ILIAS  release_4-3 Revision
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilAuthShibbolethSettingsGUI.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
14 
18  private $ctrl;
22  private $ilias;
26  private $tabs_gui;
30  private $lng;
34  private $tpl;
38  private $ref_id;
39 
40 
47  public function __construct($a_auth_ref_id) {
48  global $lng, $ilCtrl, $tpl, $ilTabs, $ilias;
49  $this->ctrl = $ilCtrl;
50  $this->tabs_gui = $ilTabs;
51  $this->lng = $lng;
52  $this->lng->loadLanguageModule('shib');
53  $this->ilias = $ilias;
54  $this->tpl = $tpl;
55  $this->ref_id = $a_auth_ref_id;
56  $this->obj_id = ilObject::_lookupObjId($this->ref_id);
57  }
58 
59 
65  public function executeCommand() {
66  global $ilAccess, $ilErr, $ilCtrl;
67  $next_class = $this->ctrl->getNextClass($this);
68  $cmd = $this->ctrl->getCmd();
69  if (! $ilAccess->checkAccess('read', '', $this->ref_id)) {
70  $ilErr->raiseError($this->lng->txt('msg_no_perm_read'), $ilErr->WARNING);
71  }
72  if (! $ilAccess->checkAccess('write', '', $this->ref_id) && $cmd != "settings") {
73  ilUtil::sendFailure($this->lng->txt('msg_no_perm_write'), true);
74  $ilCtrl->redirect($this, "settings");
75  }
76  $this->setSubTabs();
77  switch ($next_class) {
78  default:
79  if (! $cmd) {
80  $cmd = "settings";
81  }
82  $this->$cmd();
83  break;
84  }
85 
86  return true;
87  }
88 
89 
90  public function settings() {
91  global $rbacreview;
92  $this->tabs_gui->setSubTabActive('shib_settings');
93  // set already saved data or default value for port
94  $settings = $this->ilias->getAllSettings();
95  // Compose role list
96  $role_list = $rbacreview->getRolesByFilter(2);
97  $role = array();
98  if (! isset($settings["shib_user_default_role"])) {
99  $settings["shib_user_default_role"] = 4;
100  }
101  if (! isset($settings["shib_idp_list"]) || $settings["shib_idp_list"] == '') {
102  $settings["shib_idp_list"] = "urn:mace:organization1:providerID, Example Organization 1\nurn:mace:organization2:providerID, Example Organization 2, /Shibboleth.sso/WAYF/SWITCHaai";
103  }
104  if (! isset($settings["shib_login_button"]) || $settings["shib_login_button"] == '') {
105  $settings["shib_login_button"] = "templates/default/images/shib_login_button.png";
106  }
107  if (! isset($settings["shib_hos_type"]) || $settings["shib_hos_type"] == '') {
108  $settings["shib_hos_type"] = 'internal_wayf';
109  }
110  foreach ($role_list as $data) {
111  $role[$data["obj_id"]] = $data["title"];
112  }
113  // Set text field content
114  $shib_settings = array(
115  'shib_login',
116  'shib_title',
117  'shib_firstname',
118  'shib_lastname',
119  'shib_email',
120  'shib_gender',
121  'shib_institution',
122  'shib_department',
123  'shib_zipcode',
124  'shib_city',
125  'shib_country',
126  'shib_street',
127  'shib_phone_office',
128  'shib_phone_home',
129  'shib_phone_mobile',
130  'shib_language',
131  'shib_matriculation',
132  );
133  //set PropertyFormGUI
134  include_once("./Services/Form/classes/class.ilPropertyFormGUI.php");
135  $propertys = new ilPropertyFormGUI();
136  $propertys->setTitle($this->lng->txt("shib"));
137  $propertys->setFormAction($this->ctrl->getFormAction($this, "save"));
138  $propertys->addCommandButton("save", $this->lng->txt("save"));
139  $propertys->addCommandButton("settings", $this->lng->txt("cancel"));
140  //set enable shibboleth support
141  $enable = new ilCheckboxInputGUI();
