ILIAS  release_5-0 Revision 5.0.0-1144-gc4397b1f870
class.ilLDAPRoleAssignmentRules.php
Go to the documentation of this file.
1<?php
2/*
3 +-----------------------------------------------------------------------------+
4 | ILIAS open source |
5 +-----------------------------------------------------------------------------+
6 | Copyright (c) 1998-2001 ILIAS open source, University of Cologne |
7 | |
8 | This program is free software; you can redistribute it and/or |
9 | modify it under the terms of the GNU General Public License |
10 | as published by the Free Software Foundation; either version 2 |
11 | of the License, or (at your option) any later version. |
12 | |
13 | This program is distributed in the hope that it will be useful, |
14 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16 | GNU General Public License for more details. |
17 | |
18 | You should have received a copy of the GNU General Public License |
19 | along with this program; if not, write to the Free Software |
20 | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21 +-----------------------------------------------------------------------------+
22*/
23
32class ilLDAPRoleAssignmentRules
33{
34 const ROLE_ACTION_ASSIGN = 'Assign';
35 const ROLE_ACTION_DEASSIGN = 'Detach';
36
37 protected static $active_plugins = null;
38 protected static $default_role = null;
39
40
45 public static function getDefaultRole()
46 {
47 if(self::$default_role)
48 {
49 return self::$default_role;
50 }
51
52 include_once './Services/LDAP/classes/class.ilLDAPAttributeMapping.php';
53 include_once './Services/LDAP/classes/class.ilLDAPServer.php';
54
55 return self::$default_role =
56 ilLDAPAttributeMapping::_lookupGlobalRole(ilLDAPServer::_getFirstActiveServer());
57 }
58
63 public static function getAllPossibleRoles()
64 {
65 global $ilDB;
66
67 $query = "SELECT DISTINCT(role_id) FROM ldap_role_assignments ";
68 $res = $ilDB->query($query);
69 while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
70 {
71 $roles[$row->role_id] = $row->role_id;
72 }
73 $gr = self::getDefaultRole();
74 $roles[$gr] = $gr;
75 return $roles ? $roles : array();
76 }
77
82 public static function getAttributeNames()
83 {
84 global $ilDB;
85
86 $query = "SELECT DISTINCT(att_name) ".
87 "FROM ldap_role_assignments ";
88 $res = $ilDB->query($query);
89 while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
90 {
91 $name = strtolower(trim($row->att_name));
92 if($name)
93 {
94 $names[] = $name;
95 }
96 }
97
98 $names = array_merge((array) $names, self::getAdditionalPluginAttributes());
99 return $names ? $names : array();
100 }
101
102
103
104 public static function getAssignmentsForUpdate($a_usr_id,$a_usr_name,$a_usr_data)
105 {
106 global $ilDB,$rbacadmin,$rbacreview,$ilSetting,$ilLog;
107
108 $query = "SELECT rule_id,add_on_update,remove_on_update FROM ldap_role_assignments ".
109 "WHERE add_on_update = 1 OR remove_on_update = 1";
110
111 $res = $ilDB->query($query);
112 $roles = array();
113 while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
114 {
115 include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php';
116 $rule = ilLDAPRoleAssignmentRule::_getInstanceByRuleId($row->rule_id);
117
118 $matches = $rule->matches($a_usr_data);
119 if($matches and $row->add_on_update)
120 {
121 $ilLog->write(__METHOD__.': Assigned to role: '.$a_usr_name.' => '.ilObject::_lookupTitle($rule->getRoleId()));
122 $roles[] = self::parseRole($rule->getRoleId(), self::ROLE_ACTION_ASSIGN);
123
124 }
125 if(!$matches and $row->remove_on_update)
126 {
127 $ilLog->write(__METHOD__.': Deassigned from role: '.$a_usr_name.' => '.ilObject::_lookupTitle($rule->getRoleId()));
128 $roles[] = self::parseRole($rule->getRoleId(), self::ROLE_ACTION_DEASSIGN);
129 }
130 }
131
132 // Check if there is minimum on global role
133 $deassigned_global = 0;
134 foreach($roles as $role_data)
135 {
136 if($role_data['type'] == 'Global' and
137 $role_data['action'] == self::ROLE_ACTION_DEASSIGN)
138 {
139 $deassigned_global++;
140 }
141 }
142 if(count($rbacreview->assignedGlobalRoles($a_usr_id)) == $deassigned_global)
143 {
144 $ilLog->write(__METHOD__.': No global role left. Assigning to default role.');
145 $roles[] = self::parseRole(
146 self::getDefaultRole(),
147 self::ROLE_ACTION_ASSIGN
148 );
149 }
150
151 return $roles ? $roles : array();
152
153 }
154
155
165 public static function getAssignmentsForCreation($a_usr_name,$a_usr_data)
166 {
167 global $ilDB,$ilLog;
168
169 $query = "SELECT rule_id FROM ldap_role_assignments ";
170 $res = $ilDB->query($query);
171
172 $num_matches = 0;
173 $roles = array();
174 while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
175 {
176 include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php';
177 $rule = ilLDAPRoleAssignmentRule::_getInstanceByRuleId($row->rule_id);
178
