ILIAS  release_10 Revision v10.1-43-ga1241a92c2f
class.ilAuthShibbolethSettingsGUI.php
Go to the documentation of this file.
1 <?php
18 use ILIAS\DI\RBACServices;
19 use ILIAS\HTTP\Wrapper\WrapperFactory;
20 use ILIAS\Refinery\Factory as Refinery;
21 
31 class ilAuthShibbolethSettingsGUI
32 {
33  private const PARAM_RULE_ID = 'rule_id';
34 
35  private ilAccessHandler $access;
36  private ilComponentRepository $component_repository;
37  private ilCtrl $ctrl;
38  private ?ilPropertyFormGUI $form = null;
39  private ilSetting $global_settings;
40 
41  private ilLanguage $lng;
42  private RBACServices $rbac;
43  private ilRbacReview $rbac_review;
44  private int $ref_id;
45  private Refinery $refinery;
46  private ?ilShibbolethRoleAssignmentRule $rule = null;
47  private ilShibbolethSettings $shib_settings;
48  private ilTabsGUI $tabs_gui;
49  private ilGlobalTemplateInterface $tpl;
50  private WrapperFactory $wrapper;
51 
52 
53  public function __construct(int $a_auth_ref_id)
54  {
55  global $DIC;
56 
57  $this->access = $DIC->access();
58  $this->component_repository = $DIC["component.repository"];
59  $this->ctrl = $DIC->ctrl();
60  $this->global_settings = $DIC->settings();
61  $this->lng = $DIC->language();
62  $this->lng->loadLanguageModule('shib');
63  $this->rbac = $DIC->rbac();
64  $this->rbac_review = $DIC->rbac()->review();
65  $this->ref_id = $a_auth_ref_id;
66  $this->refinery = $DIC->refinery();
67  $this->shib_settings = new ilShibbolethSettings();
68  $this->tabs_gui = $DIC->tabs();
69  $this->tpl = $DIC->ui()->mainTemplate();
70  $this->wrapper = $DIC->http()->wrapper();
71  }
72 
77  public function executeCommand(): void
78  {
79  $cmd = $this->ctrl->getCmd();
80  if (!$this->access->checkAccess('read', '', $this->ref_id)) {
81  throw new ilException('Permission denied');
82  }
83  if ($cmd !== "settings" && !$this->access->checkAccess('write', '', $this->ref_id)) {
84  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('msg_no_perm_write'), true);
85  $this->ctrl->redirect($this, "settings");
86  }
87  $this->setSubTabs();
88  if (!$cmd) {
89  $cmd = "settings";
90  }
91  $this->$cmd();
92  }
93 
97  public function settings(): void
98  {
99  $this->tabs_gui->activateSubTab('shib_settings');
100  $form = new ilShibbolethSettingsForm(
101  $this->shib_settings,
102  $this->ctrl->getLinkTarget($this, 'save')
103  );
104 
105  $this->tpl->setContent($form->getHTML());
106  }
107 
111  public function save(): void
112  {
113  $form = new ilShibbolethSettingsForm(
114  $this->shib_settings,
115  $this->ctrl->getLinkTarget($this, 'save')
116  );
117  $form->setValuesByPost();
118  if ($form->saveObject()) {
119  $this->tpl->setOnScreenMessage('success', $this->lng->txt("shib_settings_saved"), true);
120  $this->ctrl->redirect($this, 'settings');
121  }
122  $this->tpl->setContent($form->getHTML());
123  }
124 
128  protected function roleAssignment(): bool
129  {
130  $this->tabs_gui->activateSubTab('shib_role_assignment');
131  $this->initFormRoleAssignment();
132  $this->tpl->addBlockFile(
133  'ADM_CONTENT',
134  'adm_content',
135  'tpl.shib_role_assignment.html',
136  'components/ILIAS/AuthShibboleth'
137  );
138  $this->tpl->setVariable('NEW_RULE_TABLE', $this->form->getHTML());
139  if (($html = $this->parseRulesTable()) !== '') {
140  $this->tpl->setVariable('RULE_TABLE', $html);
141  }
142 
143  return true;
144  }
145 
149  protected function parseRulesTable(): string
150  {
151  if (ilShibbolethRoleAssignmentRules::getCountRules() === 0) {
152  return '';
153  }