142  $enable->setTitle($this->lng->txt("shib_active"));
143  $read_me_link = "./Services/AuthShibboleth/README.SHIBBOLETH.txt";
144  $info = "<a href='" . $read_me_link . "' target='_blank'>" . $this->lng->txt("auth_shib_instructions") . "</a>";
145  $enable->setInfo($info);
146  $enable->setPostVar("shib[active]");
147  $enable->setChecked($settings["shib_active"]);
148  //set allow local authentication
149  $local = new ilCheckboxInputGUI();
150  $local->setTitle($this->lng->txt("auth_allow_local"));
151  $local->setPostVar("shib[auth_allow_local]");
152  $local->setChecked($settings['shib_auth_allow_local']);
153  //set user default role
154  $defaultrole = new ilSelectInputGUI();
155  $defaultrole->setTitle($this->lng->txt("shib_user_default_role"));
156  $defaultrole->setPostVar("shib[user_default_role]");
157  $defaultrole->setOptions($role);
158  $defaultrole->setRequired(true);
159  $defaultrole->setValue($settings["shib_user_default_role"]);
160  //set name of federation
161  $name = new ilTextInputGUI();
162  $name->setTitle($this->lng->txt("shib_federation_name"));
163  $name->setPostVar("shib[federation_name]");
164  $name->setSize(40);
165  $name->setMaxLength(50);
166  $name->setRequired(true);
167  $name->setValue(stripslashes($settings["shib_federation_name"]));
168  //set Organize selection group
169  include_once("./Services/Form/classes/class.ilRadioGroupInputGUI.php");
170  include_once("./Services/Form/classes/class.ilRadioOption.php");
171  $organize = new ilRadioGroupInputGUI();
172  $organize->setTitle($this->lng->txt("shib_login_type"));
173  $organize->setPostVar("shib[hos_type]");
174  $organize->setRequired(true);
175  $organize->setValue($settings["shib_hos_type"]);
176  //set 1. option internalwayf
177  $internalwayf = new ilRadioOption();
178  $internalwayf->setTitle($this->lng->txt("shib_login_internal_wayf"));
179  $internalwayf->setValue("internal_wayf");
180  //set 1. option internalwayf textbox idplist
181  $idplist = new ilTextAreaInputGUI();
182  $idplist->setInfo($this->lng->txt("shib_idp_list"));
183  $idplist->setPostVar("shib[idp_list]");
184  $idplist->setRows(3);
185  $idplist->setCols(50);
186  $idplist->setValue($settings["shib_idp_list"]);
187  //set 2. Option externalwayf
188  $externalwayf = new ilRadioOption();
189  $externalwayf->setTitle($this->lng->txt("shib_login_external_wayf"));
190  $externalwayf->setValue("external_wayf");
191  //set 2. Option externalwayf textfield path to login button image
192  $loginbutton = new ilTextInputGUI();
193  $loginbutton->setInfo($this->lng->txt("shib_login_button"));
194  $loginbutton->setPostVar("shib[login_button]");
195  $loginbutton->setSize(50);
196  $loginbutton->setMaxLength(255);
197  $loginbutton->setValue($settings["shib_login_button"]);
198  //set 3. Option embeddedwayf
199  $embeddedwayf = new ilRadioOption();
200  $embeddedwayf->setTitle($this->lng->txt("shib_login_embedded_wayf"));
201  $embeddedwayf->setInfo($this->lng->txt("shib_login_embedded_wayf_description"));
202  $embeddedwayf->setValue("embedded_wayf");
203  //set login instructions
204  $logininstruction = new ilTextAreaInputGUI();
205  $logininstruction->setTitle($this->lng->txt("auth_login_instructions"));
206  $logininstruction->setPostVar("shib[login_instructions]");
207  $logininstruction->setRows(3);
208  $logininstruction->setCols(50);
209  $logininstruction->setValue(stripslashes($settings["shib_login_instructions"]));
