ILIAS  release_5-0 Revision 5.0.0-1144-gc4397b1f870
Static Public Member Functions | Data Fields | Static Protected Member Functions | Static Protected Attributes
ilLDAPRoleAssignmentRules Class Reference
Services/LDAP

@classDescription Do role assignemnts More...

+ Collaboration diagram for ilLDAPRoleAssignmentRules:

Static Public Member Functions

static getDefaultRole ()
 Get default global role. More...
 
static getAllPossibleRoles ()
 Get all assignable roles (used for import parser) More...
 
static getAttributeNames ()
 get all possible attribute names More...
 
static getAssignmentsForUpdate ($a_usr_id, $a_usr_name, $a_usr_data)
 
static getAssignmentsForCreation ($a_usr_name, $a_usr_data)
 
static callPlugin ($a_plugin_id, $a_user_data)
 Call plugin check if the condition matches. More...
 

Data Fields

const ROLE_ACTION_ASSIGN = 'Assign'
 
const ROLE_ACTION_DEASSIGN = 'Detach'
 

Static Protected Member Functions

static getAdditionalPluginAttributes ()
 Fetch additional attributes from plugin. More...
 
static parseRole ($a_role_id, $a_action)
 Parse role. More...
 

Static Protected Attributes

static $active_plugins = null
 
static $default_role = null
 

Detailed Description

@classDescription Do role assignemnts

Author
Stefan Meyer meyer.nosp@m.@lei.nosp@m.fos.c.nosp@m.om
Version
$Id$

Definition at line 32 of file class.ilLDAPRoleAssignmentRules.php.

Member Function Documentation

◆ callPlugin()

static ilLDAPRoleAssignmentRules::callPlugin (   $a_plugin_id,
  $a_user_data 
)
static

Call plugin check if the condition matches.

Returns
bool
Parameters
object$a_plugin_id
object$a_user_data

Definition at line 216 of file class.ilLDAPRoleAssignmentRules.php.

217 {
218 global $ilPluginAdmin;
219
220 if(self::$active_plugins == null)
221 {
222 self::$active_plugins = $ilPluginAdmin->getActivePluginsForSlot(IL_COMP_SERVICE,
223 'LDAP',
224 'ldaphk');
225 }
226
227 $assigned = false;
228 foreach(self::$active_plugins as $plugin_name)
229 {
230 $ok = false;
231 $plugin_obj = $ilPluginAdmin->getPluginObject(IL_COMP_SERVICE,
232 'LDAP',
233 'ldaphk',
234 $plugin_name);
235
236 if($plugin_obj instanceof ilLDAPRoleAssignmentPlugin)
237 {
238 $ok = $plugin_obj->checkRoleAssignment($a_plugin_id,$a_user_data);
239 }
240
241 if($ok)
242 {
243 $assigned = true;
244 }
245 }
246 return $assigned;
247 }
IL_COMP_SERVICE
const IL_COMP_SERVICE
Definition: class.ilComponent.php:6
ilLDAPRoleAssignmentPlugin
Interface for ldap role assignment plugins.
Definition: interface.ilLDAPRoleAssignmentPlugin.php:33

References $ok, and IL_COMP_SERVICE.

Referenced by ilLDAPRoleAssignmentRule\matches().

+ Here is the caller graph for this function:

◆ getAdditionalPluginAttributes()

static ilLDAPRoleAssignmentRules::getAdditionalPluginAttributes ( )
staticprotected

Fetch additional attributes from plugin.

Returns

Definition at line 253 of file class.ilLDAPRoleAssignmentRules.php.

254 {
255 global $ilPluginAdmin;
256
257 if(self::$active_plugins == null)
258 {
259 self::$active_plugins = $ilPluginAdmin->getActivePluginsForSlot(IL_COMP_SERVICE,
260 'LDAP',
261 'ldaphk');
262 }
263
264 $attributes = array();
265 foreach(self::$active_plugins as $plugin_name)
266 {
267 $ok = false;
268 $plugin_obj = $ilPluginAdmin->getPluginObject(IL_COMP_SERVICE,
269 'LDAP',
270 'ldaphk',
271 $plugin_name);
272
273 if($plugin_obj instanceof ilLDAPRoleAssignmentPlugin)
274 {
275 $attributes = array_merge($attributes,$plugin_obj->getAdditionalAttributeNames());
276 }
277 }
278 return $attributes ? $attributes : array();
279 }

References $ok, and IL_COMP_SERVICE.

◆ getAllPossibleRoles()

static ilLDAPRoleAssignmentRules::getAllPossibleRoles ( )
static

Get all assignable roles (used for import parser)

Returns
array roles

Definition at line 63 of file class.ilLDAPRoleAssignmentRules.php.