154  $rules_table = new ilShibbolethRoleAssignmentTableGUI($this, 'roleAssignment');
155  $rules_table->setTitle($this->lng->txt('shib_rules_tables'));
156  $rules_table->parse(ilShibbolethRoleAssignmentRules::getAllRules());
157  $rules_table->addMultiCommand("confirmDeleteRules", $this->lng->txt("delete"));
158  $rules_table->setSelectAllCheckbox(self::PARAM_RULE_ID);
159 
160  return $rules_table->getHTML();
161  }
162 
166  protected function confirmDeleteRules(): bool
167  {
168  if (!$this->wrapper->post()->has('rule_ids')) {
169  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('select_one'));
170  $this->roleAssignment();
171 
172  return false;
173  }
174  $this->tabs_gui->activateTab('shib_role_assignment');
175  $c_gui = new ilConfirmationGUI();
176  // set confirm/cancel commands
177  $c_gui->setFormAction($this->ctrl->getFormAction($this, "deleteRules"));
178  $c_gui->setHeaderText($this->lng->txt("shib_confirm_del_role_ass"));
179  $c_gui->setCancel($this->lng->txt("cancel"), "roleAssignment");
180  $c_gui->setConfirm($this->lng->txt("confirm"), "deleteRules");
181 
182  $rule_ids = $this->wrapper->post()->retrieve(
183  'rule_ids',
184  $this->refinery->to()->listOf($this->refinery->kindlyTo()->int())
185  );
186  foreach ($rule_ids as $rule_id) {
187  $rule = new ilShibbolethRoleAssignmentRule($rule_id);
188  $info = ilObject::_lookupTitle($rule->getRoleId());
189  $info .= " (";
190  $info .= $rule->conditionToString();
191  $info .= ')';
192  $c_gui->addItem('rule_ids[]', $rule_id, $info);
193  }
194  $this->tpl->setContent($c_gui->getHTML());
195  return true;
196  }
197 
201  protected function deleteRules(): bool
202  {
203  if (!$this->wrapper->post()->has('rule_ids')) {
204  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('select_once'));
205  $this->roleAssignment();
206 
207  return false;
208  }
209  $rule_ids = $this->wrapper->post()->retrieve(
210  'rule_ids',
211  $this->refinery->to()->listOf($this->refinery->kindlyTo()->int())
212  );
213  foreach ($rule_ids as $rule_id) {
214  $rule = new ilShibbolethRoleAssignmentRule($rule_id);
215  $rule->delete();
216  }
217  $this->tpl->setOnScreenMessage('success', $this->lng->txt('shib_deleted_rule'));
218  $this->roleAssignment();
219 
220  return true;
221  }
222 
226  protected function initFormRoleAssignment(string $a_mode = 'default'): void
227  {
228  $this->form = new ilPropertyFormGUI();
229  $this->form->setFormAction($this->ctrl->getFormAction($this, 'cancel'));
230  $this->form->setTitle($this->lng->txt('shib_role_ass_table'));
231  if ($a_mode === 'default') {
232  $this->form->setTitle($this->lng->txt('shib_role_ass_table'));
233  $this->form->addCommandButton('addRoleAssignmentRule', $this->lng->txt('shib_new_rule'));
234  $this->form->addCommandButton('settings', $this->lng->txt('cancel'));
235  } else {
236  $this->form->setTitle($this->lng->txt('shib_update_role_ass_table'));
237  $this->form->addCommandButton('updateRoleAssignmentRule', $this->lng->txt('save'));
238  $this->form->addCommandButton('roleAssignment', $this->lng->txt('cancel'));
239  }
240  // Role selection
241  $role = new ilRadioGroupInputGUI($this->lng->txt('shib_role_name'), 'role_name');
242  $role->setRequired(true);
243  $global = new ilRadioOption($this->lng->txt('shib_global_role'), 0);
244  $role->addOption($global);
245  $role_select = new ilSelectInputGUI('', 'role_id');
246  $role_select->setOptions($this->prepareRoleSelect());
247  $global->addSubItem($role_select);
248  $local = new ilRadioOption($this->lng->txt('shib_local_role'), 1);