210  //set path to data manipulation API
211  $dataconv = new ilTextInputGUI();
212  $dataconv->setTitle($this->lng->txt("shib_data_conv"));
213  $dataconv->setPostVar("shib[data_conv]");
214  $dataconv->setSize(80);
215  $dataconv->setMaxLength(512);
216  $dataconv->setValue($settings["shib_data_conv"]);
217  //field mappings
218  $fields = array();
219  foreach ($shib_settings as $setting) {
220  $field = ereg_replace('shib_', '', $setting);
221  $textinput = new ilTextInputGUI();
222  $textinput->setTitle($this->lng->txt($setting));
223  $textinput->setPostVar("shib[" . $field . "]");
224  $textinput->setValue($settings[$setting]);
225  $textinput->setSize(40);
226  $textinput->setMaxLength(50);
227  $checkinput = new ilCheckboxInputGUI("");
228  $checkinput->setOptionTitle($this->lng->txt("shib_update"));
229  $checkinput->setPostVar("shib[update_" . $field . "]");
230  $checkinput->setChecked($settings["shib_update_" . $field]);
231  if ($setting == 'shib_login' || $setting == 'shib_title' || $setting == 'shib_firstname'
232  || $setting == 'shib_lastname'
233  || $setting == 'shib_email'
234  ) {
235  $textinput->setRequired(true);
236  }
237  $fields[$setting] = array( "text" => $textinput, "check" => $checkinput );
238  }
239  $propertys->addItem($enable);
240  $propertys->addItem($local);
241  $propertys->addItem($defaultrole);
242  $propertys->addItem($name);
243  $internalwayf->addSubItem($idplist);
244  $organize->addOption($internalwayf);
245  $externalwayf->addSubItem($loginbutton);
246  $organize->addOption($externalwayf);
247  $organize->addOption($embeddedwayf);
248  $propertys->addItem($organize);
249  $propertys->addItem($logininstruction);
250  $propertys->addItem($dataconv);
251  foreach ($shib_settings as $setting) {
252  $propertys->addItem($fields[$setting]["text"]);
253  if ($setting != "shib_login") {
254  $propertys->addItem($fields[$setting]["check"]);
255  }
256  }
257  $this->tpl->setContent($propertys->getHTML());
258  }
259 
260 
261  public function save() {
262  global $ilUser;
263  // validate required data
264  if (! $_POST["shib"]["login"]
265  or ! $_POST["shib"]["hos_type"]
266  or ! $_POST["shib"]["firstname"]
267  or ! $_POST["shib"]["lastname"]
268  or ! $_POST["shib"]["email"]
269  or ! $_POST["shib"]["user_default_role"]
270  or ! $_POST["shib"]["federation_name"]
271  ) {
272  $this->ilias->raiseError($this->lng->txt("fill_out_all_required_fields"), $this->ilias->error_obj->MESSAGE);
273  }
274  // validate api
275  if ($_POST["shib"]["data_conv"]
276  and $_POST["shib"]["data_conv"] != ''
277  and ! is_readable($_POST["shib"]["data_conv"])
278  ) {
279  $this->ilias->raiseError($this->lng->txt("shib_data_conv_warning"), $this->ilias->error_obj->MESSAGE);
280  }
281  // all ok. save settings
282  $shib_settings = array(
283  'shib_login',
284  'shib_title',
285  'shib_firstname',
286  'shib_lastname',
287  'shib_email',
288  'shib_gender',
289  'shib_institution',
290  'shib_department',
291  'shib_zipcode',
292  'shib_city',
293  'shib_country',
294  'shib_street',
295  'shib_phone_office',
296  'shib_phone_home',
297  'shib_phone_mobile',
298  'shib_language',
299  'shib_matriculation'
300  );
301  foreach ($shib_settings as $setting) {
302  $field = ereg_replace('shib_', '', $setting);
303  if ($_POST["shib"]["update_" . $field] != "1") {
304  $_POST["shib"]["update_" . $field] = "0";
305  }
306  $this->ilias->setSetting($setting, trim($_POST["shib"][$field]));
307  $this->ilias->setSetting("shib_update_" . $field, $_POST["shib"]["update_" . $field]);
308  }
309  if ($_POST["shib"]["active"] != "1") {
310  $this->ilias->setSetting("shib_active", "0");
311  } else {
312  $this->ilias->setSetting("shib_active", "1");
313  }
314  $this->ilias->setSetting("shib_user_default_role", $_POST["shib"]["user_default_role"]);
315  $this->ilias->setSetting("shib_hos_type", $_POST["shib"]["hos_type"]);
316  $this->ilias->setSetting("shib_federation_name", $_POST["shib"]["federation_name"]);
317  $this->ilias->setSetting("shib_idp_list", $_POST["shib"]["idp_list"]);
318  $this->ilias->setSetting("shib_login_instructions", $_POST["shib"]["login_instructions"]);
319  $this->ilias->setSetting("shib_login_button", $_POST["shib"]["login_button"]);
320  $this->ilias->setSetting("shib_data_conv", $_POST["shib"]["data_conv"]);
321  $this->ilias->setSetting("shib_auth_allow_local", ($_POST['shib']['auth_allow_local'] == '1') ? '1' : '0');
322  ilUtil::sendSuccess($this->lng->txt("shib_settings_saved"), true);
323  $this->ctrl->redirect($this, 'settings');
324  }
325 
326 
327  protected function roleAssignment() {
328  $this->tabs_gui->setSubTabActive('shib_role_assignment');
329  $this->initFormRoleAssignment('default');
330  $this->tpl->addBlockFile('ADM_CONTENT', 'adm_content', 'tpl.shib_role_assignment.html', 'Services/AuthShibboleth');
331  $this->tpl->setVariable('NEW_RULE_TABLE', $this->form->getHTML());
332  if (strlen($html = $this->parseRulesTable())) {
333  $this->tpl->setVariable('RULE_TABLE', $html);
334  }
335 
336  return true;
337  }
338 
339 
340  protected function parseRulesTable() {
341  include_once('./Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRules.php');
343  return '';
344  }
345  include_once('./Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentTableGUI.php');
346  $rules_table = new ilShibbolethRoleAssignmentTableGUI($this, 'roleAssignment');
347  $rules_table->setTitle($this->lng->txt('shib_rules_tables'));
348  $rules_table->parse(ilShibbolethRoleAssignmentRules::getAllRules());
349  $rules_table->addMultiCommand("confirmDeleteRules", $this->lng->txt("delete"));
350  $rules_table->setSelectAllCheckbox("rule_id");
351 
352  return $rules_table->getHTML();
353  }
354 
355 
364  protected function confirmDeleteRules() {
365  if (! is_array($_POST['rule_ids'])) {
366  ilUtil::sendFailure($this->lng->txt('select_one'));
367  $this->roleAssignment();
368 
369  return false;
370  }
371  $this->tabs_gui->setSubTabActive('shib_role_assignment');
372  include_once("Services/Utilities/classes/class.ilConfirmationGUI.php");
373  $c_gui = new ilConfirmationGUI();
374  // set confirm/cancel commands
375  $c_gui->setFormAction($this->ctrl->getFormAction($this, "deleteRules"));
376  $c_gui->setHeaderText($this->lng->txt("shib_confirm_del_role_ass"));
377  $c_gui->setCancel($this->lng->txt("cancel"), "roleAssignment");
378  $c_gui->setConfirm($this->lng->txt("confirm"), "deleteRules");
379  // add items to delete
380  include_once('Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRule.php');
381  foreach ($_POST["rule_ids"] as $rule_id) {
382  $rule = new ilShibbolethRoleAssignmentRule($rule_id);
383  $info = ilObject::_lookupTitle($rule->getRoleId());
384  $info .= " (";
385  $info .= $rule->conditionToString();
386  $info .= ')';
387  $c_gui->addItem('rule_ids[]', $rule_id, $info);
388  }
389  $this->tpl->setContent($c_gui->getHTML());
390  }
391 
392 
399  protected function deleteRules() {
400  if (! is_array($_POST['rule_ids'])) {
401  ilUtil::sendFailure($this->lng->txt('select_once'));
402  $this->roleAssignment();
403 
404  return false;
405  }
406  include_once('Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRule.php');
407  foreach ($_POST["rule_ids"] as $rule_id) {
408  $rule = new ilShibbolethRoleAssignmentRule($rule_id);
409  $rule->delete();
410  }
411  ilUtil::sendSuccess($this->lng->txt('shib_deleted_rule'));
412  $this->roleAssignment();
413 
414  return true;
415  }
416 
417 
418  protected function initFormRoleAssignment($a_mode = 'default') {
419  include_once('./Services/Form/classes/class.ilPropertyFormGUI.php');
420  $this->form = new ilPropertyFormGUI();
421  $this->form->setFormAction($this->ctrl->getFormAction($this, 'cancel'));
422  $this->form->setTitle($this->lng->txt('shib_role_ass_table'));
423  if ($a_mode == 'default') {
424  $this->form->setTitle($this->lng->txt('shib_role_ass_table'));
425  $this->form->addCommandButton('addRoleAssignmentRule', $this->lng->txt('shib_new_rule'));
426  $this->form->addCommandButton('settings', $this->lng->txt('cancel'));
427  } else {
428  $this->form->setTitle($this->lng->txt('shib_update_role_ass_table'));
429  $this->form->addCommandButton('updateRoleAssignmentRule', $this->lng->txt('save'));
430  $this->form->addCommandButton('roleAssignment', $this->lng->txt('cancel'));
431  }
432  // Role selection
433  $role = new ilRadioGroupInputGUI($this->lng->txt('shib_role_name'), 'role_name');
434  $role->setRequired(true);
435  $global = new ilRadioOption($this->lng->txt('shib_global_role'), 0);
436  $role->addOption($global);
437  $role_select = new ilSelectInputGUI('', 'role_id');
438  $role_select->setOptions($this->prepareRoleSelect());
439  $global->addSubItem($role_select);
440  $local = new ilRadioOption($this->lng->txt('shib_local_role'), 1);
441  $role->addOption($local);
442  include_once './Services/Form/classes/class.ilRoleAutoCompleteInputGUI.php';
443  $role_search = new ilRoleAutoCompleteInputGUI('', 'role_search', $this, 'addRoleAutoCompleteObject');
444  $role_search->setSize(40);
445  $local->addSubItem($role_search);
446  include_once './Services/AccessControl/classes/class.ilRoleAutoComplete.php';
447  $role->setInfo($this->lng->txt('shib_role_name_info'));
448  $this->form->addItem($role);
449  // Update options
450  $update = new ilNonEditableValueGUI($this->lng->txt('shib_update_roles'), 'update_roles');
451  $update->setValue($this->lng->txt('shib_check_role_assignment'));
452  $add = new ilCheckboxInputGUI('', 'add_missing');
453  $add->setOptionTitle($this->lng->txt('shib_add_missing'));
454  $add->setValue(1);
455  $update->addSubItem($add);
456  $remove = new ilCheckboxInputGUI('', 'remove_deprecated');
457  $remove->setOptionTitle($this->lng->txt('shib_remove_deprecated'));
458  $remove->setValue(1);
459  $update->addSubItem($remove);
460  $this->form->addItem($update);
461  // Assignment type
462  $kind = new ilRadioGroupInputGUI($this->lng->txt('shib_assignment_type'), 'kind');
463  $kind->setValue(1);
464  $kind->setRequired(true);
465  $attr = new ilRadioOption($this->lng->txt('shib_attribute'), 1);
466  $attr->setInfo($this->lng->txt('shib_attr_info'));
