {
604  global $ilDB;
605 
606  $query = "DELETE FROM ldap_role_assignments ".
607  "WHERE rule_id = ".$this->db->quote($this->getRuleId(),'integer')." ";
608  $res = $ilDB->manipulate($query);
609  return true;
610 
611  }
618  private function read()
619  {
620  global $ilDB;
621 
622  $query = "SELECT * FROM ldap_role_assignments ".
623  "WHERE rule_id = ".$this->db->quote($this->getRuleId(),'integer')." ";
624 
625  $res = $this->db->query($query);
626  while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
627  {
628  $this->setServerId($row->server_id);
629  $this->setType($row->type);
630  $this->setDN($row->dn);
631  $this->setMemberAttribute($row->attribute);
632  $this->setMemberIsDN($row->isdn);
633  $this->setAttributeName($row->att_name);
634  $this->setAttributeValue($row->att_value);
635  $this->setRoleId($row->role_id);
636  $this->enableAddOnUpdate($row->add_on_update);
637  $this->enableRemoveOnUpdate($row->remove_on_update);
638  $this->setPluginId($row->plugin_id);
639  }
640  }
641 }
642 ?>