179 if($rule->matches($a_usr_data))
180 {
181 $num_matches++;
182 $ilLog->write(__METHOD__.': Assigned to role: '.$a_usr_name.' => '.ilObject::_lookupTitle($rule->getRoleId()));
183 $roles[] = self::parseRole($rule->getRoleId(),self::ROLE_ACTION_ASSIGN);
184 }
185 }
186
187 // DONE: check for global role
188 $found_global = false;
189 foreach($roles as $role_data)
190 {
191 if($role_data['type'] == 'Global')
192 {
193 $found_global = true;
194 break;
195 }
196 }
197 if(!$found_global)
198 {
199 $ilLog->write(__METHOD__.': No matching rule found. Assigning to default role.');
200 $roles[] = self::parseRole(
201 self::getDefaultRole(),
202 self::ROLE_ACTION_ASSIGN
203 );
204 }
205
206 return $roles ? $roles : array();
207 }
208
216 public static function callPlugin($a_plugin_id,$a_user_data)
217 {
218 global $ilPluginAdmin;
219
220 if(self::$active_plugins == null)
221 {
222 self::$active_plugins = $ilPluginAdmin->getActivePluginsForSlot(IL_COMP_SERVICE,
223 'LDAP',
224 'ldaphk');
225 }
226
227 $assigned = false;
228 foreach(self::$active_plugins as $plugin_name)
229 {
230 $ok = false;
231 $plugin_obj = $ilPluginAdmin->getPluginObject(IL_COMP_SERVICE,
232 'LDAP',
233 'ldaphk',
234 $plugin_name);
235
236 if($plugin_obj instanceof ilLDAPRoleAssignmentPlugin)
237 {
238 $ok = $plugin_obj->checkRoleAssignment($a_plugin_id,$a_user_data);
239 }
240
241 if($ok)
242 {
243 $assigned = true;
244 }
245 }
246 return $assigned;
247 }
248
253 protected static function getAdditionalPluginAttributes()
254 {
255 global $ilPluginAdmin;
256
257 if(self::$active_plugins == null)
258 {
259 self::$active_plugins = $ilPluginAdmin->getActivePluginsForSlot(IL_COMP_SERVICE,
260 'LDAP',
261 'ldaphk');
262 }
263
264 $attributes = array();
265 foreach(self::$active_plugins as $plugin_name)
266 {
267 $ok = false;
268 $plugin_obj = $ilPluginAdmin->getPluginObject(IL_COMP_SERVICE,
269 'LDAP',
270 'ldaphk',
271 $plugin_name);
272
273 if($plugin_obj instanceof ilLDAPRoleAssignmentPlugin)
274 {
275 $attributes = array_merge($attributes,$plugin_obj->getAdditionalAttributeNames());
276 }
277 }
278 return $attributes ? $attributes : array();
279 }
280
281
288 protected static function parseRole($a_role_id,$a_action)
289 {
290 global $rbacreview;
291
292 return array(
293 'id' => $a_role_id,
294 'type' => $rbacreview->isGlobalRole($a_role_id) ? 'Global' : 'Local',
295 'action' => $a_action
296 );
297 }
298
299}
IL_COMP_SERVICE
const IL_COMP_SERVICE
Definition: class.ilComponent.php:6
DB_FETCHMODE_OBJECT
const DB_FETCHMODE_OBJECT
Definition: class.ilDB.php:11
ilLDAPAttributeMapping\_lookupGlobalRole
static _lookupGlobalRole($a_server_id)
Lookup global role assignment.
Definition: class.ilLDAPAttributeMapping.php:98
ilLDAPRoleAssignmentRule\_getInstanceByRuleId
static _getInstanceByRuleId($a_rule_id)
get instance by rule id
Definition: class.ilLDAPRoleAssignmentRule.php:72
ilLDAPRoleAssignmentRules
@classDescription Do role assignemnts
Definition: class.ilLDAPRoleAssignmentRules.php:33
ilLDAPRoleAssignmentRules\getAttributeNames
static getAttributeNames()
get all possible attribute names
Definition: class.ilLDAPRoleAssignmentRules.php:82
ilLDAPRoleAssignmentRules\getAdditionalPluginAttributes
static getAdditionalPluginAttributes()
Fetch additional attributes from plugin.
Definition: class.ilLDAPRoleAssignmentRules.php:253
ilLDAPRoleAssignmentRules\getDefaultRole
static getDefaultRole()
Get default global role.
Definition: class.ilLDAPRoleAssignmentRules.php:45
ilLDAPRoleAssignmentRules\getAssignmentsForCreation
static getAssignmentsForCreation($a_usr_name, $a_usr_data)
Definition: class.ilLDAPRoleAssignmentRules.php:165
ilLDAPRoleAssignmentRules\parseRole
static parseRole($a_role_id, $a_action)
Parse role.
Definition: class.ilLDAPRoleAssignmentRules.php:288
ilLDAPRoleAssignmentRules\callPlugin
static callPlugin($a_plugin_id, $a_user_data)
Call plugin check if the condition matches.
Definition: class.ilLDAPRoleAssignmentRules.php:216
ilLDAPRoleAssignmentRules\getAssignmentsForUpdate
static getAssignmentsForUpdate($a_usr_id, $a_usr_name, $a_usr_data)
Definition: class.ilLDAPRoleAssignmentRules.php:104
ilLDAPRoleAssignmentRules\getAllPossibleRoles
static getAllPossibleRoles()
Get all assignable roles (used for import parser)
Definition: class.ilLDAPRoleAssignmentRules.php:63
ilLDAPServer\_getFirstActiveServer
static _getFirstActiveServer()
Get first active server.
Definition: class.ilLDAPServer.php:180
ilObject\_lookupTitle
static _lookupTitle($a_id)
lookup object title
Definition: class.ilObject.php:931
$ilLog
$ilLog
Definition: inc.setup_header.php:132
ilLDAPRoleAssignmentPlugin
Interface for ldap role assignment plugins.
Definition: interface.ilLDAPRoleAssignmentPlugin.php:33
$ilSetting
global $ilSetting
Definition: privfeed.php:40
$ilDB
global $ilDB
Definition: storeScorm2004.php:19