467  $name = new ilTextInputGUI($this->lng->txt('shib_attribute_name'), 'attr_name');
468  $name->setSize(32);
469  $attr->addSubItem($name);
470  $value = new ilTextInputGUI($this->lng->txt('shib_attribute_value'), 'attr_value');
471  $value->setSize(32);
472  $attr->addSubItem($value);
473  $kind->addOption($attr);
474  $pl_active = (bool)$this->hasActiveRoleAssignmentPlugins();
475  $pl = new ilRadioOption($this->lng->txt('shib_plugin'), 2);
476  $pl->setInfo($this->lng->txt('shib_plugin_info'));
477  $pl->setDisabled(! $pl_active);
478  $id = new ilNumberInputGUI($this->lng->txt('shib_plugin_id'), 'plugin_id');
479  $id->setDisabled(! $pl_active);
480  $id->setSize(3);
481  $id->setMaxLength(3);
482  $id->setMaxValue(999);
483  $id->setMinValue(1);
484  $pl->addSubItem($id);
485  $kind->addOption($pl);
486  $this->form->addItem($kind);
487  }
488 
489 
494  include_once("./Services/Form/classes/class.ilRoleAutoCompleteInputGUI.php");
496  }
497 
498 
499  protected function addRoleAssignmentRule() {
500  global $ilAccess, $ilErr;
501  if (! $ilAccess->checkAccess('write', '', $this->ref_id)) {
502  ilUtil::sendFailure($this->lng->txt('permission_denied'), true);
503  $this->roleAssignment();
504 
505  return false;
506  }
507  $this->initFormRoleAssignment();
508  if (! $this->form->checkInput() or ($err = $this->checkInput())) {
509  if ($err) {
510  ilUtil::sendFailure($this->lng->txt($err));
511  }
512  $this->tabs_gui->setSubTabActive('shib_role_assignment');
513  $this->form->setValuesByPost();
514  $this->tpl->addBlockFile('ADM_CONTENT', 'adm_content', 'tpl.shib_role_assignment.html', 'Services/AuthShibboleth');
515  $this->tpl->setVariable('NEW_RULE_TABLE', $this->form->getHTML());
516  if (strlen($html = $this->parseRulesTable())) {
517  $this->tpl->setVariable('RULE_TABLE', $html);
518  }
519 
520  return true;
521  }
522  // Redirects if required
523  $this->showLocalRoleSelection();
524  $this->rule->add();
525  ilUtil::sendSuccess($this->lng->txt('settings_saved'));
526  $this->roleAssignment();
527 
528  return true;
529  }
530 
531 
537  protected function editRoleAssignment() {
538  $this->ctrl->setParameter($this, 'rule_id', (int)$_GET['rule_id']);
539  $this->tabs_gui->setSubTabActive('shib_role_assignment');
540  $this->initFormRoleAssignment('update');
541  $this->getRuleValues();
542  $this->tpl->addBlockFile('ADM_CONTENT', 'adm_content', 'tpl.shib_role_assignment.html', 'Services/AuthShibboleth');
543  $this->tpl->setVariable('NEW_RULE_TABLE', $this->form->getHTML());
544 
545  return true;
546  }
547 
548 
549  protected function updateRoleAssignmentRule() {
550  global $ilAccess, $ilErr;
551  if (! $ilAccess->checkAccess('write', '', $this->ref_id)) {
552  ilUtil::sendFailure($this->lng->txt('permission_denied'), true);
553  $this->roleAssignment();
554 
555  return false;
556  }
557  $this->initFormRoleAssignment();
558  if (! $this->form->checkInput() or ($err = $this->checkInput((int)$_REQUEST['rule_id']))) {
559  if ($err) {
560  ilUtil::sendFailure($this->lng->txt($err));
561  }
562  $this->tabs_gui->setSubTabActive('shib_role_assignment');
563  $this->form->setValuesByPost();
564  $this->tpl->addBlockFile('ADM_CONTENT', 'adm_content', 'tpl.shib_role_assignment.html', 'Services/AuthShibboleth');
565  $this->tpl->setVariable('NEW_RULE_TABLE', $this->form->getHTML());
566 
567  return true;
568  }
569  $this->showLocalRoleSelection('update');
570  $this->rule->update();
