ILIAS  release_10 Revision v10.1-43-ga1241a92c2f
class.ilShibbolethRoleAssignmentRules.php
Go to the documentation of this file.
1 <?php
2 /******************************************************************************
3  *
4  * This file is part of ILIAS, a powerful learning management system.
5  *
6  * ILIAS is licensed with the GPL-3.0, you should have received a copy
7  * of said license along with the source code.
8  *
9  * If this is not the case or you just want to try ILIAS, you'll find
10  * us at:
11  * https://www.ilias.de
12  * https://github.com/ILIAS-eLearning
13  *
14  *****************************************************************************/
25 class ilShibbolethRoleAssignmentRules
26 {
30  public static function getAllRules(): array
31  {
32  global $DIC;
33  $db = $DIC->database();
34  $rules = array();
38  $query = "SELECT rule_id FROM shib_role_assignment ORDER BY rule_id";
39  $res = $db->query($query);
40  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
41  $rules[$row->rule_id] = new ilShibbolethRoleAssignmentRule($row->rule_id);
42  }
43 
44  return $rules;
45  }
46 
47  public static function getCountRules(): int
48  {
49  global $DIC;
50  $db = $DIC->database();
51  $query = "SELECT COUNT(*) num FROM shib_role_assignment ";
52  $res = $db->query($query);
53  $row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT);
54  return (int) ($row->num ?? 0);
55  }
56 
57  public static function updateAssignments(int $a_usr_id, array $a_data): bool
58  {
59  global $DIC;
60  $db = $DIC->database();
61  $rbac_admin = $DIC->rbac()->admin();
62  $rbac_review = $DIC->rbac()->review();
63  $logger = $DIC->logger()->root();
64  $query = "SELECT rule_id,add_on_update,remove_on_update FROM shib_role_assignment " . "WHERE add_on_update = 1 OR remove_on_update = 1";
65  $res = $db->query($query);
66  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
67  $rule = new ilShibbolethRoleAssignmentRule($row->rule_id);
68  // $matches = $rule->matches($a_data);
69  if ($row->add_on_update && $rule->doesMatch($a_data)) {
70  $logger->write(__METHOD__ . ': Assigned to role ' . ilObject::_lookupTitle($rule->getRoleId()));
71  $rbac_admin->assignUser($rule->getRoleId(), $a_usr_id);
72  }
73  if ($row->remove_on_update && !$rule->doesMatch($a_data)) {
74  $logger->write(__METHOD__ . ': Deassigned from role ' . ilObject::_lookupTitle($rule->getRoleId()));
75  $rbac_admin->deassignUser($rule->getRoleId(), $a_usr_id);
76  }
77  }
78  // check if is assigned to minimum one global role
79  if (!array_intersect($rbac_review->assignedRoles($a_usr_id), $rbac_review->getGlobalRoles())) {
80  $settings = new ilShibbolethSettings();
81  $default_role = $settings->getDefaultRole();
82  $logger->write(__METHOD__ . ': Assigned to default role ' . ilObject::_lookupTitle($default_role));
83  $rbac_admin->assignUser($default_role, $a_usr_id);
84  }
85 
86  return true;
87  }
88 
89  public static function doAssignments(int $a_usr_id, array $a_data): bool
90  {
91  global $DIC;
92  $db = $DIC->database();
93  $rbac_admin = $DIC->rbac()->admin();
94  $logger = $DIC->logger()->root();
95  $query = "SELECT rule_id,add_on_update FROM shib_role_assignment WHERE add_on_update = 1";
96  $num_matches = 0;
97  $res = $db->query($query);
98  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
99  $rule = new ilShibbolethRoleAssignmentRule($row->rule_id);
100  if ($rule->doesMatch($a_data)) {
101  $num_matches++;
102  $logger->write(__METHOD__ . ': Assigned to role ' . ilObject::_lookupTitle($rule->getRoleId()));
103  $rbac_admin->assignUser($rule->getRoleId(), $a_usr_id);
104  }
105  }
106  // Assign to default if no matching found
107  if ($num_matches === 0) {
108  $settings = new ilShibbolethSettings();
109  $default_role = $settings->getDefaultRole();
110  $logger->write(__METHOD__ . ': Assigned to default role ' . ilObject::_lookupTitle($default_role));
111  $rbac_admin->assignUser($default_role, $a_usr_id);
112  }
113 
114  return true;
115  }
116 
117  public static function callPlugin(string $a_plugin_id, array $a_user_data): bool
118  {
119  global $DIC;
120  foreach ($DIC['component.factory']->getActivePluginsInSlot('shibhk') as $plugin) {
121  if ($plugin->checkRoleAssignment($a_plugin_id, $a_user_data)) {
122  return true;
123  }
124  }
125  return false;
126  }
127 }
$res
$res
Definition: ltiservices.php:69
ilShibbolethRoleAssignmentRules\doAssignments
static doAssignments(int $a_usr_id, array $a_data)
Definition: class.ilShibbolethRoleAssignmentRules.php:89
ilShibbolethRoleAssignmentRules\callPlugin
static callPlugin(string $a_plugin_id, array $a_user_data)
Definition: class.ilShibbolethRoleAssignmentRules.php:117
ilObject\_lookupTitle
static _lookupTitle(int $obj_id)
Definition: class.ilObject.php:831
$DIC
global $DIC
Definition: shib_login.php:25
ilShibbolethRoleAssignmentRules\updateAssignments
static updateAssignments(int $a_usr_id, array $a_data)
Definition: class.ilShibbolethRoleAssignmentRules.php:57
ilShibbolethSettings
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilShibbolethSettings.php:24