249  $role->addOption($local);
250  $role_search = new ilRoleAutoCompleteInputGUI('', 'role_search', self::class, 'addRoleAutoCompleteObject');
251  $role_search->setSize(40);
252  $local->addSubItem($role_search);
253  $role->setInfo($this->lng->txt('shib_role_name_info'));
254  $this->form->addItem($role);
255  // Update options
256  $update = new ilNonEditableValueGUI($this->lng->txt('shib_update_roles'), 'update_roles');
257  $update->setValue($this->lng->txt('shib_check_role_assignment'));
258  $add = new ilCheckboxInputGUI('', 'add_missing');
259  $add->setOptionTitle($this->lng->txt('shib_add_missing'));
260  $add->setValue(1);
261  $update->addSubItem($add);
262  $remove = new ilCheckboxInputGUI('', 'remove_deprecated');
263  $remove->setOptionTitle($this->lng->txt('shib_remove_deprecated'));
264  $remove->setValue(1);
265  $update->addSubItem($remove);
266  $this->form->addItem($update);
267  // Assignment type
268  $kind = new ilRadioGroupInputGUI($this->lng->txt('shib_assignment_type'), 'kind');
269  $kind->setValue(1);
270  $kind->setRequired(true);
271  $attr = new ilRadioOption($this->lng->txt('shib_attribute'), 1);
272  $attr->setInfo($this->lng->txt('shib_attr_info'));
273  $name = new ilTextInputGUI($this->lng->txt('shib_attribute_name'), 'attr_name');
274  $name->setSize(32);
275  $attr->addSubItem($name);
276  $value = new ilTextInputGUI($this->lng->txt('shib_attribute_value'), 'attr_value');
277  $value->setSize(32);
278  $attr->addSubItem($value);
279  $kind->addOption($attr);
280  $pl_active = $this->component_repository->getPluginSlotById('shibhk')->hasActivePlugins();
281  $pl = new ilRadioOption($this->lng->txt('shib_plugin'), 2);
282  $pl->setInfo($this->lng->txt('shib_plugin_info'));
283  $pl->setDisabled(!$pl_active);
284  $id = new ilNumberInputGUI($this->lng->txt('shib_plugin_id'), 'plugin_id');
285  $id->setDisabled(!$pl_active);
286  $id->setSize(3);
287  $id->setMaxLength(3);
288  $id->setMaxValue(999);
289  $id->setMinValue(1);
290  $pl->addSubItem($id);
291  $kind->addOption($pl);
292  $this->form->addItem($kind);
293  }
294 
295  public function addRoleAutoCompleteObject(): void
296  {
297  ilRoleAutoCompleteInputGUI::echoAutoCompleteList();
298  }
299 
303  protected function addRoleAssignmentRule(): bool
304  {
305  if (!$this->access->checkAccess('write', '', $this->ref_id)) {
306  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('permission_denied'), true);
307  $this->roleAssignment();
308 
309  return false;
310  }
311  $this->initFormRoleAssignment();
312  if (!$this->form->checkInput() || ($err = $this->checkInput())) {
313  if (isset($err)) {
314  $this->tpl->setOnScreenMessage('failure', $this->lng->txt($err));
315  }
316  $this->tabs_gui->activateSubTab('shib_role_assignment');
317  $this->form->setValuesByPost();
318  $this->tpl->addBlockFile(
319  'ADM_CONTENT',
320  'adm_content',
321  'tpl.shib_role_assignment.html',
322  'components/ILIAS/AuthShibboleth'
323  );
324  $this->tpl->setVariable('NEW_RULE_TABLE', $this->form->getHTML());
325  if (($html = $this->parseRulesTable()) !== '') {
326  $this->tpl->setVariable('RULE_TABLE', $html);
327  }
328 
329  return true;
330  }
331  $this->rule->add();
332  $this->tpl->setOnScreenMessage('success', $this->lng->txt('settings_saved'));
333  $this->roleAssignment();
334 
335  return true;
336  }
337 
341  protected function editRoleAssignment(): bool
342  {
343  $this->ctrl->saveParameter($this, self::PARAM_RULE_ID);
344  $this->tabs_gui->activateSubTab('shib_role_assignment');
345  $this->initFormRoleAssignment('update');
346  $this->getRuleValues();
347  $this->tpl->addBlockFile(
348  'ADM_CONTENT',
349  'adm_content',
350  'tpl.shib_role_assignment.html',
351  'components/ILIAS/AuthShibboleth'
352  );
353  $this->tpl->setVariable('NEW_RULE_TABLE', $this->form->getHTML());
354 
355  return true;
356  }
357 
361  protected function updateRoleAssignmentRule(): bool
362  {
363  if (!$this->access->checkAccess('write', '', $this->ref_id)) {
364  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('permission_denied'), true);
365  $this->roleAssignment();
366 
367  return false;
368  }
369  $this->initFormRoleAssignment();
370  $err = false;
371  $role_id = $this->wrapper->query()->retrieve(self::PARAM_RULE_ID, $this->refinery->kindlyTo()->int());
372 
373  if (!$this->form->checkInput() || $err = $this->checkInput($role_id)) {
374  if ($err) {
375  $this->tpl->setOnScreenMessage('failure', $this->lng->txt($err));
376  }
377  $this->tabs_gui->activateSubTab('shib_role_assignment');
378  $this->form->setValuesByPost();
379  $this->tpl->addBlockFile(
380  'ADM_CONTENT',
381  'adm_content',
382  'tpl.shib_role_assignment.html',
383  'components/ILIAS/AuthShibboleth'
384  );
385  $this->tpl->setVariable('NEW_RULE_TABLE', $this->form->getHTML());
386 
387  return true;
388  }
389  $this->rule->update();
390  $this->tpl->setOnScreenMessage('success', $this->lng->txt('settings_saved'));
391  $this->roleAssignment();
392 
393  return true;
394  }
395 
396  private function loadRule(int $a_rule_id = 0): ilShibbolethRoleAssignmentRule
397  {
398  $this->rule = new ilShibbolethRoleAssignmentRule($a_rule_id);
399  if ((int) $this->form->getInput('role_name') === 0) {
400  $this->rule->setRoleId($this->form->getInput('role_id'));
401  } elseif ($this->form->getInput('role_search')) {
402  $parser = new ilQueryParser($this->form->getInput('role_search'));
403  // TODO: Handle minWordLength
404  $parser->setMinWordLength(1);
405  $parser->setCombination(ilQueryParser::QP_COMBINATION_AND);
406  $parser->parse();
407  $object_search = new ilLikeObjectSearch($parser);
408  $object_search->setFilter(array('role'));
409  $res = $object_search->performSearch();
410  $entries = $res->getEntries();
411  if (count($entries) === 1) {
412  $role = current($entries);
413  $this->rule->setRoleId($role['obj_id']);
414  } elseif (count($entries) > 1) {
415  $this->rule->setRoleId(-1);
416  }
417  }
418  $this->rule->setName($this->form->getInput('attr_name'));
419  $this->rule->setValue($this->form->getInput('attr_value'));
420  $this->rule->enableAddOnUpdate($this->form->getInput('add_missing'));
421  $this->rule->enableRemoveOnUpdate($this->form->getInput('remove_deprecated'));
422  $this->rule->enablePlugin((int) $this->form->getInput('kind') === 2);
423  $this->rule->setPluginId($this->form->getInput('plugin_id'));
424 
425  return $this->rule;
426  }
427 
428  private function getRuleValues(): void
429  {
430  $rule_id = $this->wrapper->query()->has(self::PARAM_RULE_ID)
431  ? $this->wrapper->query()->retrieve(self::PARAM_RULE_ID, $this->refinery->kindlyTo()->int())
432  : 0;
433 
434  $rule = new ilShibbolethRoleAssignmentRule($rule_id);
435  $role = $rule->getRoleId();
436  if ($this->rbac->review()->isGlobalRole($role)) {
437  $values['role_name'] = 0;
438  $values['role_id'] = $role;
439  } else {
440  $values['role_name'] = 1;
441  $values['role_search'] = ilObject::_lookupTitle($role);
442  }
443  $values['add_missing'] = (int) $rule->isAddOnUpdateEnabled();
444  $values['remove_deprecated'] = (int) $rule->isRemoveOnUpdateEnabled();
445  $values['attr_name'] = $rule->getName();
446  $values['attr_value'] = $rule->getValue();
447  if (!$rule->isPluginActive()) {
448  $values['kind'] = 1;
449  } else {
450  $values['kind'] = 2;
451  $values['plugin_id'] = $rule->getPluginId();
452  }
453  $this->form->setValuesByArray($values);
454  }
455 
456  private function checkInput($a_rule_id = 0): string
457  {
458  $this->loadRule($a_rule_id);
459 
460  return $this->rule->validate();
461  }
462 
466  private function prepareRoleSelect(): array
467  {
468  $global_roles = ilUtil::_sortIds($this->rbac_review->getGlobalRoles(), 'object_data', 'title', 'obj_id');
469  $select[0] = $this->lng->txt('links_select_one');
470  foreach ($global_roles as $role_id) {
471  $select[$role_id] = ilObject::_lookupTitle($role_id);
472  }
473 
474  return $select;
475  }
476 
480  protected function setSubTabs(): bool
481  {
482  if (!$this->global_settings->get('shib_active', '0')) {
483  return false;
484  }
485  $this->tabs_gui->addSubTabTarget('shib_settings', $this->ctrl->getLinkTarget($this, 'settings'));
486  $this->tabs_gui->addSubTabTarget('shib_role_assignment', $this->ctrl->getLinkTarget($this, 'roleAssignment'));
487 
488  return true;
489  }
490 }
ilRadioOption
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilRadioOption.php:26
$res
$res
Definition: ltiservices.php:69
ilComponentRepository
Readable part of repository interface to ilComponentDataDB.
Definition: class.ilComponentRepository.php:25
ilAuthShibbolethSettingsGUI
Class ilAuthShibbolethSettingsGUI.
Definition: class.ilAuthShibbolethSettingsGUI.php:31
ilSelectInputGUI
This class represents a selection list property in a property form.
Definition: class.ilSelectInputGUI.php:26
ilTabsGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilTabsGUI.php:25
ilRadioOption\setInfo
setInfo(string $a_info)
Definition: class.ilRadioOption.php:54
ilShibbolethSettingsForm
Class ilShibbolethSettingsForm.
Definition: class.ilShibbolethSettingsForm.php:30
ilQueryParser\setMinWordLength
setMinWordLength(int $a_length)
Definition: class.ilQueryParser.php:77
ilRadioGroupInputGUI
This class represents a property in a property form.
Definition: class.ilRadioGroupInputGUI.php:26
ilRoleAutoCompleteInputGUI\echoAutoCompleteList
static echoAutoCompleteList()
Static asynchronous default auto complete function.
Definition: class.ilRoleAutoCompleteInputGUI.php:57
ilObject\_lookupTitle
static _lookupTitle(int $obj_id)
Definition: class.ilObject.php:831
$DIC
global $DIC
Definition: shib_login.php:25
ILIAS\DI\RBACServices
Provides fluid interface to RBAC services.
Definition: RBACServices.php:23
ilFormPropertyGUI\setRequired
setRequired(bool $a_required)
Definition: class.ilFormPropertyGUI.php:155
ilRoleAutoCompleteInputGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilRoleAutoCompleteInputGUI.php:26
ilUtil\_sortIds
static _sortIds(array $a_ids, string $a_table, string $a_field, string $a_id_name)
Function that sorts ids by a given table field using WHERE IN E.g: __sort(array(6,7),&#39;usr_data&#39;,&#39;lastname&#39;,&#39;usr_id&#39;) => sorts by lastname.
Definition: class.ilUtil.php:1213
ILIAS\Repository\form
form( $class_path, string $cmd, string $submit_caption="")
Definition: trait.GlobalDICGUIServices.php:139
RBACServices
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
$id
$id
plugin.php for ilComponentBuildPluginInfoObjectiveTest::testAddPlugins
Definition: plugin.php:24
ilShibbolethSettings
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilShibbolethSettings.php:24