571  ilUtil::sendSuccess($this->lng->txt('settings_saved'));
572  $this->roleAssignment();
573 
574  return true;
575  }
576 
577 
578  private function loadRule($a_rule_id = 0) {
579  include_once('./Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRule.php');
580  $this->rule = new ilShibbolethRoleAssignmentRule($a_rule_id);
581  if ($this->form->getInput('role_name') == 0) {
582  $this->rule->setRoleId($this->form->getInput('role_id'));
583  } elseif ($this->form->getInput('role_search')) {
584  // Search role
585  include_once './Services/Search/classes/class.ilQueryParser.php';
586  $parser = new ilQueryParser($this->form->getInput('role_search'));
587  // TODO: Handle minWordLength
588  $parser->setMinWordLength(1, true);
589  $parser->setCombination(QP_COMBINATION_AND);
590  $parser->parse();
591  include_once 'Services/Search/classes/Like/class.ilLikeObjectSearch.php';
592  $object_search = new ilLikeObjectSearch($parser);
593  $object_search->setFilter(array( 'role' ));
594  $res = $object_search->performSearch();
595  $entries = $res->getEntries();
596  if (count($entries) == 1) {
597  $role = current($entries);
598  $this->rule->setRoleId($role['obj_id']);
599  } elseif (count($entries) > 1) {
600  $this->rule->setRoleId(- 1);
601  }
602  }
603  $this->rule->setName($this->form->getInput('attr_name'));
604  $this->rule->setValue($this->form->getInput('attr_value'));
605  $this->rule->enableAddOnUpdate($this->form->getInput('add_missing'));
606  $this->rule->enableRemoveOnUpdate($this->form->getInput('remove_deprecated'));
607  $this->rule->enablePlugin($this->form->getInput('kind') == 2);
608  $this->rule->setPluginId($this->form->getInput('plugin_id'));
609 
610  return $this->rule;
611  }
612 
613 
614  private function getRuleValues() {
615  global $rbacreview;
616  include_once './Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRule.php';
617  $rule = new ilShibbolethRoleAssignmentRule((int)$_GET['rule_id']);
618  $role = $rule->getRoleId();
619  if ($rbacreview->isGlobalRole($role)) {
620  $values['role_name'] = 0;
621  $values['role_id'] = $role;
622  } else {
623  $values['role_name'] = 1;
624  $values['role_search'] = ilObject::_lookupTitle($role);
625  }
626  $values['add_missing'] = (int)$rule->isAddOnUpdateEnabled();
627  $values['remove_deprecated'] = (int)$rule->isRemoveOnUpdateEnabled();
628  $values['attr_name'] = $rule->getName();
629  $values['attr_value'] = $rule->getValue();
630  if (! $rule->isPluginActive()) {
631  $values['kind'] = 1;
632  } else {
633  $values['kind'] = 2;
634  $values['plugin_id'] = $rule->getPluginId();
635  }
636  $this->form->setValuesByArray($values);
637  }
638 
639 
640  private function checkInput($a_rule_id = 0) {
641  $this->loadRule($a_rule_id);
642 
643  return $this->rule->validate();
644  }
645 
646 
647  private function showLocalRoleSelection() {
648  if ($this->rule->getRoleId() > 0) {
649  return false;
650  }
651  $_SESSION['shib_role_ass']['rule_id'] = $_REQUEST['rule_id'] ? $_REQUEST['rule_id'] : 0;
652  $_SESSION['shib_role_ass']['search'] = $this->form->getInput('role_search');
653  $_SESSION['shib_role_ass']['add_on_update'] = $this->rule->isAddOnUpdateEnabled();
654  $_SESSION['shib_role_ass']['remove_on_update'] = $this->rule->isRemoveOnUpdateEnabled();
655  $_SESSION['shib_role_ass']['name'] = $this->rule->getName();
656  $_SESSION['shib_role_ass']['value'] = $this->rule->getValue();