64 {
65 global $ilDB;
66
67 $query = "SELECT DISTINCT(role_id) FROM ldap_role_assignments ";
68 $res = $ilDB->query($query);
69 while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
70 {
71 $roles[$row->role_id] = $row->role_id;
72 }
73 $gr = self::getDefaultRole();
74 $roles[$gr] = $gr;
75 return $roles ? $roles : array();
76 }
DB_FETCHMODE_OBJECT
const DB_FETCHMODE_OBJECT
Definition: class.ilDB.php:11
ilLDAPRoleAssignmentRules\getDefaultRole
static getDefaultRole()
Get default global role.
Definition: class.ilLDAPRoleAssignmentRules.php:45
$ilDB
global $ilDB
Definition: storeScorm2004.php:19

References $ilDB, $query, $res, $row, DB_FETCHMODE_OBJECT, and getDefaultRole().

Referenced by ilLDAPAttributeToUser\refresh().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getAssignmentsForCreation()

static ilLDAPRoleAssignmentRules::getAssignmentsForCreation (   $a_usr_name,
  $a_usr_data 
)
static
Returns
array role data
Parameters
object$a_usr_id
object$a_usr_data

@access public

Definition at line 165 of file class.ilLDAPRoleAssignmentRules.php.

166 {
167 global $ilDB,$ilLog;
168
169 $query = "SELECT rule_id FROM ldap_role_assignments ";
170 $res = $ilDB->query($query);
171
172 $num_matches = 0;
173 $roles = array();
174 while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
175 {
176 include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php';
177 $rule = ilLDAPRoleAssignmentRule::_getInstanceByRuleId($row->rule_id);
178
179 if($rule->matches($a_usr_data))
180 {
181 $num_matches++;
182 $ilLog->write(__METHOD__.': Assigned to role: '.$a_usr_name.' => '.ilObject::_lookupTitle($rule->getRoleId()));
183 $roles[] = self::parseRole($rule->getRoleId(),self::ROLE_ACTION_ASSIGN);
184 }
185 }
186
187 // DONE: check for global role
188 $found_global = false;
189 foreach($roles as $role_data)
190 {
191 if($role_data['type'] == 'Global')
192 {
193 $found_global = true;
194 break;
195 }
196 }
197 if(!$found_global)
198 {
199 $ilLog->write(__METHOD__.': No matching rule found. Assigning to default role.');
200 $roles[] = self::parseRole(
201 self::getDefaultRole(),
202 self::ROLE_ACTION_ASSIGN
203 );
204 }
205
206 return $roles ? $roles : array();
207 }
ilLDAPRoleAssignmentRule\_getInstanceByRuleId
static _getInstanceByRuleId($a_rule_id)
get instance by rule id
Definition: class.ilLDAPRoleAssignmentRule.php:72
ilLDAPRoleAssignmentRules\parseRole
static parseRole($a_role_id, $a_action)
Parse role.
Definition: class.ilLDAPRoleAssignmentRules.php:288
ilObject\_lookupTitle
static _lookupTitle($a_id)
lookup object title
Definition: class.ilObject.php:931
$ilLog
$ilLog
Definition: inc.setup_header.php:132

References $ilDB, $ilLog, $query, $res, $row, ilLDAPRoleAssignmentRule\_getInstanceByRuleId(), ilObject\_lookupTitle(), DB_FETCHMODE_OBJECT, and parseRole().

Referenced by ilLDAPUserSynchronisation\handleAccountMigration(), and ilLDAPAttributeToUser\usersToXML().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getAssignmentsForUpdate()

static ilLDAPRoleAssignmentRules::getAssignmentsForUpdate (   $a_usr_id,
  $a_usr_name,
  $a_usr_data 
)
static

Definition at line 104 of file class.ilLDAPRoleAssignmentRules.php.

105 {
106 global $ilDB,$rbacadmin,$rbacreview,$ilSetting,$ilLog;
107
108 $query = "SELECT rule_id,add_on_update,remove_on_update FROM ldap_role_assignments ".
109 "WHERE add_on_update = 1 OR remove_on_update = 1";
110
111 $res = $ilDB->query($query);
112 $roles = array();
113 while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
114 {
115 include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php';
116 $rule = ilLDAPRoleAssignmentRule::_getInstanceByRuleId($row->rule_id);
117
118 $matches = $rule->matches($a_usr_data);
119 if($matches and $row->add_on_update)
120 {
121 $ilLog->write(__METHOD__.': Assigned to role: '.$a_usr_name.' => '.ilObject::_lookupTitle($rule->getRoleId()));
122 $roles[] = self::parseRole($rule->getRoleId(), self::ROLE_ACTION_ASSIGN);
123
124 }
125 if(!$matches and $row->remove_on_update)
126 {
127 $ilLog->write(__METHOD__.': Deassigned from role: '.$a_usr_name.' => '.ilObject::_lookupTitle($rule->getRoleId()));
128 $roles[] = self::parseRole($rule->getRoleId(), self::ROLE_ACTION_DEASSIGN);
129 }
130 }
131
132 // Check if there is minimum on global role
133 $deassigned_global = 0;
134 foreach($roles as $role_data)
135 {
136 if($role_data['type'] == 'Global' and
137 $role_data['action'] == self::ROLE_ACTION_DEASSIGN)
138 {
139 $deassigned_global++;
140 }
141 }
142 if(count($rbacreview->assignedGlobalRoles($a_usr_id)) == $deassigned_global)
143 {
144 $ilLog->write(__METHOD__.': No global role left. Assigning to default role.');
145 $roles[] = self::parseRole(
146 self::getDefaultRole(),
147 self::ROLE_ACTION_ASSIGN
148 );
149 }
150
151 return $roles ? $roles : array();
152
153 }
$ilSetting
global $ilSetting
Definition: privfeed.php:40