657  $_SESSION['shib_role_ass']['plugin'] = $this->rule->isPluginActive();
658  $_SESSION['shib_role_ass']['plugin_id'] = $this->rule->getPluginId();
659  $this->ctrl->redirect($this, 'chooseRole');
660  }
661 
662 
663  protected function chooseRole() {
664  $this->tabs_gui->setSubTabActive('shib_role_assignment');
665  include_once './Services/Search/classes/class.ilQueryParser.php';
666  $parser = new ilQueryParser($_SESSION['shib_role_ass']['search']);
667  $parser->setMinWordLength(1, true);
668  $parser->setCombination(QP_COMBINATION_AND);
669  $parser->parse();
670  include_once 'Services/Search/classes/Like/class.ilLikeObjectSearch.php';
671  $object_search = new ilLikeObjectSearch($parser);
672  $object_search->setFilter(array( 'role' ));
673  $res = $object_search->performSearch();
674  $entries = $res->getEntries();
675  include_once './Services/AccessControl/classes/class.ilRoleSelectionTableGUI.php';
676  $table = new ilRoleSelectionTableGUI($this, 'chooseRole');
677  $table->setTitle($this->lng->txt('shib_role_selection'));
678  $table->addMultiCommand('saveRoleSelection', $this->lng->txt('shib_choose_role'));
679  $table->addCommandButton('roleAssignment', $this->lng->txt('cancel'));
680  $table->parse($entries);
681  $this->tpl->setContent($table->getHTML());
682 
683  return true;
684  }
685 
686 
687  protected function saveRoleSelection() {
688  $rule = new ilShibbolethRoleAssignmentRule($_SESSION['shib_role_ass']['rule_id']);
689  $rule->setRoleId((int)$_POST['role_id']);
690  $rule->setName($_SESSION['shib_role_ass']['name']);
691  $rule->setValue($_SESSION['shib_role_ass']['value']);
692  $rule->enablePlugin($_SESSION['shib_role_ass']['plugin']);
693  $rule->setPluginId($_SESSION['shib_role_ass']['plugin_id']);
694  $rule->enableAddOnUpdate($_SESSION['shib_role_ass']['add_on_update']);
695  $rule->enableRemoveOnUpdate($_SESSION['shib_role_ass']['remove_on_update']);
696  if ($rule->getRuleId()) {
697  $rule->update();
698  } else {
699  $rule->add();
700  }
701  ilUtil::sendSuccess($this->lng->txt('settings_saved'));
702  unset($_SESSION['shib_role_ass']);
703  $this->roleAssignment();
704  }
705 
706 
712  private function hasActiveRoleAssignmentPlugins() {
713  global $ilPluginAdmin;
714 
715  return count($ilPluginAdmin->getActivePluginsForSlot(IL_COMP_SERVICE, 'AuthShibboleth', 'shibhk'));
716  }
717 
718 
719  private function prepareRoleSelect($a_as_select = true) {
720  global $rbacreview, $ilObjDataCache;
721  $global_roles = ilUtil::_sortIds($rbacreview->getGlobalRoles(), 'object_data', 'title', 'obj_id');
722  $select[0] = $this->lng->txt('links_select_one');
723  foreach ($global_roles as $role_id) {
724  $select[$role_id] = ilObject::_lookupTitle($role_id);
725  }
726 
727  return $select;
728  }
729 
730 
731  protected function setSubTabs() {
732  global $ilSetting;
733  include_once './Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRules.php';
734  if ($ilSetting->get('shib_active') == 0 and ilShibbolethRoleAssignmentRules::getCountRules() == 0) {
735  return false;
736  }
737  // DONE: show sub tabs if there is any role assignment rule
738  $this->tabs_gui->addSubTabTarget('shib_settings', $this->ctrl->getLinkTarget($this, 'settings'));
739  $this->tabs_gui->addSubTabTarget('shib_role_assignment', $this->ctrl->getLinkTarget($this, 'roleAssignment'));
740 
741  return true;
742  }
743 }
744 
745 ?>