References $ilDB, $ilLog, $ilSetting, $query, $res, $row, ilLDAPRoleAssignmentRule\_getInstanceByRuleId(), ilObject\_lookupTitle(), DB_FETCHMODE_OBJECT, and parseRole().

Referenced by ilLDAPAttributeToUser\usersToXML().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getAttributeNames()

static ilLDAPRoleAssignmentRules::getAttributeNames ( )
static

get all possible attribute names

Returns

Definition at line 82 of file class.ilLDAPRoleAssignmentRules.php.

83 {
84 global $ilDB;
85
86 $query = "SELECT DISTINCT(att_name) ".
87 "FROM ldap_role_assignments ";
88 $res = $ilDB->query($query);
89 while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
90 {
91 $name = strtolower(trim($row->att_name));
92 if($name)
93 {
94 $names[] = $name;
95 }
96 }
97
98 $names = array_merge((array) $names, self::getAdditionalPluginAttributes());
99 return $names ? $names : array();
100 }

References $ilDB, $query, $res, $row, and DB_FETCHMODE_OBJECT.

Referenced by ilLDAPQuery\fetchUserProfileFields(), and ilLDAPServer\getPearAtributeArray().

+ Here is the caller graph for this function:

◆ getDefaultRole()

static ilLDAPRoleAssignmentRules::getDefaultRole ( )
static

Get default global role.

Returns

Definition at line 45 of file class.ilLDAPRoleAssignmentRules.php.

46 {
47 if(self::$default_role)
48 {
49 return self::$default_role;
50 }
51
52 include_once './Services/LDAP/classes/class.ilLDAPAttributeMapping.php';
53 include_once './Services/LDAP/classes/class.ilLDAPServer.php';
54
55 return self::$default_role =
56 ilLDAPAttributeMapping::_lookupGlobalRole(ilLDAPServer::_getFirstActiveServer());
57 }
ilLDAPAttributeMapping\_lookupGlobalRole
static _lookupGlobalRole($a_server_id)
Lookup global role assignment.
Definition: class.ilLDAPAttributeMapping.php:98
ilLDAPServer\_getFirstActiveServer
static _getFirstActiveServer()
Get first active server.
Definition: class.ilLDAPServer.php:180

References $default_role, ilLDAPServer\_getFirstActiveServer(), and ilLDAPAttributeMapping\_lookupGlobalRole().

Referenced by getAllPossibleRoles().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ parseRole()

static ilLDAPRoleAssignmentRules::parseRole (   $a_role_id,
  $a_action 
)
staticprotected

Parse role.

Returns
Parameters
int$a_role_id
string$a_action

Definition at line 288 of file class.ilLDAPRoleAssignmentRules.php.

289 {
290 global $rbacreview;
291
292 return array(
293 'id' => $a_role_id,
294 'type' => $rbacreview->isGlobalRole($a_role_id) ? 'Global' : 'Local',
295 'action' => $a_action
296 );
297 }

Referenced by getAssignmentsForCreation(), and getAssignmentsForUpdate().

+ Here is the caller graph for this function:

Field Documentation

◆ $active_plugins

ilLDAPRoleAssignmentRules::$active_plugins = null
staticprotected

Definition at line 37 of file class.ilLDAPRoleAssignmentRules.php.

◆ $default_role

ilLDAPRoleAssignmentRules::$default_role = null
staticprotected

Definition at line 38 of file class.ilLDAPRoleAssignmentRules.php.

Referenced by getDefaultRole().

◆ ROLE_ACTION_ASSIGN

const ilLDAPRoleAssignmentRules::ROLE_ACTION_ASSIGN = 'Assign'

Definition at line 34 of file class.ilLDAPRoleAssignmentRules.php.

Referenced by ilLDAPUserSynchronisation\handleAccountMigration().

◆ ROLE_ACTION_DEASSIGN

const ilLDAPRoleAssignmentRules::ROLE_ACTION_DEASSIGN = 'Detach'

Definition at line 35 of file class.ilLDAPRoleAssignmentRules.php.

The documentation for this class was generated from the following file: